# WARNING: This config uses two guards by default instead of just one, # search for NumEntryGuards 2, this may make Tor instance doing this more # identifiable and same applies to some other changes I am doing. # Run by your own responsibility. DataDirectory /var/lib/tor-client Log notice syslog # This instance will appear in syslog as "Tor-client" SyslogIdentityTag client # Use the default SocksPort, but also isolate streams going to different # destination addresses and in case of DualStack Exits prefer IPv6, because # they aren't publicly listed and may let through Tor blocks. # https://trac.torproject.org/projects/tor/ticket/16947 SocksPort 9050 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth SocksPort 9052 PreferIPv6 IsolateSOCKSAuth SocksPort 9060 OnionTrafficOnly IsolateSOCKSAuth # HTTP Proxy port # This works only for HTTPS and similar, so I ended up using Privoxy to get # apt-listchanges and apt-listbugs also through Tor. #HTTPTunnelPort 8118 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth HTTPTunnelPort 9119 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth # Uncomment to disable IPv4 #ClientUseIPv4 0 # Allow Tor to connect to relay/bridge over IPv6. As the default is # IPv4-only, this may cause less anonymity if the guard is bad (and # especially if you are behind CGN?) ClientUseIPv6 1 # Always prefer IPv6 over IPv4 (see previous), maybe this would be useful # in a DS network preventing Tor over IPv4. ClientPreferIPv6ORPort 1 ## Mapping clearnet domains to onions for certificate validation if ## accessed through Tor # Other valid domains (that I am unlikely to use) in normal IRC: # fi.pirateirc.net (I use it in Biboumi though) / irc.piraattipuolue.fi MapAddress roubaix-fr.pirateirc.net tll4bxf546kzf6iv4n2m4pbbjnifrfewe3kcritva2tuuuiowygx2cqd.onion # Freenode has a lot of valid names, but zettel is the name of their Tor # server MapAddress zettel.freenode.net ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion # Disable control access #ControlPort 0 #ControlSocket 0 # If these have been disabled in the main Tor or OneHopOnion and something # should work with the Debian defaults (e.g. zeronet) # Uncommented due to how I would uncomment them anyway in my setup. See ### # below CookieAuthentication 1 CookieAuthFileGroupReadable 1 CookieAuthFile /run/tor/control.authcookie ControlPort 9051 ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck ControlSocketsGroupWritable 1 SocksPort unix:/run/tor/socks WorldWritable IsolateDestAddr PreferIPv6 ### Disabling the Above in Debian Torrc (judging by my running system) ##ControlPort 0 ##ControlSocket 0 ##CookieAuthentication 0 ##CookieAuthFile 0 # https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt # Possibly dangerous or more easily fingerprintable as it's not the default # yet! NumEntryGuards 2