Tor fallback nodes

[rahl]

I can't get any of the Tor fallback nodes listed at https://en.bitcoin.it/wiki/Fallback_Nodes to work.

From my tor network it doesn't even seem to be attempting connections to the .onion addresses. I set it up exactly as described there with the torrc and bitcoin configuration files.

So is this supposed to work?

[1714598599]

1714598599

[1714598599]

1714598599

[theymos]

Those were added a long time ago, so they might all be down now.

[rahl]

Is there some more updated list of nodes on tor?

[Red Emerald]

I'll setup a hidden service on my main miner and get the ports open for you later today.  I think bitcoin over tor is probably privacy overkill, but it can't hurt.

Hm... Just tried to "apt-get install tor" on my miner and it was unhappy with libevent versions.  This may take a little longer than I thought.

[rahl]

I'll setup a hidden service on my main miner and get the ports open for you later today.  I think bitcoin over tor is probably privacy overkill, but it can't hurt.

Hm... Just tried to "apt-get install tor" on my miner and it was unhappy with libevent versions.  This may take a little longer than I thought.

I don't think it is overkill. The IRC peer relay without tor seems rather terrible for privacy and any well used node could be harvesting client IPs for some malevolent purpose. Granted they probably can't do that much with just my IP, but I am not really qualified to evaluate the security of my home computer. All I know is consumer routers or AVG was probably not designed to protect money...

It used to find peers by itself with the tor proxy on before but lately I have been having 0 connections and pretty much need to shut of the proxy to update the chain...

It may or may not be possible to connect to my client on e3tn727fywnioxrc.onion:8333
I have no idea if that is going to work though. I am pretty sure the hidden service is setup correctly but I don't know if the bitcoin client might need some configuring to communicate properly with the hidden service?

[Red Emerald]

I realize this is way late, but I finally got some tor hidden services up for bitcoin and namecoin

p2hwc26zdsrqxiix.onion

EDIT: Hmm. It seems that bitcoin is limiting itself to 8 connections.  My server running the hidden service is in my network's DMZ and I have "maxconnections=125" in my config.  Does having a proxy set force it to 8?  I'm still downloading the block chain.

Should I disable the proxy? That would reveal that I'm running a node which I thought kind of removed the point of being a tor hidden service though.

Code:

$ bitcoind getinfo
{
    "version" : 50100,
    "balance" : 0.00000000,
    "blocks" : 143079,
    "connections" : 8,
    "proxy" : "127.0.0.1:9050",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 1805700.83619367,
    "hashespersec" : 0,
    "testnet" : false,
    "keypoololdest" : 1324762350,
    "keypoolsize" : 101,
    "paytxfee" : 0.00000000,
    "errors" : ""
}

EDIT AGAIN: I turned the proxy off and still am only getting 8 connections

[Gabi]

When you get only 8 connections it mean you are only connecting to the 8 nodes of the IRC list thing, the default ones. Only 8 connections it means your client is unable to find and comunicate with other nodes

[mila]

I suppose to start using bitcoin client over tor I need to set it up with -addnode values of tor nodes?

[Red Emerald]

I suppose to start using bitcoin client over tor I need to set it up with -addnode values of tor nodes?

I'm pretty sure thats how to do it.

I am getting more than 8 connections with namecoin, but bitcoin is still limited to 8.  I just checked my router and it looks like it still had UPnP for my bitcoin port to another system.  I've cleared that out and hopefully it gets more than 8 now.

[Red Emerald]

mila I realized that if you want to only use the nodes behind tor hidden services, you should use "connect" instead of "addnode"

Clearing out the UPnP forwards got my connection count up.

Code:

$ bitcoind getinfo
{   
    "version" : 50100,
    "balance" : 0.00000000,
    "blocks" : 159178,
    "connections" : 23,
    "proxy" : "",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 1155038.33396364,
    "hashespersec" : 0,
    "testnet" : false,
    "keypoololdest" : 1324762350,
    "keypoolsize" : 101,
    "paytxfee" : 0.00000000,
    "errors" : ""
}
$ namecoind getinfo
{   
    "version" : 32464,
    "balance" : 0.00000000,
    "blocks" : 34897,
    "connections" : 26,
    "proxy" : "",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 409454.72461946,
    "hashespersec" : 0,
    "testnet" : false,
    "keypoololdest" : 1324762469,
    "paytxfee" : 0.00000000,
    "errors" : ""
}

Now my only question is if I should set the proxy back to using tor.  I'm guessing not since then the client automatically sets "nolisten" when it detects a proxy on 9050 and I still want to listen on localhost for the hidden service.  Has anyone else done this? Theres only a few other of hidden services listed and they are listed anonymously so I don't know who to ask.

p2hwc26zdsrqxiix.onion just in case you missed it although I can't get my client to connect to it

If a government ever bans/blocks bitcoin use, allowing people access to the network via a tor hidden services (or i2p or something similar) is going to be important.  However, the current client doesn't appear to work with hidden services very well.

Some of the issues are brought up here https://github.com/bitcoin/bitcoin/issues/441.  However, that is for being a node that doesn't contribute for the network.  I am trying to run a tor hidden service and it really doesn't seem possible to run one optimally.

