search

ralphwetzel / theonionbox

Dashboard to monitor Tor node operations
MIT License
122 stars 17 forks source link

feature request: add support for SOCKSPort for outbound connections #14

Open nusenu opened 7 years ago

nusenu commented 7 years ago

Make theonionbox tor compatible.

Since I haven't found any way to configure theonionbox to use tor for outbound connections (to remote controlports and onionoo) I assume it is not yet supported.

Also make sure that DNS requests are not leaked.

use case behind the request: once #12 is implemented, one could setup a single onionbox that connects to remote controlports via hidden services (that require hidden service authentication on the tor level).

ralphwetzel commented 7 years ago

In general I understand the intention of this feature request. The concern I have is that this means to expose the Tor control port to be reachable from remote locations - which i consider being a security issue.

On the other hand I can imagine a network of onion boxes: Each server that runs a Tor relay runs an onion box as well. This allows to monitor the (local) Tor instance (ToBe: instances) according to the current functionality. On top of that there might be an additional remote box that connects to the other (local) boxes which then displays the stacked / cumulated information of that group of relays.

Might this be a suitable setup to adress this feature request?

nusenu commented 7 years ago

In general I understand the intention of this feature request. The concern I have is that this means to expose the Tor control port to be reachable from remote locations - which i consider being a security issue.

I understand your concern, but hidden services support authentication (which ControlPort does not provide itself).

Anyway the actual main use case is a much simpler one (and the implementation of the SOCKS proxy support feature is independent of the actual use case I guess):

An onionbox running behind a tor SOCKS proxy (no direct internet connection available). Onionbox should still be able to connect to onionoo via that SOCKS proxy.

On the other hand I can imagine a network of onion boxes: Each server that runs a Tor relay runs an onion box as well.

For maintenance reasons I would prefer to run a single onionbox instance, no matter how many tor servers or tor instances one runs, instead of running n instances, especially since onionbox is not something that will be installed (and updated) via the OS package manager.