Pages:
Author

Topic: Tor fallback nodes (Read 3799 times)

sr. member
Activity: 462
Merit: 250
December 28, 2011, 07:24:18 PM
#28
I got another hidden service up and running.

hooray! : )

You can see a list of them on the wiki, although it appears that my 2 are the only ones online Sad

there was this issue with Tor that as soon as you run a stable node, it gets high traffic as the network routes more and more through that node. probably folks gave up turning theirs off and on again. either you shape available bandwidth or tune tor to only consume a fair share of resources and then it might be sustainable. I hope I'm wrong and running tor is not an issue anymore
hero member
Activity: 742
Merit: 500
December 28, 2011, 04:05:19 PM
#27
I got another hidden service up and running.

You can see a list of them on the wiki, although it appears that my 2 are the only ones online Sad

https://en.bitcoin.it/wiki/Fallback_Nodes#Tor_nodes
hero member
Activity: 742
Merit: 500
December 27, 2011, 08:00:09 PM
#26
Disclaimer:  I'm a Tor newbie and networking stuff isn't my strong suit, you probably know more about it than I do.

But: I fixed a Tor-related bug for version 0.6 a few days ago.  In particular, I moved all of the "turn this on or turn this off if running over Tor" to one spot (in the init.cpp file) and reworked the code so that you can override all of those decisions via command-line or bitcoin.conf switches (e.g. specify -nolisten=0 to set nolisten to false so you DO listen even if running a port 9050 proxy).


Great.  I'll be sure to test 0.6 with a proxy set and a tor hidden service sometime soon.
legendary
Activity: 1652
Merit: 2311
Chief Scientist
December 27, 2011, 07:22:15 PM
#25
Disclaimer:  I'm a Tor newbie and networking stuff isn't my strong suit, you probably know more about it than I do.

But: I fixed a Tor-related bug for version 0.6 a few days ago.  In particular, I moved all of the "turn this on or turn this off if running over Tor" to one spot (in the init.cpp file) and reworked the code so that you can override all of those decisions via command-line or bitcoin.conf switches (e.g. specify -nolisten=0 to set nolisten to false so you DO listen even if running a port 9050 proxy).

hero member
Activity: 742
Merit: 500
December 27, 2011, 07:00:41 PM
#24
I've added all of the tor fallback nodes to my torrc with mapaddress and I only connect to 1.  I'm pretty sure that my hidden service is the only one still online.
hero member
Activity: 742
Merit: 500
December 26, 2011, 11:36:11 PM
#23
Ah, that's where I thought you would have seen the list of hidden services. They shouldn't be listed elsewhere, since they're useless without the instructions.

I removed them from the other page, added a link and expanded the explanation of how to properly connect to the hidden services.

I still think that if I set my server running the tor hidden service to also proxy it's connections through tor, then it will reject incoming connections and not work properly.
administrator
Activity: 5222
Merit: 13032
December 26, 2011, 11:02:04 PM
#22
Ah, that's where I thought you would have seen the list of hidden services. They shouldn't be listed elsewhere, since they're useless without the instructions.
hero member
Activity: 742
Merit: 500
December 26, 2011, 10:36:02 PM
#21
Are you using mapaddress?

I just added this to my torrc and made my bitcoin.conf match
Quote
mapaddress 192.0.2.2 p2hwc26zdsrqxiix.onion
mapaddress 192.0.2.3 sh4ep6zb6vnoa2h5.onion
mapaddress 192.0.2.4 iy6ni3wkqazp4ytu.onion
mapaddress 192.0.2.5 bxfna6fhddpzduck.onion

I'll let you know if it works.  Why does bitcoin not support using a remote DNS? I would think it should considering it has proxy support.

Oh wow.  I finally found this page https://en.bitcoin.it/wiki/Fallback_Nodes#Tor_network

Would sure be nice if https://en.bitcoin.it/wiki/Tor mentioned it...


