Browse Source

Errors corrected

Also:
- the lines of code that contain more than one elements are no more inline. 
   This should improve visualization in small screens (no auto line wrapping).
- Found a "solution" for the references: people looking at markdown presentation
   will see one only reference to the Tor project.
   In the text source all the "references" are shown and also serve in markdown as 
   hypertext links.
Feel free to improve.
ppa-0.6.1
gabridome 7 years ago
committed by Rusty Russell
parent
commit
2db832ab3e
  1. 105
      doc/TOR.md

105
doc/TOR.md

@ -62,7 +62,10 @@ CookieAuthFileGroupReadable 1
In alternative to the CookieFile authentication. you can set the authentication In alternative to the CookieFile authentication. you can set the authentication
to the service with a password by following theses steps: to the service with a password by following theses steps:
1. Create an hash of your password with `tor --hash-password yourpassword`. 1. Create an hash of your password with
```
tor --hash-password yourpassword
```
This returns a line like This returns a line like
`16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F` `16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F`
@ -80,7 +83,7 @@ To activate these changes:
The auto service will be used by adding `--addr=autotor:127.0.0.1:9051` if we The auto service will be used by adding `--addr=autotor:127.0.0.1:9051` if we
want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if we want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if we
don't want to publish it to the `lightningd` command line. don't want to publish it.
In the case the auto service is authenticated through the password, it will In the case the auto service is authenticated through the password, it will
be necessary to add the option `--tor-service-password=yourpassword` (not the hash). be necessary to add the option `--tor-service-password=yourpassword` (not the hash).
@ -124,16 +127,21 @@ on the configuration of your system.
You will find the newly created address with: You will find the newly created address with:
`sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v2/hostname` or ```
sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v2/hostname
`sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v3/hostname` in the ```
or
```
sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v3/hostname
```
in the
case of a version 3 Tor address. case of a version 3 Tor address.
Now we are able to create: Now we are able to create:
* Non-persistent version 2 .onion address via auto service (temp-v2) * Non-persistent version 2 .onion address via auto service (temp-v2)
* Persistent version 2 and version 3 .onion addresseses (v2 e v3). * Persistent version 2 and version 3 .onion addresseses (v2 and v3).
Let's see how to use them. Let's see how to use them.
@ -162,7 +170,7 @@ A non-persistent .onion address is generated by accessing an [auto service](#cre
4. In all the "Incoming" use case, the node can also make "Outgoing" Tor 4. In all the "Incoming" use case, the node can also make "Outgoing" Tor
connections (connect to a .onion address) by adding the connections (connect to a .onion address) by adding the
`--proxy:127.0.0.1:9050` option to the `lightningd`command. `--proxy:127.0.0.1:9050` option.
#### Case 1 c-lightning has a public IP address and no Tor hidden service address, but can connect to an onion address via a Tor socks 5 proxy. #### Case 1 c-lightning has a public IP address and no Tor hidden service address, but can connect to an onion address via a Tor socks 5 proxy.
@ -184,10 +192,14 @@ If you want to `connect` to nodes ONLY via the Tor proxy, you have to add the
You can announce your public IP address through the usual method: You can announce your public IP address through the usual method:
`--bind-addr=internalIPAddress:port --announce-addr=externalIpAddress`if the ```
node is into an internal network --bind-addr=internalIPAddress:port --announce-addr=externalIpAddress
```
`--addr=externalIpAddress` if the node is not inside an internal network. if the node is into an internal network
```
--addr=externalIpAddress
```
if the node is not inside an internal network.
TIP: If you are unsure which of the two is suitable for you, find your internal TIP: If you are unsure which of the two is suitable for you, find your internal
