forked from nihilist/blog-contributions
256 lines
11 KiB
HTML
256 lines
11 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="description" content="">
|
|
<meta name="author" content="">
|
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
|
|
|
<title>TOR Exit Node</title>
|
|
|
|
<!-- Bootstrap core CSS -->
|
|
<link href="../../../assets/css/bootstrap.css" rel="stylesheet">
|
|
<link href="../../../assets/css/xt256.css" rel="stylesheet">
|
|
<script src="../../../assets/js/highlight.pack.js"></script>
|
|
|
|
|
|
<!-- Custom styles for this template -->
|
|
<link href="../../../assets/css/main.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
|
<!--[if lt IE 9]>
|
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<!-- Static navbar -->
|
|
<div class="navbar navbar-inverse-anon navbar-static-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
</button>
|
|
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
|
|
</div>
|
|
<div class="navbar-collapse collapse">
|
|
<ul class="nav navbar-nav navbar-right">
|
|
|
|
<li><a href="/about.html">About</a></li>
|
|
<li><a href="/blog.html">Categories</a></li>
|
|
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
|
<li><a href="/contact.html">Contact</a></li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<!-- +++++ Posts Lists +++++ -->
|
|
<!-- +++++ First Post +++++ -->
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<a href="../../index.html">Previous Page</a></br></br> <p><img src="../../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 29 / 01 / 2024</ba></p>
|
|
<h1>TOR Exit Node </h1>
|
|
<img src="../logo.png" class="imgRz">
|
|
<p> Before we start, make sure you either rent a VPS anonymously (tor+XMR + ssh via tor) click <a href="https://kycnot.me/search?q=hosting&type=service">here</a> for the list of anonymity-friendly hosting providers or rent a VPS on a cloud provider that <a href="https://community.torproject.org/relay/community-resources/good-bad-isps/">explicitly</a> allows for tor exit nodes to be hosted on their platform.</p>
|
|
|
|
<img src="2.jpg" class="imgRz">
|
|
<p>As a disclaimer, you need to know who allows these tor exit nodes, if you're going to pick a random host provider to host an exit node for you,
|
|
you really don't know how the host may respond to that. Therefore it is best to pre-emptively see who actually accepts those exit nodes by looking at their TOS or
|
|
by contacting them for additional information. </p>
|
|
<img src="1.png" class="imgRz">
|
|
|
|
<p> ⚠️ Beware that authorities aren't always aware of tor exit node and what to do from a legal stand point. Before hosting an exit node, please take time to do sufficient legal research.
|
|
People have been arrested all around the world and had a lot of trouble with authorities because they hosted exit nodes.
|
|
If you are still motivated to get your own exit node, keep the phone number of a lawyer specialised in this field just in case anything goes wrong. ⚠️ </p>
|
|
|
|
<p>Now you can get a domain name to resolve to your exit node, or just use the one provided by njal.la :</p>
|
|
<img src="8.png" class="imgRz">
|
|
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /grey -->
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Initial setup</b></h2> </br> </br>
|
|
|
|
<pre><code class="nim">
|
|
apt update && apt -y dist-upgrade && apt -y autoremove && apt install -y curl tmux vim obfs4proxy gnupg2
|
|
|
|
apt update -y && apt upgrade -y
|
|
apt install curl tmux vim -y
|
|
|
|
root@Datura:~# cat /etc/apt/sources.list |head -n3
|
|
|
|
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
|
|
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
|
|
|
|
root@Datura:~# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
|
|
|
|
apt update -y
|
|
apt install tor nyx
|
|
|
|
|
|
</code></pre>
|
|
<p>From inside nyx you can view tor's status :</p>
|
|
<pre><code class="nim">
|
|
root@exit:~# nyx
|
|
|
|
</code></pre>
|
|
<img src="5.png" class="imgRz">
|
|
<p>inside nyx you can use the left and right arrow to navigate the different pages:</p>
|
|
<img src="6.png" class="imgRz">
|
|
<p>Above you can see the connections, pressing right again shows how your server is configured, along with extra details on each setting:</p>
|
|
<img src="7.png" class="imgRz">
|
|
<p>Next we make sure it's an exit like so: (be aware that this is where it gets dangerous if you're not doing this on a non-KYC VPS, or on a cloud provider that doesnt accept tor exit nodes.</p>
|
|
<pre><code class="nim">
|
|
root@exit:~# vim /etc/tor/torrc
|
|
root@exit:~# cat /etc/tor/torrc
|
|
RunAsDaemon 1
|
|
ControlPort 9051
|
|
CookieAuthentication 1
|
|
ORPort 9001
|
|
Nickname anonymous
|
|
|
|
ExitPolicy accept *:* # Accept exit connections
|
|
ExitPolicy reject private:* # Block private IPv4
|
|
IPv6Exit 1 # Allow IPv6 connections
|
|
ExitPolicy accept6 *:* # Accept IPv6
|
|
ExitPolicy reject6 [FC00::]/7:* # Block private IPv6
|
|
ExitPolicy reject6 [FE80::]/10:* # Block link-local IPv6
|
|
ExitPolicy reject6 [2002::]/16:* # Block 6to4 addresses
|
|
|
|
</code></pre>
|
|
<p>you can also make a stricter tor exit policy like so:</p>
|
|
<pre><code class="nim">
|
|
root@Datura:~# cat /etc/tor/torrc
|
|
RunAsDaemon 1
|
|
ControlPort 9051
|
|
CookieAuthentication 1
|
|
ORPort 9001
|
|
Nickname Datura
|
|
|
|
ExitPolicy accept *:20-21 # FTP
|
|
ExitPolicy accept *:43 # WHOIS
|
|
ExitPolicy accept *:53 # DNS
|
|
ExitPolicy accept *:80-81 # HTTP, HTTP alt.
