shell-things/etc/tor/torrc-client

# WARNING: This config uses two guards by default instead of just one,
# search for NumEntryGuards 2, this may make Tor instance doing this more
# identifiable and same applies to some other changes I am doing.
# Run by your own responsibility.
DataDirectory /var/lib/tor-client
Log notice syslog

# This instance will appear in syslog as "Tor-client"
SyslogIdentityTag client

# Use the default SocksPort, but also isolate streams going to different
# destination addresses and in case of DualStack Exits prefer IPv6, because
# they aren't publicly listed and may let through Tor blocks.
# https://trac.torproject.org/projects/tor/ticket/16947
SocksPort 9050 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth
SocksPort 9052 PreferIPv6 IsolateSOCKSAuth
SocksPort 9060 OnionTrafficOnly IsolateSOCKSAuth

# HTTP Proxy port
# This works only for HTTPS and similar
HTTPTunnelPort 8118 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth
# Legacy compliancy with self
HTTPTunnelPort 9119 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth

# Uncomment to disable IPv4
#ClientUseIPv4 0

# Allow Tor to connect to relay/bridge over IPv6. As the default is
# IPv4-only, this may cause less anonymity if the guard is bad (and
# especially if you are behind CGN?)
ClientUseIPv6 1

# Always prefer IPv6 over IPv4 (see previous), maybe this would be useful
# in a DS network preventing Tor over IPv4.
ClientPreferIPv6ORPort 1

## Mapping clearnet domains to onions for certificate validation if
## accessed through Tor
# My personal server, most likely used for IRC
MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion
# I setup this being operator, also on MOTD
MapAddress irc.pirateirc.net cbmtec5xuhpjwjq245kpp5jk2wij63ydgu5vwbxvdamzibfubc5uzaqd.onion
# https://liberta.casa/ confirmed from oper
MapAddress irc.liberta.casa cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion
# Ergo IRCd's home, confirmed from channel
MapAddress irc.ergo.chat vrw7zcuarwx4oeju3iikiz3jffrvuijsysyznqf53mxizxrebomfnrid.onion
# Heard from staffer, also https://libera.chat/guides/connect#verifying-tor-tls-connections
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
# https://www.oftc.net/Tor/
MapAddress irc.oftc.net oftcnet6xg6roj6d7id4y4cu6dchysacqj2ldgea73qzdagufflqxrid.onion
# From operator and their MOTD
MapAddress irc.hybridirc.com rhnxdpf3h7z6f4g6cvm7fuadzoucdjnvscgczsv7d6dolddbfwb5upid.onion

# Disable control access
#ControlPort 0
#ControlSocket 0

# If these have been disabled in the main Tor or OneHopOnion and something
# should work with the Debian defaults (e.g. zeronet)
# Uncommented due to how I would uncomment them anyway in my setup. See ###
# below
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /run/tor/control.authcookie
ControlPort 9051
ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1
SocksPort unix:/run/tor/socks WorldWritable IsolateDestAddr PreferIPv6

### Disabling the Above in Debian Torrc (judging by my running system)
##ControlPort 0
##ControlSocket 0
##CookieAuthentication 0
##CookieAuthFile 0

# https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt
# Possibly dangerous or more easily fingerprintable as it's not the default
# yet!
NumEntryGuards 2
torrc-client: update from running config Preparation to #118 2019-06-30 12:31:16 +02:00			`# WARNING: This config uses two guards by default instead of just one,`
			`# search for NumEntryGuards 2, this may make Tor instance doing this more`
			`# identifiable and same applies to some other changes I am doing.`
			`# Run by your own responsibility.`
etc/systemd: add tor-client.service & tor: add torrc-client 2019-05-03 11:31:33 +02:00			`DataDirectory /var/lib/tor-client`
			`Log notice syslog`
etc/tor/torrc-client: add comments 2019-05-04 15:55:08 +02:00
			`# This instance will appear in syslog as "Tor-client"`
etc/systemd: add tor-client.service & tor: add torrc-client 2019-05-03 11:31:33 +02:00			`SyslogIdentityTag client`
etc/tor/torrc-client: add comments 2019-05-04 15:55:08 +02:00
			`# Use the default SocksPort, but also isolate streams going to different`
			`# destination addresses and in case of DualStack Exits prefer IPv6, because`
			`# they aren't publicly listed and may let through Tor blocks.`
			`# https://trac.torproject.org/projects/tor/ticket/16947`
torrc-client: ensure IsolateSOCKSAuth & add HTTPTunnelPort 2019-05-22 10:58:05 +02:00			`SocksPort 9050 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth`
			`SocksPort 9052 PreferIPv6 IsolateSOCKSAuth`
			`SocksPort 9060 OnionTrafficOnly IsolateSOCKSAuth`

			`# HTTP Proxy port`
torrc-client: uncomment 8118 2022-03-31 07:26:55 +02:00			`# This works only for HTTPS and similar`
			`HTTPTunnelPort 8118 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth`
			`# Legacy compliancy with self`
torrc-client: add port 9119 for http 2019-12-23 11:48:33 +01:00			`HTTPTunnelPort 9119 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth`
etc/systemd: add tor-client.service & tor: add torrc-client 2019-05-03 11:31:33 +02:00
			`# Uncomment to disable IPv4`
			`#ClientUseIPv4 0`
etc/tor/torrc-client: add comments 2019-05-04 15:55:08 +02:00
			`# Allow Tor to connect to relay/bridge over IPv6. As the default is`
			`# IPv4-only, this may cause less anonymity if the guard is bad (and`
			`# especially if you are behind CGN?)`
			`ClientUseIPv6 1`

			`# Always prefer IPv6 over IPv4 (see previous), maybe this would be useful`
			`# in a DS network preventing Tor over IPv4.`
torrc-client: enable ClientPreferIPv6ORPort as my IPv6 works 2019-08-25 17:39:12 +02:00			`ClientPreferIPv6ORPort 1`
etc/systemd: add tor-client.service & tor: add torrc-client 2019-05-03 11:31:33 +02:00
torrc-client: add MapAddress for PirateIRC & freenode Closes #118 2019-06-30 13:27:20 +02:00			`## Mapping clearnet domains to onions for certificate validation if`
			`## accessed through Tor`
torrc-client: add etro.mikaela.info 2021-01-26 18:42:25 +01:00			`# My personal server, most likely used for IRC`
			`MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion`
etc/tor/torrc-client: add PirateIRC 2022-03-02 13:44:13 +01:00			`# I setup this being operator, also on MOTD`
			`MapAddress irc.pirateirc.net cbmtec5xuhpjwjq245kpp5jk2wij63ydgu5vwbxvdamzibfubc5uzaqd.onion`
torrc-client: add irc.liberta.casa 2021-05-22 12:16:26 +02:00			`# https://liberta.casa/ confirmed from oper`
			`MapAddress irc.liberta.casa cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion`
etc/tor/torrc-client: add irc.ergo.chat 2021-05-27 01:52:30 +02:00			`# Ergo IRCd's home, confirmed from channel`
			`MapAddress irc.ergo.chat vrw7zcuarwx4oeju3iikiz3jffrvuijsysyznqf53mxizxrebomfnrid.onion`
torrc-client: add MapAddress for palladium.libera.chat https://libera.chat/guides/connect#verifying-tor-tls-connections 2021-05-27 16:50:03 +02:00			`# Heard from staffer, also https://libera.chat/guides/connect#verifying-tor-tls-connections`
			`MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion`
etc/tor/torrc-client: add MapAddress for OFTC 2022-01-17 16:30:39 +01:00			`# https://www.oftc.net/Tor/`
			`MapAddress irc.oftc.net oftcnet6xg6roj6d7id4y4cu6dchysacqj2ldgea73qzdagufflqxrid.onion`
etc/tor/…-client: add hybridirc onion 2022-02-26 20:07:39 +01:00			`# From operator and their MOTD`
			`MapAddress irc.hybridirc.com rhnxdpf3h7z6f4g6cvm7fuadzoucdjnvscgczsv7d6dolddbfwb5upid.onion`
torrc-client: add MapAddress for PirateIRC & freenode Closes #118 2019-06-30 13:27:20 +02:00
etc/tor: disable control, document enabling for client 2019-05-04 19:17:21 +02:00			`# Disable control access`
torrc-client: update from running config Preparation to #118 2019-06-30 12:31:16 +02:00			`#ControlPort 0`
			`#ControlSocket 0`
etc/tor: disable control, document enabling for client 2019-05-04 19:17:21 +02:00
			`# If these have been disabled in the main Tor or OneHopOnion and something`
			`# should work with the Debian defaults (e.g. zeronet)`
torrc-client: update from running config Preparation to #118 2019-06-30 12:31:16 +02:00			`# Uncommented due to how I would uncomment them anyway in my setup. See ###`
			`# below`
etc/systemd: add tor-client.service & tor: add torrc-client 2019-05-03 11:31:33 +02:00			`CookieAuthentication 1`
torrc-client: update from running config Preparation to #118 2019-06-30 12:31:16 +02:00			`CookieAuthFileGroupReadable 1`
			`CookieAuthFile /run/tor/control.authcookie`
			`ControlPort 9051`
			`ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck`
			`ControlSocketsGroupWritable 1`
			`SocksPort unix:/run/tor/socks WorldWritable IsolateDestAddr PreferIPv6`

			`### Disabling the Above in Debian Torrc (judging by my running system)`
			`##ControlPort 0`
			`##ControlSocket 0`
			`##CookieAuthentication 0`
			`##CookieAuthFile 0`
torrc-client: add SocksPorts and comment on two guards I need unisolated port for dnscrypt-proxy which I fear would otherwise generate too many circuits which wouldn't even be used and I guess there is no harm in sending Yggdrasil to a separate port that only has access to onions which is a port I may sometimes wish I have otherwise too. 2019-05-15 09:31:47 +02:00
			`# https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt`
torrc-client: update from running config Preparation to #118 2019-06-30 12:31:16 +02:00			`# Possibly dangerous or more easily fingerprintable as it's not the default`
			`# yet!`
			`NumEntryGuards 2`