Topic: Tor fallback nodes (Read 3792 times)

hooray! : )


there was this issue with Tor that as soon as you run a stable node, it gets high traffic as the network routes more and more through that node. probably folks gave up turning theirs off and on again. either you shape available bandwidth or tune tor to only consume a fair share of resources and then it might be sustainable. I hope I'm wrong and running tor is not an issue anymore

I got another hidden service up and running.

You can see a list of them on the wiki, although it appears that my 2 are the only ones online

https://en.bitcoin.it/wiki/Fallback_Nodes#Tor_nodes

Great.  I'll be sure to test 0.6 with a proxy set and a tor hidden service sometime soon.

Disclaimer:  I'm a Tor newbie and networking stuff isn't my strong suit, you probably know more about it than I do.

But: I fixed a Tor-related bug for version 0.6 a few days ago.  In particular, I moved all of the "turn this on or turn this off if running over Tor" to one spot (in the init.cpp file) and reworked the code so that you can override all of those decisions via command-line or bitcoin.conf switches (e.g. specify -nolisten=0 to set nolisten to false so you DO listen even if running a port 9050 proxy).

I've added all of the tor fallback nodes to my torrc with mapaddress and I only connect to 1.  I'm pretty sure that my hidden service is the only one still online.

I removed them from the other page, added a link and expanded the explanation of how to properly connect to the hidden services.

I still think that if I set my server running the tor hidden service to also proxy it's connections through tor, then it will reject incoming connections and not work properly.

Ah, that's where I thought you would have seen the list of hidden services. They shouldn't be listed elsewhere, since they're useless without the instructions.

I just added this to my torrc and made my bitcoin.conf match

I'll let you know if it works.  Why does bitcoin not support using a remote DNS? I would think it should considering it has proxy support.

Oh wow.  I finally found this page https://en.bitcoin.it/wiki/Fallback_Nodes#Tor_network

Would sure be nice if https://en.bitcoin.it/wiki/Tor mentioned it...


EDIT: That did it theymos! Thanks!

I'll add something to the wiki to make this more clear for people

Are you using mapaddress?

When Bitcoin uses Tor as a proxy, nolisten is automatically applied.  More specifically, when a proxy on 9050 is detected, nolisten is automatically applied.  I think this is dumb since tor might be on a different port, but thats for another topic.  Your patch changes this.  However, I have NOT set "proxy" on the server running the hidden service.

All I did was setup a hidden service that points to 8333.  Bitcoin on this server is currently completely unaware of tor being used.  However I still cannot get a connection to any of the listed tor hidden services.  That's why I think there is something more going on.

I ran a second bitcoind on my tor server (where the primary bitcoind is public) with nolisten and connect=127.0.0.1 (which is similar to how a connection coming to the hidden service would look), and it was able to connect.

I also ran a second bitcoind on my client (where the primary bitcoind proxies via tor) that has "nolisten" and "connect=127.0.0.1."  It was unable to connect which makes me believe that when "nolisten" is set, even connections from localhost fail.

I think that there might be a problem with bitcoin trying to resolve the onion names via dns or something instead of passing them to the proxy like it should, but I'm not sure and my C is really rusty so auditing the code will take me a while.

Once I get this working properly, I may add "proxy" back to the config.  For now, I don't mind broadcasting that I am running a node on my IP and I also like having better connectivity to the network.

Mila, do you have any connections? I'm wondering if I just need to be more patient since tor can take a while to resolve. I still think something else in the bitcoin client needs to be modified though.

When Bitcoin uses Tor, nolisten is automatically applied, and you can't override it.

I'm pretty sure connections from localhost are allowed.

thanks, that's what I aim to do. setup one of my clients to work only through tor network. limiting connections to those with .onion addresses only and see how it works.

I'll build it with these changes soon.  I need to download some dependencies first.  I'm still not convinced this will work though as I noted in my previous posts' edit.

Whoops, you need a semicolon before that comment.

<3

EDIT: Actually, I'm not sure that's enough to fix it.  Right now my server does not have "proxy", "connect", or "nolisten" in it's config.  When connecting to the IP directly from another node, the connection works.  When I try to use the hidden service from my remote node (which should appear to the server as a connection from localhost), my node fails to connect. Your code changes don't seem to do anything for that failure.

It changed within the last month or two, I think.

You'd need to make these changes to fix it:

net.cpp

init.cpp

That's too bad.  A hidden service that doesn't accept connections isn't much of a service.

How do you know this? What changed in recent versions? What code needs to change?  Why isn't this mentioned on the wiki right under where the hidden services are listed?

It's impossible to run a hidden service that accepts connections with recent versions. You'd need to change the code.

mila I realized that if you want to only use the nodes behind tor hidden services, you should use "connect" instead of "addnode"

Clearing out the UPnP forwards got my connection count up.


Now my only question is if I should set the proxy back to using tor.  I'm guessing not since then the client automatically sets "nolisten" when it detects a proxy on 9050 and I still want to listen on localhost for the hidden service.  Has anyone else done this? Theres only a few other of hidden services listed and they are listed anonymously so I don't know who to ask.

p2hwc26zdsrqxiix.onion just in case you missed it although I can't get my client to connect to it

If a government ever bans/blocks bitcoin use, allowing people access to the network via a tor hidden services (or i2p or something similar) is going to be important.  However, the current client doesn't appear to work with hidden services very well.

Some of the issues are brought up here https://github.com/bitcoin/bitcoin/issues/441.  However, that is for being a node that doesn't contribute for the network.  I am trying to run a tor hidden service and it really doesn't seem possible to run one optimally.

How can I set my node to not advertise my IP on IRC without setting "nolisten"?  I have to listen on localhost without giving my IP in order to run the hidden service properly.

On a side note, I'm really surprised that the client can't use a port besides 8333.



EDIT: So I think that tor hidden services and bitcoin are not currently compatible.  Putting the onion hostnames from the wiki into connect did not work for me at all.  I know my own hidden service is up as I am also running a simple web server that is accessible from the same hostname.

When I put the IP of the system running my hidden service on the connect line, it works.  Obviously this defeats the purpose of the hidden service though.  Does bitcoin ignore connection attempts from localhost or something? Anyone have any ideas as to why hidden services aren't working?

I'm pretty sure thats how to do it.

I am getting more than 8 connections with namecoin, but bitcoin is still limited to 8.  I just checked my router and it looks like it still had UPnP for my bitcoin port to another system.  I've cleared that out and hopefully it gets more than 8 now.