EDIT: That did it theymos! Thanks!
Code:
$ bitcoind getinfo
{
    "version" : 50000,
    "balance" : 3.74654100,
    "blocks" : 159331,
    "connections" : 1,
    "proxy" : "127.0.0.1:9050",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 1159929.49722438,
    "hashespersec" : 0,
    "testnet" : false,
    "keypoololdest" : 1319583806,
    "keypoolsize" : 101,
    "paytxfee" : 0.00000000,
    "errors" : ""
}

I'll add something to the wiki to make this more clear for people
administrator
Activity: 5222
Merit: 13032
December 26, 2011, 10:12:49 PM
#20
Are you using mapaddress?
hero member
Activity: 742
Merit: 500
December 26, 2011, 09:07:35 PM
#19
EDIT: Actually, I'm not sure that's enough to fix it.  Right now my server does not have "proxy", "connect", or "nolisten" in it's config.

When Bitcoin uses Tor, nolisten is automatically applied, and you can't override it.

I'm pretty sure connections from localhost are allowed.
When Bitcoin uses Tor as a proxy, nolisten is automatically applied.  More specifically, when a proxy on 9050 is detected, nolisten is automatically applied.  I think this is dumb since tor might be on a different port, but thats for another topic.  Your patch changes this.  However, I have NOT set "proxy" on the server running the hidden service.

All I did was setup a hidden service that points to 8333.  Bitcoin on this server is currently completely unaware of tor being used.  However I still cannot get a connection to any of the listed tor hidden services.  That's why I think there is something more going on.

I ran a second bitcoind on my tor server (where the primary bitcoind is public) with nolisten and connect=127.0.0.1 (which is similar to how a connection coming to the hidden service would look), and it was able to connect.

I also ran a second bitcoind on my client (where the primary bitcoind proxies via tor) that has "nolisten" and "connect=127.0.0.1."  It was unable to connect which makes me believe that when "nolisten" is set, even connections from localhost fail.

I think that there might be a problem with bitcoin trying to resolve the onion names via dns or something instead of passing them to the proxy like it should, but I'm not sure and my C is really rusty so auditing the code will take me a while.

Once I get this working properly, I may add "proxy" back to the config.  For now, I don't mind broadcasting that I am running a node on my IP and I also like having better connectivity to the network.

Mila, do you have any connections? I'm wondering if I just need to be more patient since tor can take a while to resolve. I still think something else in the bitcoin client needs to be modified though.
administrator
Activity: 5222
Merit: 13032
December 26, 2011, 06:40:59 PM
#18
EDIT: Actually, I'm not sure that's enough to fix it.  Right now my server does not have "proxy", "connect", or "nolisten" in it's config.

When Bitcoin uses Tor, nolisten is automatically applied, and you can't override it.

I'm pretty sure connections from localhost are allowed.
sr. member
Activity: 462
Merit: 250
December 26, 2011, 06:33:44 PM
#17
mila I realized that if you want to only use the nodes behind tor hidden services, you should use "connect" instead of "addnode"

thanks, that's what I aim to do. setup one of my clients to work only through tor network. limiting connections to those with .onion addresses only and see how it works.
hero member
Activity: 742
Merit: 500
December 26, 2011, 03:49:14 AM
#16
Code:
fNoListen = GetBoolArg("-nolisten") //|| fTOR;

Whoops, you need a semicolon before that comment.
I'll build it with these changes soon.  I need to download some dependencies first.  I'm still not convinced this will work though as I noted in my previous posts' edit.
administrator
Activity: 5222
Merit: 13032
December 26, 2011, 03:21:26 AM
#15
Code:
fNoListen = GetBoolArg("-nolisten") //|| fTOR;

Whoops, you need a semicolon before that comment.
hero member
Activity: 742
Merit: 500
December 26, 2011, 03:07:23 AM
#14
It changed within the last month or two, I think.

You'd need to make these changes to fix it:

net.cpp
Code:
    if (/*fUseProxy ||*/ mapArgs.count("-connect") || fNoListen)
    {
        // Proxies can't take incoming connections
        addrLocalHost.ip = CAddress("0.0.0.0").ip;
        printf("addrLocalHost = %s\n", addrLocalHost.ToString().c_str());

init.cpp
Code:
fNoListen = GetBoolArg("-nolisten") //|| fTOR;

<3

EDIT: Actually, I'm not sure that's enough to fix it.  Right now my server does not have "proxy", "connect", or "nolisten" in it's config.  When connecting to the IP directly from another node, the connection works.  When I try to use the hidden service from my remote node (which should appear to the server as a connection from localhost), my node fails to connect. Your code changes don't seem to do anything for that failure.
administrator
Activity: 5222
Merit: 13032
December 26, 2011, 02:53:03 AM
#13
It changed within the last month or two, I think.

