new syncthing tutorial

This commit is contained in:
nihilist 2024-11-23 11:44:24 +01:00
parent dc39c9bcf8
commit a13c1965de
16 changed files with 261 additions and 1 deletions

View File

@ -190,7 +190,7 @@
<p>💻 File Sharing</p> <p>💻 File Sharing</p>
<ol> <ol>
<li><a href="onionshare/index.html">✅ How to send small files Anonymously (Onionshare)</a></li> <li><a href="onionshare/index.html">✅ How to send small files Anonymously (Onionshare)</a></li>
<li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/16"> One on One large file sharing (Syncthing over Tor)</a></li> <li><a href="syncthinganon/index.html"> One on One large file sharing (Syncthing over Tor)</a></li>
<li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/17">❌ P2P large file sharing (Torrents over Tor)</a></li> <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/17">❌ P2P large file sharing (Torrents over Tor)</a></li>
</ol></br> </ol></br>

View File

@ -89,6 +89,7 @@
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>Clearnet Setup</b></h2> </br> </br> <h2><b>Clearnet Setup</b></h2> </br> </br>
<p>Now if you are interested in helping me get the word accross, you can run the blog yourself like so:</p>
<p>On a debian server (VPS or not), install the following packages:</p> <p>On a debian server (VPS or not), install the following packages:</p>
<pre><code class="nim"> <pre><code class="nim">
[ Datura ] [ /dev/pts/23 ] [~] [ Datura ] [ /dev/pts/23 ] [~]
@ -365,6 +366,7 @@ server {
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>Setting up Collaboration</b></h2> </br> </br> <h2><b>Setting up Collaboration</b></h2> </br> </br>
<p>Now if you want to make sure the blog content keeps growing, you'll need to either write your own blogposts in it or setup collaboration:</p>
<p>Now in order to make sure you can welcome external contributions, you need at least to be able to have a gitea instance like the one i have at <a href="https://git.nowhere.moe/">https://git.nowhere.moe</a>:</p> <p>Now in order to make sure you can welcome external contributions, you need at least to be able to have a gitea instance like the one i have at <a href="https://git.nowhere.moe/">https://git.nowhere.moe</a>:</p>
<img src="4.png" class="imgRz"> <img src="4.png" class="imgRz">
@ -412,6 +414,7 @@ server {
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>Setting up a Mirror List</b></h2> </br> </br> <h2><b>Setting up a Mirror List</b></h2> </br> </br>
<p>And then to make sure the nihilism blog remains resistant to takedowns, you can update the mirrors.txt file:</p>
<p>Now in order to give people a list of all the backup blog mirrors in one go, to make it simple i recommend just listing them manually in a textfile that you update on a monthly basis:</p> <p>Now in order to give people a list of all the backup blog mirrors in one go, to make it simple i recommend just listing them manually in a textfile that you update on a monthly basis:</p>
<pre><code class="nim"> <pre><code class="nim">
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog] [ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]

BIN
opsec/syncthinganon/1.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 80 KiB

BIN
opsec/syncthinganon/10.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 36 KiB

BIN
opsec/syncthinganon/11.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 64 KiB

BIN
opsec/syncthinganon/2.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB

BIN
opsec/syncthinganon/3.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

BIN
opsec/syncthinganon/4.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 64 KiB

BIN
opsec/syncthinganon/5.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 16 KiB

BIN
opsec/syncthinganon/6.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 56 KiB

BIN
opsec/syncthinganon/7.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

BIN
opsec/syncthinganon/8.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 61 KiB

BIN
opsec/syncthinganon/9.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 54 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