and external address and see if they match. and external address and see if they match.
@ -203,32 +215,38 @@ If they match you can use the `--addr` command line option.
#### Case #2 c-lightning has a public IP address and a fixed Tor hidden service address that is persistent, so that external users can connect to this node. #### Case #2 c-lightning has a public IP address and a fixed Tor hidden service address that is persistent, so that external users can connect to this node.
To have your external IP address and your .onion address announced, you use the To have your external IP address and your .onion address announced, you use the
```
--bind-addr=yourInternalIPAddress:port --announce-addr=yourexternalIPAddress:port --announce-addr=your.onionAddress:port`
```
option.
`--bind-addr=yourInternalIPAddress:port --announce-addr=yourexternalIPAddress:port --announce-addr=your.onionAddress:port` option. If you are not inside an internal network you can use
```
If you are not inside an internal network you can use `--addr=yourIPAddress:port --announce-addr=your.onionAddress:port`. --addr=yourIPAddress:port --announce-addr=your.onionAddress:port
```
your.onionAddress is the one created with the Tor hidden service ([see above](#creation-of-an-hidden-service-for-a-persistent-onion-address)). your.onionAddress is the one created with the Tor hidden service ([see above](#creation-of-an-hidden-service-for-a-persistent-onion-address)).
The port is the one indicated as the hidden service port. If the hidden service creation The port is the one indicated as the hidden service port. If the hidden service creation
line is `HiddenServicePort 1234 127.0.0.1:9735` the .onion address will be reachable at line is `HiddenServicePort 1234 127.0.0.1:9735` the .onion address will be reachable at
the 1234 port (the global port). the 1234 port (the global port).
It will be possible to connect to this node with: It will be possible to connect to this node with:
```
`lightning-cli connect nodeID .onionAddress globalPort` through Tor lightning-cli connect nodeID .onionAddress globalPort
```
Where .onion address is in the form `xxxxxxxxxxxxxxxxxxxxxxxxxx.onion`, Or through Tor where .onion address is in the form `xxxxxxxxxxxxxxxxxxxxxxxxxx.onion`, Or
```
`lightning-cli connect nodeID yourexternalIPAddress Port` through clearnet. lightning-cli connect nodeID yourexternalIPAddress Port
```
through Clearnet.
#### Case #3 c-lightning has a public IP address and a non-persisten Tor service address #### Case #3 c-lightning has a public IP address and a non-persisten Tor service address
In this case other nodes can connect to you via Clearnet or Tor. In this case other nodes can connect to you via Clearnet or Tor.
To announce your IP address to the network, you add: To announce your IP address to the network, you add:
```
`--bind-addr=internalAddress:port --announce-addr=yourExternalIPAddress` --bind-addr=internalAddress:port --announce-addr=yourExternalIPAddress
```
or `--addr=yourExternalIPAddress`if you are NOT on an internal network. or `--addr=yourExternalIPAddress`if you are NOT on an internal network.
To get your non-persistent Tor address, add To get your non-persistent Tor address, add
@ -248,17 +266,18 @@ Other nodes can connect to the announced .onion address created with the
hidden service ([see above](#creation-of-an-hidden-service-for-a-persistent-onion-address)). hidden service ([see above](#creation-of-an-hidden-service-for-a-persistent-onion-address)).
In this case In the `lightningd` command line you will specify: In this case In the `lightningd` command line you will specify:
```
`--bind-addr=yourInternalIPAddress:port --announce-addr=your.onionAddress:port` --bind-addr=yourInternalIPAddress:port --announce-addr=your.onionAddress:port
```
or `--addr=your.onionAddress:port` if you are NOT on an internal network. or `--addr=your.onionAddress:port` if you are NOT on an internal network.
#### Case #5 c-lightning has no public IP address, and has no fixed Tor hidden service address #### Case #5 c-lightning has no public IP address, and has no fixed Tor hidden service address
In this case it is difficult to track the node. In this case it is difficult to track the node.
