Open nusenu opened 7 years ago
In general I understand the intention of this feature request. The concern I have is that this means to expose the Tor control port to be reachable from remote locations - which i consider being a security issue.
On the other hand I can imagine a network of onion boxes: Each server that runs a Tor relay runs an onion box as well. This allows to monitor the (local) Tor instance (ToBe: instances) according to the current functionality. On top of that there might be an additional remote box that connects to the other (local) boxes which then displays the stacked / cumulated information of that group of relays.
Might this be a suitable setup to adress this feature request?
In general I understand the intention of this feature request. The concern I have is that this means to expose the Tor control port to be reachable from remote locations - which i consider being a security issue.
I understand your concern, but hidden services support authentication (which ControlPort does not provide itself).
Anyway the actual main use case is a much simpler one (and the implementation of the SOCKS proxy support feature is independent of the actual use case I guess):
An onionbox running behind a tor SOCKS proxy (no direct internet connection available). Onionbox should still be able to connect to onionoo via that SOCKS proxy.
On the other hand I can imagine a network of onion boxes: Each server that runs a Tor relay runs an onion box as well.
For maintenance reasons I would prefer to run a single onionbox instance, no matter how many tor servers or tor instances one runs, instead of running n instances, especially since onionbox is not something that will be installed (and updated) via the OS package manager.
Make theonionbox tor compatible.
Since I haven't found any way to configure theonionbox to use tor for outbound connections (to remote controlports and onionoo) I assume it is not yet supported.
Also make sure that DNS requests are not leaked.
use case behind the request: once #12 is implemented, one could setup a single onionbox that connects to remote controlports via hidden services (that require hidden service authentication on the tor level).