View File

@ -0,0 +1,257 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>One on One large file sharing (Syncthing over Tor)</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>Prism_Breaker</ba></p>
<h1>One on One large file sharing (Syncthing over Tor)</h1>
<p>Onionshare is a good choice when you want to share small files over tor. But onionshare cannot handle big files, because when tor circuit fails (which is quite common in Tor) your download simply fails, and it does not support resuming the download at where it previously failed. Syncthing is a better alternative if you want to share large files over tor, it does not need any setup or hosting, and it will automatically retry at break point when network fails.</p>
<p>Syncthing is FOSS software and has E2EE by default, and can run it without requiring a VPS. This means you can just spin up syncthing client from your whonix workstation directly, and your data will be encrypted and sent through public syncthing nodes. If you have a threat model that needs a way to reliably share files with minimum exposure, this setup suits the need.</p>
<p>Syncthing has its own relays for supporting transmission of files between peers which are both behind the nat, and it works when both parties are behind tor. This allows us to guarantee the anonymity of both parties.</p>
<p><h2><u>OPSEC Recommendations:</u></h2></p>
<ol>
<li><p>Hardware : (Personal Computer / Laptop)</p></li>
<li><p>Host OS: <a href="../linux/index.html">Linux</a> (Or Qubes OS)</p></li>
<li><p>Hypervisor: <a href="../hypervisorsetup/index.html">libvirtd QEMU/KVM</a> (Or Qubes OS's Xen)</p></li>
<li><p>Virtual Machine: <a href="../whonixqemuvms/index.html">Whonix</a></p></li>
</ol>
<p>
It is highly recommended to use whonix for this setup, because there are always cases that an app might not honor your proxy setting and somehow tries to connect to the syncthing relay directly without going through Tor. It is always a good idea to put any anonymous use app in a whonix workstation, so your clearnet ip doesn't get revealed.
</p>
<p></p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
<p>The first thing to do is to get syncthing to your whonix workstation.</p>
<p>For simplicity you can just do</p>
<pre><code class="nim">sudo apt-get install syncthing -y
</code></pre>
<p>If apt does not contain the up to date package, then you need to get it from the <a href="https://syncthing.net/downloads/">syncthing website</a></p>
<img src="1.png" class="imgRz">
<p>Next verify the sha256sum according to <a href="https://syncthing.net/security/">https://syncthing.net/security/</a></p>
<pre><code class="nim">curl -s https://syncthing.net/release-key.txt | gpg --import
</code></pre>
<p>Check the gpg fingerprint, it should be like this</p>
<pre><code class="nim">
gpg --fingerprint
/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa2048/0xD26E6ED000654A3E 2014-12-29 [SC]
Key fingerprint = 37C8 4554 E7E0 A261 E4F7 6E1E D26E 6ED0 0065 4A3E
uid [ unknown] Syncthing Release Management <release@syncthing.net>
sub rsa2048/0x681C3CFCF614F575 2014-12-29 [E]
</code></pre>
<p>Then download verify the checksum file, and check the checksum to see if it matches</p>
<pre><code class="nim">
$ curl -sLO https://github.com/syncthing/syncthing/releases/download/v1.23.6/sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc
gpg: Signature made Mo 03 Jul 2023 10:09:30 UTC
gpg: using RSA key D26E6ED000654A3E
gpg: Good signature from "Syncthing Release Management <release@syncthing.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
$ sha256sum -c sha256sum.txt.asc
...
sha256sum: syncthing-linux-386-v1.23.6.tar.gz: No such file or directory
syncthing-linux-386-v1.23.6.tar.gz: FAILED open or read
<b>syncthing-linux-amd64-v1.23.6.tar.gz: OK</b>
sha256sum: syncthing-linux-armv5-v1.23.6.tar.gz: No such file or directory
syncthing-linux-armv5-v1.23.6.tar.gz: FAILED open or read
...
sha256sum: WARNING: 14 lines are improperly formatted
sha256sum: WARNING: 35 listed files could not be read
</code></pre>
<p>Next you need to do some changes in the tor browser, so you can access the web panel that is running on localhost (127.0.0.1), type <b>about:config</b> inside the address bar, accept the risk and continue:</p>
<img src="2.png" class="imgRz">
<p>search for no_proxies_on in the search bar, and add 127.0.0.1 to it</p>
<img src="3.png" class="imgRz">
<p>Editing your tor browser is fine if you are just using it to access local syncthing instance, but you should revert the change if you want to access the internet. Changing tor config might bring some unexpected browser fingerprint issue. You should get a separate whonix vm if paranoid.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>How to setup syncthing</b></h2> </br> </br>
<p>Next decompress the syncthing pack and execute it</p>
<pre><code class="nim">
$ tar xvf syncthing-linux-amd64-v1.28.0.tar.gz
$ cd syncthing-linux-amd64-v1.28.0/
$ ./syncthing
</code></pre>
<p>If you have setup your tor browser correctly it should automatically redirect you to http://127.0.0.1:8384/ and you will see the web panel</p>
<p>Next thing to do is to find your client id, it is in the actions menu</p>
<img src="4.png" class="imgRz">
<p></p>
<img src="5.png" class="imgRz">
<p>Next exchange this id with people you are sharing file with</p>
<p>After that add each other in both clients in the remote device section, if nothing goes wrong you should be able to see each other in the remote device section showed as "connected"</p>
<img src="6.png" class="imgRz">
<p></p>
<img src="7.png" class="imgRz">
<p></p>
<img src="8.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>How to sync files anonymously</b></h2> </br> </br>
<p>After the previous setup, you can share the file you want. <b>But be aware tor traffic has low bandwidth, that is the price of online Anonymity</b>! Because if both parties are behind tor, your file goes through a circuit like this: </p>
<img src="Syncthing_circuit.jpg" class="imgRz">
<p>I personally tried this setup, <b>to send a 10GB file it took me 4 hours 30 minutes to send it</b>, which is normal due to the Tor network being slow, you'll need to be patient when you are trying to send large files over Tor.</p>
<p>You and your peer will only see the relay server's ip address, unlike the vpn setup which will expose the vpn ip you are using, which you can check <a href=../syncthingvpn/index.html">here</a></p>
<p>You peer also won't know you are using tor if you do not tell him</p>
<img src="remote_node.png" class="imgRz">
<p>Choose add folder to create a new sharing Folder, and choose to share this folder with your peer</p>
<img src="9.png" class="imgRz">
<p></p>
<img src="10.png" class="imgRz">
<p>If nothing goes wrong, the receiver should see this</p>
<img src="11.png" class="imgRz">
<p>Agree and add the folder, after that syncthing will automatically transmit the files</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>PrismBreaker</h4>
<p>
Shatter the big brother.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About Prism Breaker</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh</p></br><p><u>Contact:</u> prismbreaker@waifu.club (<a href="https://keys.openpgp.org/vks/v1/by-fingerprint/735816B2B9E6F4660ECE44D983E602C4B6EA6AEE">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB