From ddad19861ac8fbf84ed1cfa835081ac0e448f175 Mon Sep 17 00:00:00 2001 From: Jonathan Cross Date: Tue, 17 Dec 2019 21:02:12 +0100 Subject: [PATCH] Adding tor_wallet user guide. (Connecting your local wallet to your own daemon over Tor) --- _i18n/ar.yml | 1 + _i18n/ar/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/de.yml | 1 + _i18n/de/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/en.yml | 1 + _i18n/en/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/es.yml | 1 + _i18n/es/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/fr.yml | 1 + _i18n/fr/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/it.yml | 1 + _i18n/it/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/nl.yml | 1 + _i18n/nl/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/pl.yml | 1 + _i18n/pl/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/pt-br.yml | 1 + .../pt-br/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/ru.yml | 1 + _i18n/ru/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/tr.yml | 1 + _i18n/tr/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/zh-cn.yml | 1 + .../zh-cn/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ _i18n/zh-tw.yml | 1 + .../zh-tw/resources/user-guides/tor_wallet.md | 86 +++++++++++++++++++ resources/user-guides/index.md | 1 + resources/user-guides/tor_wallet.md | 13 +++ 28 files changed, 1145 insertions(+) create mode 100644 _i18n/ar/resources/user-guides/tor_wallet.md create mode 100644 _i18n/de/resources/user-guides/tor_wallet.md create mode 100644 _i18n/en/resources/user-guides/tor_wallet.md create mode 100644 _i18n/es/resources/user-guides/tor_wallet.md create mode 100644 _i18n/fr/resources/user-guides/tor_wallet.md create mode 100644 _i18n/it/resources/user-guides/tor_wallet.md create mode 100644 _i18n/nl/resources/user-guides/tor_wallet.md create mode 100644 _i18n/pl/resources/user-guides/tor_wallet.md create mode 100644 _i18n/pt-br/resources/user-guides/tor_wallet.md create mode 100644 _i18n/ru/resources/user-guides/tor_wallet.md create mode 100644 _i18n/tr/resources/user-guides/tor_wallet.md create mode 100644 _i18n/zh-cn/resources/user-guides/tor_wallet.md create mode 100644 _i18n/zh-tw/resources/user-guides/tor_wallet.md create mode 100644 resources/user-guides/tor_wallet.md diff --git a/_i18n/ar.yml b/_i18n/ar.yml index 45148dbe..bd7caee7 100644 --- a/_i18n/ar.yml +++ b/_i18n/ar.yml @@ -481,6 +481,7 @@ user-guides: nicehash: How to mine Monero XMR without a mining equipment ledger-wallet-cli: How to generate a Ledger Monero wallet with the CLI (monero-wallet-cli) multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/ar/resources/user-guides/tor_wallet.md b/_i18n/ar/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/ar/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/de.yml b/_i18n/de.yml index 31b224d1..51e1ed34 100644 --- a/_i18n/de.yml +++ b/_i18n/de.yml @@ -482,6 +482,7 @@ user-guides: nicehash: Monero (XMR) ohne spezielle Hardware minen ledger-wallet-cli: Eine Wallet mit Ledger erstellen (Befehlszeile) multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/de/resources/user-guides/tor_wallet.md b/_i18n/de/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/de/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/en.yml b/_i18n/en.yml index acea81b0..8197c4e5 100644 --- a/_i18n/en.yml +++ b/_i18n/en.yml @@ -486,6 +486,7 @@ user-guides: nicehash: How to mine Monero XMR without a mining equipment ledger-wallet-cli: How to generate a Ledger Monero wallet with the CLI (monero-wallet-cli) multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/en/resources/user-guides/tor_wallet.md b/_i18n/en/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..0c57495c --- /dev/null +++ b/_i18n/en/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="true" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/es.yml b/_i18n/es.yml index 32777667..69673241 100644 --- a/_i18n/es.yml +++ b/_i18n/es.yml @@ -482,6 +482,7 @@ user-guides: nicehash: Cómo minar Monero XMR sin un equipo de minado ledger-wallet-cli: Cómo generar un monedero Ledger Monero con la consola de comandos (monero-wallet-cli) multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "Yes" diff --git a/_i18n/es/resources/user-guides/tor_wallet.md b/_i18n/es/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/es/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/fr.yml b/_i18n/fr.yml index 71d0a4a2..eb485681 