host a .onion site for darwin dot irc dot network

[eklitzke]

Please setup a .onion domain (preferably with a vanity prefix like darwinU5w2kbC6aeKVmeIR.onion) so I can continue to use IRC when the globalists (ICANN) shut down DNS.

[slingamn]

This issue has been selected for development.

The complexity of searching for a 6-character base64 prefix should be about 10¹¹ operations --- probably not worth it?

[slingamn]

Couple of roadblocks:

1. The Debian Tor packages are locked down very tightly with apparmor, so tor can't connect to the socket at /tmp/oragono. (The connection failure did not produce an audit logline; this was a source of great puzzlement.) Switching to loopback TCP fixed it, but it would be preferable to rewrite the apparmor profile to allow this access.
2. Oragono sees Tor clients as coming from 127.0.0.1. This is problematic in terms of anti-abuse protections, since 127.0.0.0/8 is whitelisted from connection limits and throttling. One option would be to insert an additional layer that issues a PROXY line, describing these clients as coming from a fictional IP in, e.g., 10.0.0.0/8.

[slingamn]

It's worth considering HiddenServiceSingleHopMode as an option for this (since the IP of the server is public information).

[slingamn]

https://github.com/oragono/oragono/issues/369

[slingamn]

This is up now, but the circuits don't seem to stay open for more than a couple minutes, even with regular traffic:

Host:     v7k2huxf5b353zgo7zgoo5tapsf6lkarcykkn7qdgx3kwugw4syzihqd.onion
Port:     6667
SSL/TLS:  false
Password: smellyoulater
Channel:  #darwin

[slingamn]

The circuit lifetime issue is (to my considerable surprise) a bug in Tor: https://bugs.torproject.org/29665

Workarounds:

1. Disable HiddenServiceSingleHopMode (this likely requires changing the address)
2. Modify Oragono to send Tor clients a PING every 30 or 45 seconds (the bug is triggered after 60 seconds of inactivity)

[slingamn]

Option 2 was implemented in oragono/oragono#441, which seems to have fixed things. This is done.