Running BTG Fullnode via Tor incoming/outgoing

I have been trying to run my fullnode via Tor, as far as I understand my outgoing connections are connecting via Tor (no way to verify that?)

Now I am trying to allow incoming connections also via Tor, I understand that I must forward the ports 9050 which I have done

virtual%20server

I’m still not getting incoming connections, what am I doing wrong?

1 Like

Actually, you can. Open up the Debug window and go to the Peers tab.

Look at some of your outbound connections by clicking on them. They will say,
via ###.###.###:port

With no Tor:
For an inbound connection, this should be your IP address plus :8338.
Example from my testnet node:

image

My IP right now is 108.50.244.182. (It has port :18338 instead of :8338 because the picture is from testnet.)

For an outbound connection, it should be your IP address plus :##### which is a random port (but the node you’re looking at will be on :8338). Example:

image

Again, that’s my IP - but because it’s Outbound, my port is random. I reached the Node at 216.196.142.101 on the standard port, :8338.

That’s what you expect with no Tor.

How about with Tor?

I have enabled Tor on Windows through Tor Browser for my mainnet node. Here’s an outbound port:

image

I’m connectiong to node 168.235.110.33 on the standard :8338 port… but I’m getting there via some 154.16.195.65 address, not my own.

Here’s another outbound connection:
image

Also that’s not my IP. I have to assume the “via” IPs are because of Tor (perhaps exit nodes?)

Curiously, when I connect to node running Bitcore, I don’t get a “via” address at all:

image

Also, they do not stay connected. They connect, they talk, and then they drop after about one minute. :frowning:

I don’t have inbound working under Tor, yet. I’ve made no changes on my router; probably need to add 9150 inbound.

2 Likes

What are you using for your Tor socks proxy? I’m using Tor Browser for windows; the default address is 9150. I enabled it like this:

image

I believe this will only work when I keep Tor Browser open to serve as a socks proxy.

Also, I was getting tor: control port errors until I modified the torrc file to add the following line:

image

My Full Node was looking for the control port on :9051 instead of :9151, and I could find no way to tell the Node to look for :9050. To get around that, I used this line to tell Tor to listen on 9050. Now, my Node shows:

2019-10-31T03:17:11Z tor: Reading cached private key from D:\BitcoinGold\onion_private_key
2019-10-31T03:17:11Z tor: Successfully connected!
2019-10-31T03:17:11Z tor: Connected to Tor version 0.4.1.6
2019-10-31T03:17:11Z tor: Supported authentication method: COOKIE
2019-10-31T03:17:11Z tor: Supported authentication method: HASHEDPASSWORD
2019-10-31T03:17:11Z tor: Supported authentication method: SAFECOOKIE
2019-10-31T03:17:11Z tor: Using SAFECOOKIE authentication, reading cookie authentication from C:\Users\Luna\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\control_auth_cookie
2019-10-31T03:17:11Z tor: SAFECOOKIE authentication challenge successful
2019-10-31T03:17:11Z tor: AUTHCHALLENGE ServerHash c90645d24bec34b28206a88a94767b9ee02809fcedebf31920e48c8f34d2bd8d ServerNonce cc4e6bd3b1afee9a64ca33bc50c89a2b31a217d22e35556195449746e07edd29
2019-10-31T03:17:11Z tor: Authentication successful
2019-10-31T03:17:12Z AddLocal([2001:0:2841:f634:804:13c1:93cd:b49]:8338,1)
2019-10-31T03:17:12Z Discover: Tanden - 2001:0:2841:f634:804:13c1:93cd:b49
2019-10-31T03:17:12Z upnp thread start
2019-10-31T03:17:12Z Bound to [::]:8338
2019-10-31T03:17:12Z Bound to 0.0.0.0:8338
2019-10-31T03:17:12Z init message: Loading P2P addresses...
2019-10-31T03:17:12Z tor: ADD_ONION successful
2019-10-31T03:17:12Z tor: Got service ID lionkkmdd4n4rx5h, advertising service lionkkmdd4n4rx5h.onion:8338
2019-10-31T03:17:12Z tor: Cached service private key to D:\BitcoinGold\onion_private_key
2019-10-31T03:17:12Z AddLocal(lionkkmdd4n4rx5h.onion:8338,4)

So it looks like I have a reachable onion address with inbound port :8338:
lionkkmdd4n4rx5h.onion:8338

2 Likes

I added port 9150 inbound on my router, and I now appear to be getting inbound connections:

