search

hundehausen / monero-suite

Build your personal docker-compose.yml file for Monero services.
https://monerosuite.org
31 stars 7 forks source link

P2P over tor #8

Open Unkn8wn69 opened 9 months ago

Unkn8wn69 commented 9 months ago

Hey, I wanted to suggest an addition to monerosuite that is quite crucial. When tor is enabled the config doesn't add anonymous-inbound parameter, which tells monero to let other nodes to sync over tor. This is a very important thing in monero since we want as many nodes to also do p2p over tor and not only have their RPC relayed via a hidden service. Via this measure more nodes will be doing p2p over tor, so in case monero gets banned in some country it is still resilient through onion nodes.

anonymous-inbound=$ONION:18084,127.0.0.1:18084,64

Should be added.

And for the tx-proxy its recommended to pass the flag disable_noise:

--tx-proxy=tor,127.0.0.1:9150,16,disable_noise

SamsungGalaxyPlayer commented 9 months ago

Is disable_noise still recommended?

Unkn8wn69 commented 9 months ago

Is disable_noise still recommended?

If you already use tor, dandelion is kind of pointless. It'll also speed up the broadcast.

SamsungGalaxyPlayer commented 9 months ago

It's more efficient to disable noise, but it's my understanding that it also makes it easier to see when you're sending transactions over Tor. I might be mistaken though; it's been a while since I investigated this. CC @vtnerd

vtnerd commented 9 months ago

If Tor/I2P is being used exclusively for sending transactions, an ISP spy only has to filter out 1 p2p message type via packet timing analysis to identify when your node is sending a transaction. If --proxy is used, an ISP spy has to filter out block notifications too, but realistically this probably isn't too difficult. I did a packet capture to see how difficult this would be, and it seemed plausible, but I also never wrote software to test my thesis on the difficulty.

If Tor/I2P is being used for other unrelated traffic (web, etc), it likely is too complicated to filter out transaction messages.

hundehausen commented 8 months ago

Hey everybody, thank you for discussing this topic. anonymous-inbound would make sense to set, but I don't know how I could get the address into the docker-compose file, before the tor-proxy container started the first time and created the onion address. Any ideas on how to achieve this, so even beginner users can handle this?