100644 --- a/_i18n/fr.yml +++ b/_i18n/fr.yml @@ -484,6 +484,7 @@ user-guides: nicehash: Comment miner Monero sans équipement d'extraction minière ledger-wallet-cli: Comment générer un portefeuille Monero Ledger avec la CLI (monero-wallet-cli) multisig-messaging-system: Transactions multi-signatures avec MMS et le portefeuille CLI + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/fr/resources/user-guides/tor_wallet.md b/_i18n/fr/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/fr/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/it.yml b/_i18n/it.yml index a9aeba91..49b85ce4 100644 --- a/_i18n/it.yml +++ b/_i18n/it.yml @@ -481,6 +481,7 @@ user-guides: nicehash: Come minare Monero XMR senza equipaggimento per minatori ledger-wallet-cli: Come generare un portafoglio Leger Monero con la CLI (monero-wallet-cli) multisig-messaging-system: Transazione multifirma con MMS e portafoglio CLI + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/it/resources/user-guides/tor_wallet.md b/_i18n/it/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/it/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/nl.yml b/_i18n/nl.yml index 0b48bcd8..cf927692 100644 --- a/_i18n/nl.yml +++ b/_i18n/nl.yml @@ -483,6 +483,7 @@ user-guides: nicehash: Monero (XMR) minen zonder miningapparatuur ledger-wallet-cli: Een Monero-portemonnee op een Ledger maken met de opdrachtregel (monero-wallet-cli) multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/nl/resources/user-guides/tor_wallet.md b/_i18n/nl/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/nl/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/pl.yml b/_i18n/pl.yml index 01a919bc..ee924e2d 100644 --- a/_i18n/pl.yml +++ b/_i18n/pl.yml @@ -483,6 +483,7 @@ user-guides: nicehash: Jak wydobywać Monero (XMR) bez sprzętu wydobywczego ledger-wallet-cli: How to generate a Ledger Monero wallet with the CLI (monero-wallet-cli) multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/pl/resources/user-guides/tor_wallet.md b/_i18n/pl/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/pl/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/pt-br.yml b/_i18n/pt-br.yml index ba3edcae..1b253d0a 100644 --- a/_i18n/pt-br.yml +++ b/_i18n/pt-br.yml @@ -482,6 +482,7 @@ user-guides: nicehash: Como minerar Monero XMR sem equipamento de mineração ledger-wallet-cli: Como criar uma carteira Monero na Ledger usando o CLI (monero-wallet-cli) multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/pt-br/resources/user-guides/tor_wallet.md b/_i18n/pt-br/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/pt-br/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/ru.yml b/_i18n/ru.yml index a9af4806..f3a88082 100644 --- a/_i18n/ru.yml +++ b/_i18n/ru.yml @@ -474,6 +474,7 @@ user-guides: nicehash: Как заниматься майнингом Monero, не имея оборудования для майнинга ledger-wallet-cli: Как создать Ledger Monero кошелек с помощью CLI (monero-wallet-cli) multisig-messaging-system: Multisig-транзакции с MMS и CLI кошельком + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/ru/resources/user-guides/tor_wallet.md b/_i18n/ru/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/ru/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/tr.yml b/_i18n/tr.yml index 56d6a996..abc43b86 100644 --- a/_i18n/tr.yml +++ b/_i18n/tr.yml @@ -482,6 +482,7 @@ user-guides: nicehash: Madencilik ekipmanı olmadan Monero XMR madenciliği yapımı ledger-wallet-cli: CLI (monero-wallet-cli) ile Ledger Monero cüzdanı üretimi multisig-messaging-system: MMS ve CLI cüzdanla çoklu-imza işlemleri + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/tr/resources/user-guides/tor_wallet.md b/_i18n/tr/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/tr/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/zh-cn.yml b/_i18n/zh-cn.yml index 92b821d4..983d68b9 100644 --- a/_i18n/zh-cn.yml +++ b/_i18n/zh-cn.yml @@ -481,6 +481,7 @@ user-guides: nicehash: 如何在没有挖矿设备的情况下挖掘门罗币 ledger-wallet-cli: 如何用命令行钱包(CLI)制作一个Ledger硬件钱包的门罗币钱包 multisig-messaging-system: Multisig transactions with MMS and CLI wallet + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/zh-cn/resources/user-guides/tor_wallet.md b/_i18n/zh-cn/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/zh-cn/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/_i18n/zh-tw.yml b/_i18n/zh-tw.yml index 6f5f7631..b1ed224b 100644 --- a/_i18n/zh-tw.yml +++ b/_i18n/zh-tw.yml @@ -482,6 +482,7 @@ user-guides: nicehash: 如何在不使用挖礦裝置的情況下挖取門羅幣 ledger-wallet-cli: 如何使用 CLI 錢包產生 Ledger 錢包 (monero-wallet-cli) multisig-messaging-system: 如何使用 MMS 與 CLI 錢包進行多重簽名交易 + tor_wallet: Connecting your local wallet to your own daemon over Tor roadmap: translated: "yes" diff --git a/_i18n/zh-tw/resources/user-guides/tor_wallet.md b/_i18n/zh-tw/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..aa44ff4f --- /dev/null +++ b/_i18n/zh-tw/resources/user-guides/tor_wallet.md @@ -0,0 +1,86 @@ +{% assign version = '1.1.0' | split: '.' %} +{% include disclaimer.html translated="false" version=page.version %} + +Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (`monerod`) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. [Monerujo](https://www.monerujo.io/) should also work via [Orbot](https://guardianproject.info/apps/org.torproject.android/). Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero `v0.15.0.1` connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2). + +## Create a Tor hidden service for RPC + +Make sure [Tor is installed](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) and running correctly, then proceed. + +We only need to configure the RPC server to run as a hidden service here on port `18081`. + +File: `/etc/torrc` + +``` +HiddenServiceDir /var/lib/tor/monero-service/ +HiddenServicePort 18081 127.0.0.1:18081 +``` +Restart Tor: +``` +sudo systemctl restart tor@default +``` + +Make sure Tor started correctly: +``` +sudo systemctl status tor@default.service +``` + +If everything looks good, make a note of the hidden service (onion address) name: +``` +sudo cat /var/lib/tor/monero-service/hostname +``` +It will be something like 4dcj312uxag2r6ye.onion -- use this for `HIDDEN_SERVICE` below. + +### Configure Daemon to allow RPC + +In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed. + +File: `~/.bitmonero/bitmonero.conf` (in the home directory of the Monero user) + +``` +no-igd=1 +restricted-rpc=1 +rpc-login=USERNAME:PASSWORD +``` +(Make up a USERNAME and PASSWORD to use for RPC) + +Restart the Daemon: `monerod stop_daemon; sleep 10; monerod --detach` + +Make sure the daemon started correctly: +``` +tail -f ~/.bitmonero/bitmonero.log +``` + +## Connecting to your node from a local wallet + +Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon. + +Then test a simple RPC command, eg: +``` +curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json' +``` +Replace `USERNAME`, `PASSWORD`, and `HIDDEN_SERVICE` with values from above. Change `9150` to another port if needed by your local Tor daemon. + +When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a ` -v ` to the beginning and try to debug why it's not connecting, check firewalls, password, etc. + +Once it is working, you can connect using your cli wallet: +``` +./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET +``` +Replace values above as needed. + +## GUI + +If you are interested in experimenting with the GUI over Tor, you can try `torsocks` (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI: +``` +torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui +``` + +This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address". + +In future versions of the GUI, we expect to add direct Tor / I2P support so that `torsocks` + commandline are not needed. + +# Additional resources + +* [ANONYMITY_NETWORKS.md](https://github.com/monero-project/monero/blob/master/ANONYMITY_NETWORKS.md) +* [Using Tor](https://github.com/monero-project/monero#using-tor) (Monero README) diff --git a/resources/user-guides/index.md b/resources/user-guides/index.md index 80fe0078..b6a9f4f9 100644 --- a/resources/user-guides/index.md +++ b/resources/user-guides/index.md @@ -63,6 +63,7 @@ title: titles.userguides

{% t user-guides.prove-payment %}

{% t user-guides.ledger-wallet-cli %}

{% t user-guides.multisig-messaging-system %}

+

{% t user-guides.tor_wallet %}

diff --git a/resources/user-guides/tor_wallet.md b/resources/user-guides/tor_wallet.md new file mode 100644 index 00000000..b603ce11 --- /dev/null +++ b/resources/user-guides/tor_wallet.md @@ -0,0 +1,13 @@ +--- +layout: user-guide +title: "Connecting your local wallet to your own daemon over Tor" +permalink: /resources/user-guides/tor_wallet.html +mainVersion: + - "1" + - "1" + - "0" +--- + +{% t global.lang_tag %} +

{% t user-guides.tor_wallet %}

+{% tf resources/user-guides/tor_wallet.md %}