2019-10-31T04:13:10Z Added connection peer=87
2019-10-31T04:13:10Z connection from 46.101.246.115:43398 accepted
2019-10-31T04:13:10Z PROCESSMESSAGE: INVALID MESSAGESTART version peer=87
2019-10-31T04:13:10Z disconnecting peer=87
2019-10-31T04:13:10Z Cleared nodestate for peer=87
2019-10-31T04:13:20Z Making feeler connection to 192.162.242.111:8338
2019-10-31T04:13:20Z trying connection 192.162.242.111:8338 lastseen=6603.5hrs
2019-10-31T04:13:20Z SOCKS5 connecting 192.162.242.111
2019-10-31T04:13:20Z SOCKS5 sending proxy authentication 212:212
2019-10-31T04:13:22Z Added connection peer=88
2019-10-31T04:13:22Z connection from 94.237.44.67:44223 accepted
2019-10-31T04:13:22Z PROCESSMESSAGE: INVALID MESSAGESTART version peer=88
2019-10-31T04:13:22Z disconnecting peer=88
2019-10-31T04:13:22Z Cleared nodestate for peer=88

You can see two inbound connections above (“connection from … accepted”).

However, they both sent invalid messages - they weren’t BTG nodes - so they got dropped.

I’ll let this run overnight and see if I have some inbound connections tomorrow.

2 Likes

Also, just to point out the obvious to folks - I’m sharing my IP address and .onion address because I’m not actually trying to set up a private server behind Tor. This is just for troubleshooting purposes.

@CryptoNomad, feel free to go into your Node, to Debug, to Console, and enter:

addnode lionkkmdd4n4rx5h.onion:8338 add

A minute or two later, you may see a connection to my node. I think that should try to connect your node directly to mine via the .onion address.

Or, in your bitcoingold.conf file, add this line:
addnode=lionkkmdd4n4rx5h.onion:8338

That should also do the trick, but will require restarting your node.

2 Likes

I am not sure if I’m doing this correctly…How do I enable soks5 through Tor Browser simply by leaving it open or do I need to change something in the settings?

Also one of my outbound connections look like this, is it you? or some other Tor address?

2019-10-31T12:46:29Z Warning: not punishing manually-connected peer 46.166.129.181:8338!
2019-10-31T12:47:51Z Warning: not punishing manually-connected peer 46.166.129.181:8338!
2019-10-31T12:49:13Z Warning: not punishing manually-connected peer 46.166.129.181:8338!
2019-10-31T12:50:34Z socket send error An established connection was aborted by the software in your host machine. (10053)
2019-10-31T12:50:56Z Warning: not punishing manually-connected peer 138.197.214.7:8333!
2019-10-31T12:52:39Z Warning: not punishing manually-connected peer 138.197.214.7:8333!
2019-10-31T12:54:21Z Warning: not punishing manually-connected peer 138.197.214.7:8333!
2019-10-31T12:56:05Z Warning: not punishing manually-connected peer 138.197.214.7:8333!
2019-10-31T12:57:48Z Warning: not punishing manually-connected peer 138.197.214.7:8333!
2019-10-31T12:59:31Z Warning: not punishing manually-connected peer 138.197.214.7:8333!
2019-10-31T13:00:51Z socket send error An established connection was aborted by the software in your host machine. (10053)

That is someone else, my nodes are all 0.17. Also, that’s not a .onion address, it’s just an IPv6 instead of IPv4.

I made only one change in Tor browser. I added the following line in my torrc file:
ControlPort 9051

You still haven’t said whether you’re running Nix, Mac, PC… on Windows, the torrc file is in Tor’s installation folder, here: Tor\Browser\TorBrowser\Data\Tor\torrc.

The default ControlPort for Tor Browser is 9151; if you run a router providing Tor for all devices on your network, the default ControlPort would be 9051. The BTG Node is looking for that. I found no way to change that in the BTG Node, so I changed it in Tor Browser.

