Not anonymous!

Documentation for this entry is incomplete. Contributions are happily considered!

Introduction[edit]

It is possible to make Tor on a server using a single Tor hop (only one Tor relay instead of three) by using Tor configuration options HiddenServiceNonAnonymousMode 1, HiddenServiceSingleHopMode 1. This is non-anonymous but faster. Server should use Onions Services Authentication. The advantage of this is to have a server which is:

reachable (for users having access to Tor) for NAT traversal, i.e. it works behind common NAT routers.
capable to secure inherently insecure protocols (such as VNC) by using the encryption / authentication provided by Tor Onion Services

Independently, if clients prefer speed over anonymity, they can configure Tor in Tor2Web mode, which means outgoing Tor circuits will have a length of one rather than three.

These two options combined reduce a 6 hop Tor connection to a 2 hop Tor connection. It's not anonymous, but providing NAT traversal as well as onion encryption / authentication.

https://forums.whonix.org/t/should-we-use-hiddenservicesinglehopmode-for-whonix-org-server

Server Side[edit]

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q") → Whonix-Gateway ™ ProxyVM (commonly named sys-whonix) → Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start Menu → Applications → Settings → /usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway ™, complete the following steps.

sudo nano /usr/local/etc/torrc.d/50_user.conf

Add.

HiddenServiceNonAnonymousMode 1 HiddenServiceSingleHopMode 1 SocksPort 0 HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 22 127.0.0.1:22 HiddenServicePort 5900 127.0.0.1:5900 HiddenServiceVersion 3 ## syntax: ## HiddenServiceAuthorizeClient auth-type client-name,client-name,… ## The auth-type can either be 'basic' for a general-purpose authorization protocol or 'stealth' for a less scalable protocol that also hides service activity from unauthorized clients. ## Valid client names are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no spaces). HiddenServiceAuthorizeClient stealth 1234567890123456

Save and exit.

Client Side[edit]

Update the package lists.

sudo apt update

Install Tor's build dependencies.

sudo apt build-dep tor

^[1]

Create directory ~/tor-src.

mkdir ~/tor-src

Change directory to ~/tor-src.

cd tor-src

Download the Tor source package.

apt source tor

Change directory to Tor source directory.

cd tor-*/

Open file debian/rules in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run.

mousepad debian/rules

If you are using a terminal, run.

nano debian/rules

Change:

dh_auto_configure \ $(confflags) \ --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --localstatedir=/var \ --sysconfdir=/etc \ --disable-silent-rules \ --enable-gcc-warnings-advisory

To:

dh_auto_configure \ $(confflags) \ --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --localstatedir=/var \ --sysconfdir=/etc \ --disable-silent-rules \ --enable-gcc-warnings-advisory \ --enable-tor2web-mode

Open file src/or/config.c in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run.

mousepad src/or/config.c

If you are using a terminal, run.

nano src/or/config.c

Change

V(Tor2webMode, BOOL, "0"),

To

V(Tor2webMode, BOOL, "1"),

Build the Tor package.

debuild

^[2]

Footnotes[edit]

Whonix ™ The most watertight privacy operating system in the world.

Donate

FREE · PLUS · PREMIUM Support

At Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software. Learn more.

Whonix ™ is supported by Evolution Host DDoS Protected VPS.

Whonix is the most watertight privacy operating system in the world

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole. By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service , Privacy Policy , Cookie Policy , E-Sign Consent , DMCA , Imprint Whonix ™ © ENCRYPTED SUPPORT LP, 2022

Want to make Whonix ™ safer and more usable? We're looking for helping hands. Check out the Open Issues and development forum.

↑
sudo apt install zlib1g-dev libevent-dev asciidoc xmlto libsystemd-dev
↑
- https://github.com/globaleaks/Tor2web/wiki/Installation-Guide
- https://github.com/globaleaks/Tor2web/issues/327

[1] 
sudo apt install zlib1g-dev libevent-dev asciidoc xmlto libsystemd-dev

[2] 
https://github.com/globaleaks/Tor2web/wiki/Installation-Guide

https://github.com/globaleaks/Tor2web/issues/327

[3] ttps://github.com/globaleaks/Tor2web/wiki/Installation-Guide

[4] ttps://github.com/globaleaks/Tor2web/issues/327

[1]

[2]

Non Anonymous Onion Encryption and NAT Traversal

Contents

Introduction[edit]

Server Side[edit]

Client Side[edit]

Footnotes[edit]

Navigation menu

Non Anonymous Onion Encryption and NAT Traversal

Introduction[edit]

Server Side[edit]

Client Side[edit]

Footnotes[edit]

Navigation menu

Search