|
|
ExitPolicy accept *:443 # HTTPS
|
|
ExitPolicy accept *:5222-5223 # XMPP, XMPP over
|
|
ExitPolicy accept *:6667-7000 # IRC
|
|
ExitPolicy accept *:8008 # HTTP alternate
|
|
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
|
|
ExitPolicy accept *:8332-8333 # Bitcoin
|
|
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE, HUSH coin
|
|
ExitPolicy accept *:9418 # git - Git pack transfer service
|
|
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
|
|
ExitPolicy accept *:64738 # Mumble - voice over IP
|
|
ExitPolicy accept *:18080-18081 # Monero
|
|
ExitPolicy reject *:*
|
|
|
|
ExitPolicy reject private:* # Block private IPv4
|
|
IPv6Exit 1 # Allow IPv6 connections
|
|
ExitPolicy accept6 *:* # Accept IPv6
|
|
ExitPolicy reject6 [FC00::]/7:* # Block private IPv6
|
|
ExitPolicy reject6 [FE80::]/10:* # Block link-local IPv6
|
|
ExitPolicy reject6 [2002::]/16:* # Block 6to4 addresses
|
|
|
|
</pre></code>
|
|
<p>And then just restart the tor service to make sure the exit node is active:</p>
|
|
<pre><code class="nim">
|
|
root@exit:~# systemctl restart tor@default
|
|
root@exit:~# systemctl status tor@default
|
|
● tor@default.service - Anonymizing overlay network for TCP
|
|
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; preset: enabled)
|
|
Active: active (running) since Mon 2024-01-29 10:43:02 UTC; 5s ago
|
|
Process: 3852 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS)
|
|
Process: 3853 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
|
|
Main PID: 3855 (tor)
|
|
Tasks: 3 (limit: 19110)
|
|
Memory: 140.1M
|
|
CGroup: /system.slice/system-tor.slice/tor@default.service
|
|
└─3855 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
|
|
|
|
Jan 29 10:43:03 exit Tor[3855]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
|
|
Jan 29 10:43:04 exit Tor[3855]: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
|
|
Jan 29 10:43:04 exit Tor[3855]: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
|
|
Jan 29 10:43:04 exit Tor[3855]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
|
|
Jan 29 10:43:05 exit Tor[3855]: Bootstrapped 100% (done): Done
|
|
Jan 29 10:43:05 exit Tor[3855]: Now checking whether IPv4 ORPort 80.78.22.215:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
|
|
Jan 29 10:43:05 exit Tor[3855]: Now checking whether IPv6 ORPort [2a0a:3840:8078:22:0:504e:16d7:1337]:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
|
|
Jan 29 10:43:06 exit Tor[3855]: Self-testing indicates your ORPort [2a0a:3840:8078:22:0:504e:16d7:1337]:9001 is reachable from the outside. Excellent.
|
|
Jan 29 10:43:06 exit Tor[3855]: Self-testing indicates your ORPort 80.78.22.215:9001 is reachable from the outside. Excellent. Publishing server descriptor.
|
|
Jan 29 10:43:06 exit Tor[3855]: Performing bandwidth self-test...done.
|
|
|
|
root@exit:~# nyx
|
|
|
|
</code></pre>
|
|
<p>Then wait a few hours for the exit node to appear on tor metrics, then you can take the node fingerprint (example 916EDD8E5D61613BBC7B6CCEFB2778AE706786B9) and check it's status on torproject.org <a href="https://metrics.torproject.org/rs.html#search/flag:exit">here</a>.</p>
|
|
<p>After that, you need to wait 2 weeks for the exit node to be fully operational as explained <a href="https://blog.torproject.org/lifecycle-of-a-new-relay/">here</a>.</p>
|
|
<pre><code class="nim">
|
|
"A new relay, assuming it is reliable and has plenty of bandwidth, goes through four phases: the unmeasured phase (days 0-3) where it gets roughly no use, the remote-measurement phase (days 3-8) where load starts to increase, the ramp-up guard phase (days 8-68) where load counterintuitively drops and then rises higher, and the steady-state guard phase (days 68+). "
|
|
|
|
</pre></code>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="anonb">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<h4>Nihilism</h4>
|
|
<p>
|
|
Until there is Nothing left.
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>My Links</h4>
|
|
<p>
|
|
|
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>About nihilist</h4>
|
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<!-- Bootstrap core JavaScript
|
|
================================================== -->
|
|
<!-- Placed at the end of the document so the pages load faster -->
|
|
|
|
</body>
|
|
</html>
|