You'd need to make these changes to fix it:

net.cpp
Code:
    if (/*fUseProxy ||*/ mapArgs.count("-connect") || fNoListen)
    {
        // Proxies can't take incoming connections
        addrLocalHost.ip = CAddress("0.0.0.0").ip;
        printf("addrLocalHost = %s\n", addrLocalHost.ToString().c_str());

init.cpp
Code:
fNoListen = GetBoolArg("-nolisten") //|| fTOR;
hero member
Activity: 742
Merit: 500
December 26, 2011, 02:37:26 AM
#12
It's impossible to run a hidden service that accepts connections with recent versions. You'd need to change the code.
That's too bad.  A hidden service that doesn't accept connections isn't much of a service.

How do you know this? What changed in recent versions? What code needs to change?  Why isn't this mentioned on the wiki right under where the hidden services are listed?
administrator
Activity: 5222
Merit: 13032
December 26, 2011, 02:28:58 AM
#11
It's impossible to run a hidden service that accepts connections with recent versions. You'd need to change the code.
hero member
Activity: 742
Merit: 500
December 26, 2011, 01:44:40 AM
#10
mila I realized that if you want to only use the nodes behind tor hidden services, you should use "connect" instead of "addnode"

Clearing out the UPnP forwards got my connection count up.

Code:

$ bitcoind getinfo
{  
    "version" : 50100,
    "balance" : 0.00000000,
    "blocks" : 159178,
    "connections" : 23,
    "proxy" : "",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 1155038.33396364,
    "hashespersec" : 0,
    "testnet" : false,
    "keypoololdest" : 1324762350,
    "keypoolsize" : 101,
    "paytxfee" : 0.00000000,
    "errors" : ""
}
$ namecoind getinfo
{  
    "version" : 32464,
    "balance" : 0.00000000,
    "blocks" : 34897,
    "connections" : 26,
    "proxy" : "",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 409454.72461946,
    "hashespersec" : 0,
    "testnet" : false,
    "keypoololdest" : 1324762469,
    "paytxfee" : 0.00000000,
    "errors" : ""
}

Now my only question is if I should set the proxy back to using tor.  I'm guessing not since then the client automatically sets "nolisten" when it detects a proxy on 9050 and I still want to listen on localhost for the hidden service.  Has anyone else done this? Theres only a few other of hidden services listed and they are listed anonymously so I don't know who to ask.

p2hwc26zdsrqxiix.onion just in case you missed it although I can't get my client to connect to it Sad

If a government ever bans/blocks bitcoin use, allowing people access to the network via a tor hidden services (or i2p or something similar) is going to be important.  However, the current client doesn't appear to work with hidden services very well.

Some of the issues are brought up here https://github.com/bitcoin/bitcoin/issues/441.  However, that is for being a node that doesn't contribute for the network.  I am trying to run a tor hidden service and it really doesn't seem possible to run one optimally.

How can I set my node to not advertise my IP on IRC without setting "nolisten"?  I have to listen on localhost without giving my IP in order to run the hidden service properly.

On a side note, I'm really surprised that the client can't use a port besides 8333.



EDIT: So I think that tor hidden services and bitcoin are not currently compatible.  Putting the onion hostnames from the wiki into connect did not work for me at all.  I know my own hidden service is up as I am also running a simple web server that is accessible from the same hostname.

When I put the IP of the system running my hidden service on the connect line, it works.  Obviously this defeats the purpose of the hidden service though.  Does bitcoin ignore connection attempts from localhost or something? Anyone have any ideas as to why hidden services aren't working?
hero member
Activity: 742
Merit: 500
December 25, 2011, 03:43:45 PM
#9
I suppose to start using bitcoin client over tor I need to set it up with -addnode values of tor nodes?
I'm pretty sure thats how to do it.

I am getting more than 8 connections with namecoin, but bitcoin is still limited to 8.  I just checked my router and it looks like it still had UPnP for my bitcoin port to another system.  I've cleared that out and hopefully it gets more than 8 now.
Pages:
Jump to: