Tor node not accessible on local network without modification

[ChiefGyk3D]

The current implementation of the Tor XMR node requires you connect over a torified wallet, but if you're accessing it on the local network only this should be an option to have it bind to the local device IP rather than the onion link. I tested it and so far it works wonderfully. I understand the torified wallet also allows for accessing it outside of the local network, but not everyone needs that or wants that enabled so I believe it should be made as an option within the Tor version.

[shermand100]

It's good to get feedback to try and perfect this.

Currently the tor monerod start file uses --rpc-bind-ip=$DEVICE_IP --rpc-bind-port=18081 (local IP), and the /etc/tor/torrc file has the hidden service re-direct HiddenServicePort 18081 <local-ip>:18081 on line 73, as created by the tor installer:

setup-tor.sh: sudo sed -i "73s/.*/HiddenServicePort 18081 $(hostname -I | awk '{print $1}'):18081/" /etc/tor/torrc

This improvement was added a couple of weeks ago to enable this dual purpose (tor or non-torified local connection).

What did you have to change to make it work for you? How is the behaviour you are experiencing not as expected?

Linked to this but not directly -- I understand there is a current weakness in the system where a non-static/expired local DHCP lease will cause the hidden service re-direct to fail.

[ChiefGyk3D]

@shermand100 so I recall I just changed the RPC IP to bind to the local IP, and honestly. It works perfectly, been doing my Monero trades for a few months without an issue. I had some issues with the status page I remember at first but I think your tweak was pushed in an update. I had to switch the --rpc-bind-ip=$DEVICE_IP myself earlier.

You know what's funny is this was a custom tweak I dropped in back in March on my own node and I think you may have just added that already, and we had some parallel thinking going on without realizing it.

I'll order another RockPro64 for testing soon and have a dedicated testnet version then inspect traffic with my pfsense firewall to ensure this is in fact the case soon down the road as my Odroid HC2's can't keep up with the blockchain anymore properly.

[shermand100]

Yeah I'm sure we've sorted this ourselves at about the same time. Where before we had to work tor out ourselves (and had it pretty close), this project now uses the method documented in "MoneroDocs" here: https://monerodocs.org/running-node/open-node-tor-onion/

Our hidden service rules match that document and config is similar to achieve the same effect. --add-peers is done my our users manually via the webui.