DataDirectory /var/lib/tor-client
Log notice syslog

# This instance will appear in syslog as "Tor-client"
SyslogIdentityTag client

# Use the default SocksPort, but also isolate streams going to different
# destination addresses and in case of DualStack Exits prefer IPv6, because
# they aren't publicly listed and may let through Tor blocks.
# https://trac.torproject.org/projects/tor/ticket/16947
SocksPort 9050 IsolateDestAddr PreferIPv6
SocksPort 9052 PreferIPv6
SocksPort 9060 OnionTrafficOnly

# Uncomment to disable IPv4
#ClientUseIPv4 0

# Allow Tor to connect to relay/bridge over IPv6. As the default is
# IPv4-only, this may cause less anonymity if the guard is bad (and
# especially if you are behind CGN?)
ClientUseIPv6 1

# Always prefer IPv6 over IPv4 (see previous), maybe this would be useful
# in a DS network preventing Tor over IPv4.
#ClientPreferIPv6ORPort 1

# Disable control access
ControlPort 0
ControlSocket 0

# If these have been disabled in the main Tor or OneHopOnion and something
# should work with the Debian defaults (e.g. zeronet)
CookieAuthentication 1
#CookieAuthFileGroupReadable 1
#CookieAuthFile /run/tor/control.authcookie
#ControlPort 9051
#ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck
#ControlSocketsGroupWritable 1
#SocksPort unix:/run/tor/socks WorldWritable IsolateDestAddr PreferIPv6

# https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt
#NumEntryGuards 2