2019-06-30 12:31:16 +02:00
|
|
|
# WARNING: This config uses two guards by default instead of just one,
|
|
|
|
# search for NumEntryGuards 2, this may make Tor instance doing this more
|
|
|
|
# identifiable and same applies to some other changes I am doing.
|
|
|
|
# Run by your own responsibility.
|
2019-05-03 11:31:33 +02:00
|
|
|
DataDirectory /var/lib/tor-client
|
|
|
|
Log notice syslog
|
2019-05-04 15:55:08 +02:00
|
|
|
|
|
|
|
# This instance will appear in syslog as "Tor-client"
|
2019-05-03 11:31:33 +02:00
|
|
|
SyslogIdentityTag client
|
2019-05-04 15:55:08 +02:00
|
|
|
|
|
|
|
# Use the default SocksPort, but also isolate streams going to different
|
|
|
|
# destination addresses and in case of DualStack Exits prefer IPv6, because
|
|
|
|
# they aren't publicly listed and may let through Tor blocks.
|
|
|
|
# https://trac.torproject.org/projects/tor/ticket/16947
|
2019-05-22 10:58:05 +02:00
|
|
|
SocksPort 9050 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth
|
|
|
|
SocksPort 9052 PreferIPv6 IsolateSOCKSAuth
|
|
|
|
SocksPort 9060 OnionTrafficOnly IsolateSOCKSAuth
|
|
|
|
|
|
|
|
# HTTP Proxy port
|
2019-06-30 12:31:16 +02:00
|
|
|
# This works only for HTTPS and similar, so I ended up using Privoxy to get
|
|
|
|
# apt-listchanges and apt-listbugs also through Tor.
|
|
|
|
#HTTPTunnelPort 8118 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth
|
2019-05-03 11:31:33 +02:00
|
|
|
|
|
|
|
# Uncomment to disable IPv4
|
|
|
|
#ClientUseIPv4 0
|
2019-05-04 15:55:08 +02:00
|
|
|
|
|
|
|
# Allow Tor to connect to relay/bridge over IPv6. As the default is
|
|
|
|
# IPv4-only, this may cause less anonymity if the guard is bad (and
|
|
|
|
# especially if you are behind CGN?)
|
|
|
|
ClientUseIPv6 1
|
|
|
|
|
|
|
|
# Always prefer IPv6 over IPv4 (see previous), maybe this would be useful
|
|
|
|
# in a DS network preventing Tor over IPv4.
|
2019-05-03 11:31:33 +02:00
|
|
|
#ClientPreferIPv6ORPort 1
|
|
|
|
|
2019-06-30 13:27:20 +02:00
|
|
|
## Mapping clearnet domains to onions for certificate validation if
|
|
|
|
## accessed through Tor
|
|
|
|
# Other valid domains (that I am unlikely to use) in normal IRC:
|
|
|
|
# fi.pirateirc.net (I use it in Biboumi though) / irc.piraattipuolue.fi
|
|
|
|
MapAddress roubaix-fr.pirateirc.net tll4bxf546kzf6iv4n2m4pbbjnifrfewe3kcritva2tuuuiowygx2cqd.onion
|
|
|
|
# Freenode has a lot of valid names, but zettel is the name of their Tor
|
|
|
|
# server
|
|
|
|
MapAddress zettel.freenode.net ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion
|
|
|
|
|
2019-05-04 19:17:21 +02:00
|
|
|
# Disable control access
|
2019-06-30 12:31:16 +02:00
|
|
|
#ControlPort 0
|
|
|
|
#ControlSocket 0
|
2019-05-04 19:17:21 +02:00
|
|
|
|
|
|
|
# If these have been disabled in the main Tor or OneHopOnion and something
|
|
|
|
# should work with the Debian defaults (e.g. zeronet)
|
2019-06-30 12:31:16 +02:00
|
|
|
# Uncommented due to how I would uncomment them anyway in my setup. See ###
|
|
|
|
# below
|
2019-05-03 11:31:33 +02:00
|
|
|
CookieAuthentication 1
|
2019-06-30 12:31:16 +02:00
|
|
|
CookieAuthFileGroupReadable 1
|
|
|
|
CookieAuthFile /run/tor/control.authcookie
|
|
|
|
ControlPort 9051
|
|
|
|
ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck
|
|
|
|
ControlSocketsGroupWritable 1
|
|
|
|
SocksPort unix:/run/tor/socks WorldWritable IsolateDestAddr PreferIPv6
|
|
|
|
|
|
|
|
### Disabling the Above in Debian Torrc (judging by my running system)
|
|
|
|
##ControlPort 0
|
|
|
|
##ControlSocket 0
|
|
|
|
##CookieAuthentication 0
|
|
|
|
##CookieAuthFile 0
|
2019-05-15 09:31:47 +02:00
|
|
|
|
|
|
|
# https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt
|
2019-06-30 12:31:16 +02:00
|
|
|
# Possibly dangerous or more easily fingerprintable as it's not the default
|
|
|
|
# yet!
|
|
|
|
NumEntryGuards 2
|