TOR Setup#
The Onion Routing Network, see also http://www.torproject.org
Installation / configuration#
First install the tor
software on the scharnhorst host (FC5).
I first tried my CentOS 4.5 host, but I could not get the software installed, could not find proper rpms, could not find rpms to install yum either.
Port forwarding 9001#
The ORPort has been configured on 9001, this port configured in my routermodem, so that this port is forwarde to scharnhorst (10.0.0.102)
Edit /etc/tor/torrc#
The following options were uncommented or changed from default:
ORPort 9001 ContactInfo harry.metske@gmail.com Nickname TorComputerhok Address scharnhorst.computerhok.nl RunAsDaemon 1 Log info file /var/log/tor/debug.log SocksPort 9050
IP address changed ?!#
Now I have had IP address 88.211.133.30 for about 3 years now, and it has changed since last night, I now have 195.241.35.97 .
This has nothing to do with me setting up a tor node, but probably due to the merge of my provider speedlinq with Telfort, the FAQ page tells me that addresse will be changed (with prior otice, but that didn't happen) anyway I changed my CNAME record of www.computerhok.nl, and also torrc:Address to 195.241.35.97.
Verifying your node#
When you tor decides that it's reachable, it will upload a "server descriptor" to the directories. This will let clients know what address, ports, keys, etc your relay is using.
Check it here
Install Vidalia#
Install of the Vidalia GUI
Open up System->Preferences->Software Sources and enter these repositories into 3rd Party Repositories:
deb http://ppa.launchpad.net/adnarim/ubuntu gutsy main deb-src http://ppa.launchpad.net/adnarim/ubuntu gutsy main
Then: sudo apt-get install vidalia
The vialia software cannot show me the stats of a tor node running on another server, so I uninstalled it again.
Statistics#
I found torstatus.cyberphunk.org , it shows quite a lot of information, it also tells you if you are using tor yourself.
It gives an exensive lists of tor nodes with a lot attributes like
- hostname
- ORPort
- DIRPort
- uptime
- tor version and os
- bandwith info
There you can also zoom in to your own tor node
How does it run#
I first had to dramatically increase the UBC's for the VPS, expecially the tcprcvbuf tcpsndbuff .
I also lowered the ConnLimit to 250.
Now also Google starts to nag me with Captcha's, telling me that I have spyware or bot coming from my IP adres, I had that the first day, the second day not anymore. (Was this because of TOR or because of the IP adres change ?)
Control protocol#
Tor has it's own control protocol. If you specified the ControlListenAddress or ControlPort option, it starts to listen on this port. You can the (very basic duh) open a telnet connection to this port and talk the control protocol
A few examples:
metskem@bismarck:~/downloads$ telnet scharnhorst 9051 Trying 10.0.0.102... Connected to scharnhorst. Escape character is '^]'. authenticate 250 OK getconf ControlPort 250 ControlPort=9051 getinfo config/names 250+config/names= AccountingMax DataSize AccountingMaxKB Integer AccountingStart String Address String The advertised (external) address we should use. __AllDirActionsPrivate Boolean AllowInvalidNodes CommaList AssumeReachable Boolean AuthDirInvalid LineList AuthDirReject LineList AuthDirRejectUnlisted Boolean AuthoritativeDirectory Boolean BandwidthBurst DataSize BandwidthRate DataSize CircuitBuildTimeout TimeInterval CircuitIdleTimeout TimeInterval ClientOnly Boolean ConnLimit Integer ContactInfo String ControlListenAddress LineList ControlPort Integer CookieAuthentication Boolean DataDirectory String DebugLogFile String DirAllowPrivateAddresses Boolean DirListenAddress LineList DirFetchPeriod TimeInterval DirPolicy LineList DirPort Integer DirServer LineList EntryNodes String ExcludeNodes String ExitNodes String ExitPolicy LineList ExitPolicyRejectPrivate Boolean FascistFirewall Boolean FirewallPorts CommaList FastFirstHopPK Boolean FetchServerDescriptors Boolean FetchHidServDescriptors Boolean FetchUselessDescriptors Boolean Group String HardwareAccel Boolean HashedControlPassword String HiddenServiceDir Dependant HiddenServiceExcludeNodes Dependant HiddenServiceNodes Dependant HiddenServiceOptions Virtual HiddenServicePort Dependant HttpProxy String HttpProxyAuthenticator String HttpsProxy String HttpsProxyAuthenticator String KeepalivePeriod TimeInterval Log LineList LogFile Dependant LogLevel Dependant LongLivedPorts CommaList MapAddress LineList MaxAdvertisedBandwidth DataSize MaxCircuitDirtiness TimeInterval MaxOnionsPending Integer MyFamily String NewCircuitPeriod TimeInterval NamingAuthoritativeDirectory Boolean Nickname String NoPublish Boolean NodeFamily LineList NumCpus Integer NumEntryGuards Integer ORListenAddress LineList ORPort Integer OutboundBindAddress String PathlenCoinWeight Float PidFile String ProtocolWarnings Boolean PublishServerDescriptor Boolean PublishHidServDescriptors Boolean ReachableAddresses LineList ReachableDirAddresses LineList ReachableORAddresses LineList RecommendedVersions LineList RecommendedClientVersions LineList RecommendedServerVersions LineList RedirectExit LineList RendExcludeNodes String RendNodes String RendPostPeriod TimeInterval RephistTrackTime TimeInterval RunAsDaemon Boolean RunTesting Boolean SafeLogging Boolean SafeSocks Boolean ShutdownWaitLength TimeInterval SocksListenAddress LineList SocksPolicy LineList SocksPort Integer SocksTimeout TimeInterval StatusFetchPeriod TimeInterval StrictEntryNodes Boolean StrictExitNodes Boolean SysLog Dependant TestSocks Boolean TestVia String TrackHostExits CommaList TrackHostExitsExpire TimeInterval UseEntryGuards Boolean User String V1AuthoritativeDirectory Boolean VersioningAuthoritativeDirectory Boolean VirtualAddrNetwork String __LeaveStreamsUnattached Boolean . 250 OK quit 250 closing connection Connection closed by foreign host. metskem@bismarck:~/downloads$
Status#
I stopped the tor agent for two reasons:
- the version of the tor agent on my system is too old, I get the following in the tor log:
routers_update_all_from_networkstatus(): Please upgrade! This version of Tor (0.1.1.26) is obsolete, according to 3/3 network statuses. Versions recommended by at least 1 authority are: 0.1.2.19, 0.2.0.11-alpha, 0.2.0.12-alpha, 0.2.0.15-alpha, 0.2.0.18-alpha, 0.2.0.19-alpha, 0.2.0.22-rcUpgrading was not really an option, it had too many dependencies, I would have to upgrade the whole OS.
- I constantly get prompted with Captchas when searching Google