monero-site/_i18n/en/resources/user-guides/tor_wallet.md
erciccione 4e5143db60
Simplify versioning system for user guides
This new approach doesn't require version numbers and make easier for contributors to understand the status
of the document. There are only 3 states:

- Outdated: The page is outdated and might not work as expected
- Untranslated: The page needs to be translated
- Translation outdated: The page is translated, but the original (English) document has been updated

To mark a guide as outdated, we change the boolean of the front matter entry 'outdated' in /resources/user-guides/GUIDE.
If 'False', the guide is updated. If 'True' all versions of the guide (English included) will show a warning at the bottom
of the page.

The other 2 states are related to the status of the translated pages and we control them from the language-specific
user guides: /_i18n/LANG/resources/user-guides/GUIDE. At the top of the page a snippet will include 2 parameters:

- translated: "yes" if the page is translated, "no" if it's not.
- translationOutdated: "yes" if the translation is outdated, "no" if it's not

This new system aims to be simpler than the precedent, avoiding to compare versioning numbers and using a higher level
system instead (yes, no, True, False). I also removed the middle way status 'only minor changes', because if there are
only minor changes that don't affect the usability of the guide, we don't need to point it out.

The old system was complex and people didn't use it. These changes will hopefully make things easier for translators and
other contributors.
2020-05-31 09:23:16 +02:00

4.3 KiB

{% include disclaimer.html translated="no" translationOutdated="no" %}

Below we'll show an example configuration that allows you to run a Monero daemon (eg on a home server or VPS) that you can connect to from another computer running your wallet. We do this over the Tor anonymity network to retrieve the transaction information needed by your wallet. The benefit of this approach is that the daemon (monerod) can stay on all of the time sending / receiving blocks, while the wallet can connect when needed and have access to the full blockchain. Monerujo should also work via Orbot. Because Tor hidden services provide encryption and authentication, you can be confident that your RPC credentials will not be sent in the clear. Tor also solves problems often seen on home servers related to port-forwarding, IP addresses changing, etc -- it just works. This setup will also obfuscate the fact that you are connecting to a remote Monero node. Tested with Monero v0.15.0.1 connecting a Mac laptop wallet to a remote Linux node (Ubuntu 18.04.2).

Create a Tor hidden service for RPC

Make sure Tor is installed and running correctly, then proceed.

We only need to configure the RPC server to run as a hidden service here on port 18081.

File: /etc/torrc

HiddenServiceDir /var/lib/tor/monero-service/
HiddenServicePort 18081 127.0.0.1:18081

Restart Tor:

sudo systemctl restart tor@default

Make sure Tor started correctly:

sudo systemctl status tor@default.service

If everything looks good, make a note of the hidden service (onion address) name:

sudo cat /var/lib/tor/monero-service/hostname

It will be something like 4dcj312uxag2r6ye.onion -- use this for HIDDEN_SERVICE below.

Configure Daemon to allow RPC

In this example, we don't use Tor for interacting with the p2p network, just to connect to the monero node, so only RPC hidden service is needed.

File: ~/.bitmonero/bitmonero.conf (in the home directory of the Monero user)

no-igd=1
restricted-rpc=1
rpc-login=USERNAME:PASSWORD

(Make up a USERNAME and PASSWORD to use for RPC)

Restart the Daemon: monerod stop_daemon; sleep 10; monerod --detach

Make sure the daemon started correctly:

tail -f ~/.bitmonero/bitmonero.log

Connecting to your node from a local wallet

Make sure you have Tor running locally so you can connect to the Tor network. One simple way on the Mac is to just start the Tor browser and use its Tor daemon.

Then test a simple RPC command, eg:

curl --socks5-hostname 127.0.0.1:9150 -u USERNAME:PASSWORD --digest -X POST http://HIDDEN_SERVICE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json'

Replace USERNAME, PASSWORD, and HIDDEN_SERVICE with values from above. Change 9150 to another port if needed by your local Tor daemon.

When you execute the command, you should get some info about the remote daemon if everything is working correctly. If not, add a -v to the beginning and try to debug why it's not connecting, check firewalls, password, etc.

Once it is working, you can connect using your cli wallet:

./monero-wallet-cli --proxy 127.0.0.1:9150 --daemon-host HIDDEN_SERVICE.onion --trusted-daemon --daemon-login USERNAME:PASSWORD --wallet-file ~/PATH/TO/YOUR/WALLET

Replace values above as needed.

GUI

If you are interested in experimenting with the GUI over Tor, you can try torsocks (note this may leak info -- do not rely on it if your life depends on maintaining anonymity). Here is an example on MacOS, adjust as needed for the Linux GUI:

torsocks --port 9150 /Applications/monero-wallet-gui.app/Contents/MacOS/monero-wallet-gui

This will allow the GUI to communicate with the Tor network. Once the GUI is open and a wallet loaded, you must configure it to connect to your Tor hidden service by adding your onion address to: "Settings > Node > Remote node > Address".

In future versions of the GUI, we expect to add direct Tor / I2P support so that torsocks + commandline are not needed.

Additional resources