Try that, restart Tor Browser, kill BTG, delete the debug.log, start BTG, and then look for this after a minute:

2019-10-31T04:18:29Z torcontrol thread start
2019-10-31T04:18:29Z tor: Reading cached private key from D:\BitcoinGold\onion_private_key
2019-10-31T04:18:29Z tor: Successfully connected!
2019-10-31T04:18:29Z tor: Connected to Tor version 0.4.1.6
2019-10-31T04:18:29Z tor: Supported authentication method: COOKIE
2019-10-31T04:18:29Z tor: Supported authentication method: HASHEDPASSWORD
2019-10-31T04:18:29Z tor: Supported authentication method: SAFECOOKIE
2019-10-31T04:18:29Z tor: Using SAFECOOKIE authentication, reading cookie authentication from C:\Users\Luna\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\control_auth_cookie
2019-10-31T04:18:29Z tor: SAFECOOKIE authentication challenge successful
2019-10-31T04:18:29Z tor: AUTHCHALLENGE ServerHash 6985e673add8293820ab1ff2abc978b596b2805acb892bec8645e7f7c01e0052 ServerNonce e5244de74bb33f13af1be3538e6f326986de15e9dfd349a7caa5d71851b005f8
2019-10-31T04:18:29Z tor: Authentication successful
2019-10-31T04:18:29Z tor: ADD_ONION successful
2019-10-31T04:18:29Z tor: Got service ID lionkkmdd4n4rx5h, advertising service lionkkmdd4n4rx5h.onion:8338
2019-10-31T04:18:29Z tor: Cached service private key to D:\BitcoinGold\onion_private_key
2019-10-31T04:18:29Z AddLocal(lionkkmdd4n4rx5h.onion:8338,4)
2019-10-31T04:18:29Z AddLocal([2001:0:2841:f634:804:13c1:93cd:b49]:8338,1)
2019-10-31T04:18:29Z Discover: Tanden - 2001:0:2841:f634:804:13c1:93cd:b49
2019-10-31T04:18:29Z upnp thread start
2019-10-31T04:18:29Z Bound to [::]:8338
2019-10-31T04:18:29Z Bound to 0.0.0.0:8338

A few lines later, it starts opening connections and I see my first outbound connection through Tor:

2019-10-31T04:18:29Z opencon thread start
2019-10-31T04:18:29Z addcon thread start
2019-10-31T04:18:29Z trying connection 123.114.40.9:8338 lastseen=0.0hrs
2019-10-31T04:18:29Z GUI: initializeResult : Initialization result:  true
2019-10-31T04:18:29Z GUI: Platform customization: "windows"
2019-10-31T04:18:29Z SOCKS5 connecting 123.114.40.9
2019-10-31T04:18:29Z SOCKS5 sending proxy authentication 0:100:

If not getting detail in your debug log, add:
debug=1 (in bitcoingold.conf)
You do need to make sure to whack your debug.log from time to time - it will grow huge!

You also have the option of debug=tor, also, but I find the other info useful.

(Also, if you’re running BTG 0.15.2, get 0.17.1rc1 instead.)

What is this Node that you’ve manually connected to? Maybe you should take it out of your .conf file?

If you’re sure it’s a valid BTG node, then something very weird is happening. It shouldn’t be behaving in a way to make your node want to punish it.

2 Likes

I’ve enabled 9150 on my router, and I have 25 connections this morning, so inbound is working… but they all say they came in via my public network IP, not via Tor, as far as I can tell - but I’m not sure how I would tell.

I may manually force a Tor connection by setting up tor on another computer/node and manually connecting to my Tor address.

2 Likes

Isn’t Tor, like, freeware VPN?

1 Like

Not quite, but they both allow people in place where they aren’t allowed to do certain things online to be able to do them. If you’re in a place that bans crypto, or a place that bans reading newspapers from other countries, Tor and VPN may both allow you to do so, but they do so differently.

However, if you’re not allowed to reach a VPN site to make a connection, then VPN may not be an option - or if the VPN site requires an account and payment and can be traced to you. Tor tries to be more accessible and, configured properly, can be less traceable. When you’re on Tor, other Tor users don’t know who you are… when you’re on a VPN, the VPN provider knows your true IP address.

2 Likes

Do you mean control port 9150 as opposed to 9051? Is this a mix up?

My debug file says I connected to tor and gave me an address, but then I do not have any connections at all, also syncing the blocks isn’t moving at all

2019-11-04T14:47:58Z dnsseed thread start
2019-11-04T14:47:58Z msghand thread start
2019-11-04T14:47:58Z addcon thread start
2019-11-04T14:47:58Z net thread start
2019-11-04T14:47:58Z opencon thread start
2019-11-04T14:47:58Z GUI: Platform customization: “windows”
2019-11-04T14:47:58Z GUI: PaymentServer::LoadRootCAs: Loaded 33 root certificates
2019-11-04T14:47:58Z tor: Got service ID apfwvy3o53uglj7o, advertising service apfwvy3o53uglj7o.onion:8338
2019-11-04T14:47:58Z AddLocal(apfwvy3o53uglj7o.onion:8338,4)
2019-11-04T14:48:00Z No valid UPnP IGDs found
2019-11-04T14:48:00Z upnp thread exit

After adding a few nodes manually this is what I’m getting.

2019-11-04T15:04:44Z addcon thread start
2019-11-04T15:04:44Z dnsseed thread start
2019-11-04T15:04:44Z opencon thread start
2019-11-04T15:04:44Z msghand thread start
2019-11-04T15:04:44Z GUI: Platform customization: “windows”
2019-11-04T15:04:44Z GUI: PaymentServer::LoadRootCAs: Loaded 33 root certificates
2019-11-04T15:04:45Z New outbound peer connected: version: 70016, blocks=606268, peer=1
2019-11-04T15:04:46Z No valid UPnP IGDs found
2019-11-04T15:04:46Z upnp thread exit
2019-11-04T15:04:46Z New outbound peer connected: version: 70016, blocks=606268, peer=2
2019-11-04T15:04:47Z GUI: OpenType support missing for “MS Shell Dlg 2”, script 11
2019-11-04T15:04:47Z GUI: OpenType support missing for “Arial”, script 11
2019-11-04T15:04:47Z GUI: OpenType support missing for “MS UI Gothic”, script 11
2019-11-04T15:04:47Z GUI: OpenType support missing for “SimSun”, script 11
2019-11-04T15:04:47Z GUI: OpenType support missing for “MS Shell Dlg 2”, script 16
2019-11-04T15:04:47Z GUI: OpenType support missing for “Arial”, script 16
2019-11-04T15:04:47Z GUI: OpenType support missing for “MS UI Gothic”, script 16
2019-11-04T15:04:47Z GUI: OpenType support missing for “SimSun”, script 16
2019-11-04T15:04:48Z New outbound peer connected: version: 70016, blocks=606268, peer=3
2019-11-04T15:04:55Z Loading addresses from DNS seeds (could take a while)
2019-11-04T15:04:55Z 0 addresses found from DNS seeds
2019-11-04T15:04:55Z dnsseed thread exit
2019-11-04T15:04:56Z Socks5() connect to e:8338 failed: host unreachable
2019-11-04T15:05:03Z Socks5() connect to d:8338 failed: host unreachable
2019-11-04T15:05:09Z Socks5() connect to d:8338 failed: host unreachable
2019-11-04T15:05:54Z socket send error An established connection was aborted by the software in your host machine. (10053)
2019-11-04T15:06:13Z UpdateTip: new best=000000004744cdefdb67c8104118e21a55eda68ee87d6d9c4f9e9d5ad928461c height=606269 version=0x20000000 log2_work=87.340668 tx=266561134 date=‘2019-11-04T15:05:59Z’ progress=0.623868 cache=0.0MiB(4txo)

I’m not sure what I did wrong here

No mixup.

Standard Tor port if you’re running a proxy is port 9150 on the proxy. That’s the SOCKSPort.

The control port would be 9151. That’s the ControlPort.

And:
image

So… With Tor Browser, SOCKS on 9150, and Control on 9151.

I told Core Wallet to talk to SOCKS on 127.0.0.1:9150, which worked fine through TorBrowser (It could talk through Tor.)

But in my Full Node’s debug.log, I saw errors connecting to ControlPort on :9051, so my Full Node could not broadcast a Tor address for other machine to connect inbound to me only through Tor. (They could connect to my public IP after going through Tor, but that’s not the same as connecting to me only through Tor. You can say I was trying to do a “fully Tor” machine.)

Note: this is all because I’m running my Node on Windows connecting through Tor Browser as proxy, also on Windows, all on the same machine. If you’re running a proper Tor Proxy on 'nix, none of this applies to you and you’re probably fine with the default ports.

I could find a way to tell my Full Node that my Tor ControlPort was on 9151 - so it just kept looking for it on 9051. The next best thing? Tell Tor Browser to listen on 9050. That did the trick, and my node picked up a Tor address for me.

As far as the rest - I’ll give a shot at connecting to your .onion address in the next few minutes to see what happens.

2 Likes

Well, I see your apfwvy3o53uglj7o.onion address, so I tried connecting to that manually, and…

Hello!

I expect you see a connection from me at lionkkmdd4n4rx5h.onion:8338.