How can I set my node to not advertise my IP on IRC without setting "nolisten"?  I have to listen on localhost without giving my IP in order to run the hidden service properly.

On a side note, I'm really surprised that the client can't use a port besides 8333.



EDIT: So I think that tor hidden services and bitcoin are not currently compatible.  Putting the onion hostnames from the wiki into connect did not work for me at all.  I know my own hidden service is up as I am also running a simple web server that is accessible from the same hostname.

When I put the IP of the system running my hidden service on the connect line, it works.  Obviously this defeats the purpose of the hidden service though.  Does bitcoin ignore connection attempts from localhost or something? Anyone have any ideas as to why hidden services aren't working?

[theymos]

It's impossible to run a hidden service that accepts connections with recent versions. You'd need to change the code.

[Red Emerald]

It's impossible to run a hidden service that accepts connections with recent versions. You'd need to change the code.

That's too bad.  A hidden service that doesn't accept connections isn't much of a service.

How do you know this? What changed in recent versions? What code needs to change?  Why isn't this mentioned on the wiki right under where the hidden services are listed?

[theymos]

It changed within the last month or two, I think.

You'd need to make these changes to fix it:

net.cpp

Code:

    if (/*fUseProxy ||*/ mapArgs.count("-connect") || fNoListen)
    {
        // Proxies can't take incoming connections
        addrLocalHost.ip = CAddress("0.0.0.0").ip;
        printf("addrLocalHost = %s\n", addrLocalHost.ToString().c_str());

init.cpp

Code:

fNoListen = GetBoolArg("-nolisten") //|| fTOR;

[Red Emerald]

It changed within the last month or two, I think.

You'd need to make these changes to fix it:

net.cpp

Code:

    if (/*fUseProxy ||*/ mapArgs.count("-connect") || fNoListen)
    {
        // Proxies can't take incoming connections
        addrLocalHost.ip = CAddress("0.0.0.0").ip;
        printf("addrLocalHost = %s\n", addrLocalHost.ToString().c_str());

init.cpp

Code:

fNoListen = GetBoolArg("-nolisten") //|| fTOR;

<3

EDIT: Actually, I'm not sure that's enough to fix it.  Right now my server does not have "proxy", "connect", or "nolisten" in it's config.  When connecting to the IP directly from another node, the connection works.  When I try to use the hidden service from my remote node (which should appear to the server as a connection from localhost), my node fails to connect. Your code changes don't seem to do anything for that failure.

[theymos]

Code:

fNoListen = GetBoolArg("-nolisten") //|| fTOR;

Whoops, you need a semicolon before that comment.

[Red Emerald]

Code:

fNoListen = GetBoolArg("-nolisten") //|| fTOR;

Whoops, you need a semicolon before that comment.

I'll build it with these changes soon.  I need to download some dependencies first.  I'm still not convinced this will work though as I noted in my previous posts' edit.

[mila]

mila I realized that if you want to only use the nodes behind tor hidden services, you should use "connect" instead of "addnode"

thanks, that's what I aim to do. setup one of my clients to work only through tor network. limiting connections to those with .onion addresses only and see how it works.

[theymos]

EDIT: Actually, I'm not sure that's enough to fix it.  Right now my server does not have "proxy", "connect", or "nolisten" in it's config.

When Bitcoin uses Tor, nolisten is automatically applied, and you can't override it.

I'm pretty sure connections from localhost are allowed.

[Red Emerald]

EDIT: Actually, I'm not sure that's enough to fix it.  Right now my server does not have "proxy", "connect", or "nolisten" in it's config.

When Bitcoin uses Tor, nolisten is automatically applied, and you can't override it.

I'm pretty sure connections from localhost are allowed.

When Bitcoin uses Tor as a proxy, nolisten is automatically applied.  More specifically, when a proxy on 9050 is detected, nolisten is automatically applied.  I think this is dumb since tor might be on a different port, but thats for another topic.  Your patch changes this.  However, I have NOT set "proxy" on the server running the hidden service.

All I did was setup a hidden service that points to 8333.  Bitcoin on this server is currently completely unaware of tor being used.  However I still cannot get a connection to any of the listed tor hidden services.  That's why I think there is something more going on.

I ran a second bitcoind on my tor server (where the primary bitcoind is public) with nolisten and connect=127.0.0.1 (which is similar to how a connection coming to the hidden service would look), and it was able to connect.

I also ran a second bitcoind on my client (where the primary bitcoind proxies via tor) that has "nolisten" and "connect=127.0.0.1."  It was unable to connect which makes me believe that when "nolisten" is set, even connections from localhost fail.

I think that there might be a problem with bitcoin trying to resolve the onion names via dns or something instead of passing them to the proxy like it should, but I'm not sure and my C is really rusty so auditing the code will take me a while.

Once I get this working properly, I may add "proxy" back to the config.  For now, I don't mind broadcasting that I am running a node on my IP and I also like having better connectivity to the network.

Mila, do you have any connections? I'm wondering if I just need to be more patient since tor can take a while to resolve. I still think something else in the bitcoin client needs to be modified though.

[theymos]

Are you using mapaddress?