Using Tor from the command line

# Using Tor from the command line ###### tags: `workshops_mln` This is a tutorial to understand Tor and use it with Bitcoin nodes. **Table of Contents** [TOC] ## Author Twitter for corrections, comments or suggestions: [@bitao36](https://twitter.com/bitao36) This tutorial was prepared for the [Mastering Lightning Seminar Course](https://libreriadesatoshi.com/) through [@libreriadesatoshi](https://twitter.com/libdesatoshi). In the following link you can find the reference documentation: [how-to-run-bitcoin-as-a-tor-hidden-service-on-ubuntu](https://blog.lopp.net/how-to-run-bitcoin-as-a-tor-hidden-service-on-ubuntu) ## Requirements :information_source: :::info Have a Debian-based Linux distribution installed, preferably Ubuntu. ::: ## What is Tor ![](https://hackmd.io/_uploads/HkBayN_Hh.png) Tor is a global proxy network run by volunteers. Within this network the nodes are called relays and when services are created in it they are identified using their public keys and the .onion suffix. ## Why use Tor It has usually been used to increase privacy when browsing the Internet. In the specific case of Bitcoin we can increase privacy by using it as a proxy to communicate with other nodes. When we have a server behind a firewall or a public IP that we do not want to reveal or a router that we cannot do port forwarding, we can use Tor to make it accessible from the outside. That is why it is commonly used in nodes of the lightning network since these, unlike Bitcoin nodes, must be accessible from the outside by other nodes in the network. ## How to install Tor ### In Ubuntu If you are using Ubuntu you must do the following: ``` sudo apt update sudo apt install tor ``` To start Tor you execute: ``` sudo service tor start ``` ### In Debian If you are using Debian, start by executing the following command to find out the name of the Linux distribution we are using ``` $lsb_release -c ``` and returns the following: ![](https://i.imgur.com/8RcbqQ5.png) Now let's create the following file ``` $sudo nano /etc/apt/sources.list.d/tor_repo.list ``` Edit where it says bullseye so that it appears to you and copy the following lines there to be able to download the repositories where the source code is hosted ``` deb http://deb.torproject.org/torproject.org bullseye main deb-src http://deb.torproject.org/torproject.org bullseye main ``` Press Ctrl+x , then press 's' and enter to save the changes. Now run the following command to download the GPG key from the repository so you can install it: ``` $curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo apt-key add - ``` We run this command to update the repositories we just added: ``` $sudo apt-get update ``` And we install: ``` $sudo apt-get install tor deb.torproject.org-keyring ``` ### Configuration Now let's go to the following path to edit the torrc configuration file ``` $cd /etc/tor ``` And we add the following lines ``` SOCKSPort 9050 Log notice stdout ControlPort 9051 CookieAuthentication 1 CookieAuthFileGroupReadable 1 ``` Now we are going to add the user where the bitcoin installation is located to the Tor group. With this command we find the name of the Tor group. ``` $grep User /usr/share/tor/tor-service-defaults-torrc ``` In our case debian-tor appears, so we add the admon user to this group: ``` $sudo usermod -a -G debian-tor youruser ``` Log out and log in again for the modifications to be applied or restart the PC. Now we are going to configure Tor as a service so that it starts every time you start the PC: ``` $sudo systemctl enable tor ``` And to launch it at this moment we execute ``` $sudo systemctl start tor ``` Now the machine is running Tor. Traffic is normal unless you specify the communications software you are using to connect through Tor as we will do later with bitcoind. To check that tor is running you can run: ``` $sudo systemctl status tor ``` And it will appear green if it is active or red if it is inactive. You can also run the following command which shows the ports that your local ip is listening ``` $nmap localhost ``` And it should show you something similar to: ``` Nmap scan report for localhost (127.0.0.1) Host is up (0.00048s latency). Not shown: 990 closed ports PORT STATE SERVICE 631/tcp open ipp 9050/tcp open tor-socks ``` As you can see, it is listening on TCP port 9050, which is the port of the tor service. ## How to configure Bitcoin Core (bitcoind) to use Tor I am assuming that you have already installed a Bitcoin node and downloaded the blockchain, so we can modify the configuration so that bitcoind communicates with the other nodes exclusively through Tor for more privacy and anonymity. Go to the path where the bitcoin.conf file is and edit it. I'm going to assume that it is in your home, then you would have to do the following: ``` cd ~/.bitcoin nano bitcoin.conf ``` The bitcoin.conf file would look like