You specify just: You specify just:
```
`--bind-addr=yourInternalIPAddress:port --bind-addr=autotor:127.0.0.1:9051` --bind-addr=yourInternalIPAddress:port --bind-addr=autotor:127.0.0.1:9051
```
In the `lightningd` command line. In the `lightningd` command line.
Other nodes will not be able to `connect` to you unless you communicate them how to reach you. Other nodes will not be able to `connect` to you unless you communicate them how to reach you.
@ -272,16 +291,22 @@ You will be reachable via Clearnet, via Tor to the .onion V3 address and the
connect with our node. connect with our node.
to make your external IP address public you add: to make your external IP address public you add:
`--bind-addr=yourInternalAddress:port --announce-addr=yourexternalIPAddress:port`. ```
--bind-addr=yourInternalAddress:port --announce-addr=yourexternalIPAddress:port`.
```
If the node is not on an internal network the option will be: If the node is not on an internal network the option will be:
`--addr=yourexternalIPAddress:port`. `--addr=yourexternalIPAddress:port`.
Once the .onion addresses have been created with the procedures [oulined above](#creation-of-an-hidden-service-for-a-persistent-onion-address), Once the .onion addresses have been created with the procedures [oulined above](#creation-of-an-hidden-service-for-a-persistent-onion-address),
the node is already reachable at the .onion address. the node is already reachable at the .onion address.
To make your external .onion addresses public you add: `--announce-addr=.onionAddressV2:port --announce-addr=.onionAddressV3:port` to the options to publish your IP number. To make your external .onion addresses public you add:
```
--announce-addr=.onionAddressV2:port --announce-addr=.onionAddressV3:port
```
to the options to publish your IP number.
#### Case #7 c-lightning has no public IP address and a fixed Tor V3 service address and fixed Tor V2 service address a 3rd non persisten V2 address #### Case #7 c-lightning has no public IP address, a fixed Tor V3 service address, a fixed Tor V2 service address and also a 3rd non persisten V2 address
External users can connect to this node by Tor V2 and V3 and a random V2 until next tor release, then also (V3 randomly). External users can connect to this node by Tor V2 and V3 and a random V2 until next tor release, then also (V3 randomly).
@ -295,18 +320,26 @@ Also you must specify `--tor-service-password=yourpassword` (not the hash) to ac
Tor service at 9051 If you have protected them with the password (no additional options if Tor service at 9051 If you have protected them with the password (no additional options if
they are protected with a cookie file. [See above](#creation-of-an-auto-service-for-non-persistent-onion-addresses)). they are protected with a cookie file. [See above](#creation-of-an-auto-service-for-non-persistent-onion-addresses)).
To make your external .onion address (V2 and V3) public you add: `--bind-addr=yourInternalIPAddress:port --announce-addr=your.onionAddressV2:port --announce-addr=your.onionAddressV3:port` To make your external .onion address (V2 and V3) public you add:
```
--bind-addr=yourInternalIPAddress:port --announce-addr=your.onionAddressV2:port --announce-addr=your.onionAddressV3:port
```
#### Case #8 c-lightning has a public IP address and no Tor addresses #### Case #8 c-lightning has a public IP address and no Tor addresses
The external address is communicated by the The external address is communicated by the
`--bind-addr=internalIPAddress:port --announce-addr=yourexternalIPAddress:port` ```
--bind-addr=internalIPAddress:port --announce-addr=yourexternalIPAddress:port`
```
or `--addr=yourexternalIPAddress:port` if the node is not inside an internal network. or `--addr=yourexternalIPAddress:port` if the node is not inside an internal network.
The node can connect to any V4/6 ip address via a IPV4/6 socks 5 proxy by specifing The node can connect to any V4/6 ip address via a IPV4/6 socks 5 proxy by specifing
`--proxy=127.0.0.1:9050 --always-use-proxy`. ```
--proxy=127.0.0.1:9050 --always-use-proxy
```
## References
[The Tor project](https://www.torproject.org/)
[tor FAQ]: https://www.torproject.org/docs/faq.html.en#WhatIsTor [tor FAQ]: https://www.torproject.org/docs/faq.html.en#WhatIsTor

Loading…
Cancel
Save