So the connection between apfwvy3o53uglj7o.onion and lionkkmdd4n4rx5h.onion:8338 never goes to the “internet,” it never goes to a Tor “exit node.” our peer-to-peer traffic stays within the Tor network.

However, because there are so few of us running full Tor connections, if you set your node to only work with .onion addresses, then you’ll never get any connections. There was only you and me, and since we haven’t been up long, we hadn’t ‘advertised’ our addresses to each other.

I have made the following changes on my end just now:

  1. I set Tor Browser to listen on 9050 and 9051, which are the Full Wallet defaults, by editing my torrc by adding two lines:

SocksPort 9050
ControlPort 9051

  1. I told by BTG Full Node to use Tor for hidden services in the Network Options as so:

Note that I did not tell the Full Node to use the SOCKS proxy by default. In other words, I did not tell it to use the proxy for ALL connections, just for connecting to Tor hidden services. This allows my machine to talk to other public nodes quickly (direct internet, not Tor), but also allows my machine to talk to and receive connections from any other Tor addresses.

I can do this because it’s safe for me to run the public node. Some people may be forced to run as hidden-only. It will take a very long time to sync a full node that way. (That’s really the strongest argument for maintaining a Bootstrap torrent that people can sync from a safe place and then bring to a node in an unsafe place to sync up without going through the network.)

2 Likes

I see you!!

My node seems to only make outbound connections when I addnode into my config file, otherwise it wont connect.

I applied all the settings just as you instructed but still I only have 1 inbound connection which is you, I forwarded ports on the router and still, maybe it needs more time?

If it’s all correct, it will still take a little time to get inbound connections…

If you already have inbound connections, and you resart your node, you’ll get inbound connections quickly, because those people who were already connecting to you will check in periodically, and will re-connect.

However, if you’ve been off for a while (or if you config was not accepting inbound for a while), then when you start it up after configuring correctly, you’ll see no inbound connections for some time.

Give it a few hours, at least, to see if you start to pick up inbound peers. If I’m up for a few days uninterrupted, I get a lot of inbound.

Your node will advertise your address as available to your connected peers (local advertising), and those peers will record your address in their peers.dat file, and will trade peers.dat file info with other peers over time.

From time to time, when someone else connects with them, they will give a list of peers to the connector… and then your address will be in the list of peers they might try (at random) to connect when the need to make more outbound connections to get up to the minimum of 8.

So you need to wait for:

  1. Your address to get disseminated.
  2. Other nodes to start up who have zero outbound connection to pick up lots of nodes, hoping they hit you at random.
  3. Other nodes who are already up and running to randomly drop one of their current 8 outbound peers and then replace it with a random different one, hoping they hit you.

This process may seem a bit weird at first, but it’s part of the Bitcoin network’s security system. Because every machine looks for 8 outbound connections which it chooses at random from all the different peers that have been seen by prior peers, and it can choose them for large collections of addresses, it’s very hard for someone to use fake nodes or Sybil nodes to try to isolate you by becoming “all of your peers.” Your node will keep periodically trying to connect to some random node you have in peerlists from peer’s peerlists from other peer’s peerlists… and as long as one of your 8 outbound hits an honest server, you’ll get a feed of the current blocks.

2 Likes

I stand corrected - you don’t need to make any changes to the default settings on the Node. All you need to do (on Windows) is install Tor Browser and edit the torrc file so that it uses the 9050/9051 ports, as I described above, and the node will get an onion address and advertise it.

I realized this because I also run a Bitcoin Full node and a Litecoin full node. During the time I was playing with my BTG full node settings, I made no changes at all for the Bitcoin node or the Litecoin node.

Looking at the logs on them now, I can see that as soon as I made the port changes in my torrc file, both Bitcoin and Litecoin nodes also picked up a .onion address and began advertising it.

1 Like

I finally now have 3 incoming connections through Tor

incoming

1 Like

Good.

Given that we have a small base of users with Tor enabled, it still takes a long time for your advertisements to disseminate to the network.

This is true even though there were apparently some others trying to run Tor services… the people running Tor-only can’t find each each other through the main network unless there are enough people running dual mode - that is, running both Tor & running clearnet.

It’s happening now because several of us have begun intentionally running both in order to help bridge the networks. In the process of researching this, I’ve found that there are actually several more Tor hidden service nodes out there. It will get steadily easier for people to do this.

You should probably cycle into a new Tor hidden service address so that you are not identifiable; this is a public thread. I’ll try to keep mine for a while - I’m not in a situation where the node(s) I control need anonymity, so I’m a good candidate to act as a bridge.