this: ``` debug=tor onlynet=onion proxy=127.0.0.1:9050 bind=127.0.0.1 dnsseed=0 dns=0 addnode=kpgvmscirrdqpekbqjsvw5teanhatztpp2gl6eee4zkowvwfxwenqaid.onion addnode=bnx4povtqynvwnui5oqm5xcxqvat3j7yzgn6mqciuyszqawhuayvyaid.onion:8333 addnode=wyg7twmf7t3pfvfpdcfd64wvjj2pkccuui7ew34ovnqung5f623b4yyd.onion addnode=glm52zywiqrcxuwswvgjsxr5pfeggil7uci4z5tbpvb4rjyu5hwjhtid.onion addnode=xspiicyddsdmzxsffzw6z4f22wi2iwyyufkjcaj2qr7cznxymtft5nid.onion addnode=nqb5q6d4nhp54ziahhm2oxopqwyyulg7nrqwrcmfvwhj7y7xasaeg7ad.onion addnode=vp4qo7u74cpckygkfoeu4vle2yqmxh7zuxqvtkazp4nbvjnxl2s3e6id.onion addnode=ew7x2hv76f7w7irfyektnbhd42eut27ttbfgggu7lbpxsyrlfvsujuqd.onion addnode=qxkgr5u4rmwme5jticjuuqrecw5vfc5thcqdxvbffwbqgqkdin7s7vid.onion ``` Press Ctrl+x , then press 's' and enter to save the changes. Let's explain these parameters a little: ```debug=tor ``` add logs that have to do with tor ```onlynet=onion``` tells Bitcoin Core that outgoing connections are over Tor ```proxy=127.0.0.1:9050``` tells Bitcoin core how to communicate through Tor ```bind: 127.0.0.1 ```will restrict incoming Bitcoin Core connections from other nodes as it only accepts local connections. ```dnsseed=0``` and ```dns=0``` Prevent Bitcoin Core from attempting to connect to the default DNS “seeds” found in the following bitcoin repository file: https://github.com/bitcoin/bitcoin/blob/master/src/chainparams.cpp#L116 Despite the incoming/outgoing restrictions we set above, without these two settings, our node will still try to connect to these hosts. Why do we want to prevent it from connecting to those seeds? Since Tor version 2 was discontinued at the end of 2021, several people had problems getting incoming connections from Tor version 3 nodes when they upgraded. That's why we're going to manually add seeds to connect. With addnode the seeds are added, which are other peers that are going to connect to our node. And since we are running the node only on Tor, we need to add the onion addresses of other peers instead of the IP addresses. Once we connect to them, they send us more that we can connect to. Eventually, our node will create a long list of nodes and will no longer need the seed nodes, so we will remove them later. I extracted the list of nodes from this reddit thread where a user had problems because with version 3 of Tor and was not getting incoming connections from other nodes so several people shared their onion addresses with him. https://www.reddit.com/r/Bitcoin/comments/kzhhgk/bitcoin_core_0210_tor_v3/ Once the explanation of the configuration file is finished, we proceed to stop bitcoind: ``` $sudo bitcoin-cli stop ``` Now we start them again: ``` $sudo bitcoind -daemon ``` If we execute the command ``` $bitcoin-cli getnetworkinfo ``` ![](https://i.imgur.com/4m6wdOe.png) We can see that we are connected through Tor, connections_in is still at zero because it takes a while to obtain connections from other nodes. If we are curious and want to know when others connect through Tor, we can execute the following command: ``` $sudo tcpdump -i any -p tcp port 9050 ``` Next on the screen you will begin to see the incoming packages. ## Configure Core Lightning (lightningd) to use Tor Typically, Lightning nodes configured through a software package such as Umbrel, RaspiBlitz, or myNode are configured through Tor by default. In this case we are doing a manual configuration so we open the Tor configuration file: ```$sudo nano /etc/tor/torrc``` and we add the following lines: ``` HiddenServiceDir /var/lib/tor/lightningd-service_v3/ HiddenServiceVersion 3 Hidden service port 9735 127.0.0.1:9735 ``` Press Ctrl+x, then press 's' and enter to save changes. We stop Tor: ``` $sudo systemctl stop tor ``` We launch Tor again: ``` $sudo systemctl start tor ``` Now we execute the following command to obtain the onion address that Tor assigned us. ``` $sudo cat /var/lib/tor/lightningd-service_v3/hostname ``` This address that you just threw at us is a fixed tor address for our lightning node. Add this address in lightningd configuration file ``` $sudo nano ~/.lightning/config ``` Copy the following lines into that file, replacing the one that says Announce-addr with the one you obtained. ``` announce-addr=huzhaegx5xoeqebmrjeiti6hu7qpg4pavr5lq4vaf52h4bq5rgx4oaid.onion :9735 proxy=127.0.0.1:9050 always use proxy = true ``` Press Ctrl+x, then press 's' and enter to save changes. Now we stop lightningd with the following command: ``` $lightning-cli stop ``` Now we reload Tor: ``` $sudo systemctl restart tor ``` And we start lightning again: ``` $lightning ––demon ``` To see that it is working, we execute: ``` $rayo-cli getinfo ``` At this time other nodes on the lightning network can communicate with your node. ## :zap: Donations :::success If this material was useful to you, you can thank @bitao36, sending him a contribution via Lightning Address: bitao36@getalby.com :::