User Tools

Site Tools


en:guides_basic_relay_config

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

en:guides_basic_relay_config [2018/01/06 03:41] (current)
attila created, first very rough draft translation
Line 1: Line 1:
 +=== I want to help! How to configure a relay? ===
 +
 +Described below, some examples of installing and configuring a
 +environment to operate a Tor relay.
 +
 +Here, in these examples, * NO * will be considered configuration cases
 +for bridges or output nodes. Another document should describe these
 +other relay alternatives. Also here are not being
 +means of transport which may be used
 +in the Tor network (traffic obfuscators,​ or Pluggable Transports).
 +
 +Commonly used traffic obfuscators:​
 +
 +  * obfs4proxy
 +  * meek
 +
 +Continuing the configuration of your relay, it is recommended that own
 +adjustments and fine adjustments to the machines you intend to use as
 +relay; it is important that they are anonymity of the users who travel
 +through it.
 +
 +  * What can be understood by fine adjustments?​
 +    * dedicated IP address blocks for relay use;
 +    * separate services separated by VLAN;
 +    * preferably use a physical machine;
 +
 +      * fully dedicated implementation to operate relays,
 +        exit or bridges
 +      * different versions of Tor available on different systems
 +        operations, or architectures
 +      * Do not run multiple instances of Tor in a shared environment
 +
 +      * avoid using NAT whenever possible;
 +
 +      * there is a maximum / recommended limit of 2 sharing daemons
 +        same public IP
 +
 +      * if possible, encrypt the file systems used;
 +      * NTP? implement your own Stratum 1 (GPS);
 +
 +Perhaps the weakest point, and forgotten / ignored by several people,
 +is connected to the "​undue"​ use of DNS servers!
 +
 +Always pay for your own DNS setup. Need help? Look
 +material available at https://​github.com/​isislovecruft/​scripts.
 +Other material that may be considered is available on the
 +DNS Crypt Proxy project (https://​www.dnscrypt.org).
 +
 +Try to read a little about these and other possibilities of
 +configuration,​ and implement the DNS solution that best suits you.
 +(appreciating the users of the network, and the privilege of all). A little
 +more about DNS? https://​www.opennic.org
 +
 +  * Combine your dedicated scenario with DNS Crypt?
 +
 +    unbound
 +    bind
 +    * dnsmasq
 +    * pdnsd
 +
 +Depending on the scenario where the machine you choose is located
 +"​donate"​ to be used as a relay, it may be necessary for you to
 +configure port redirection. Please search for information
 +how to perform this type of procedure or configuration
 +additional.
 +
 +-------------------------------------------------- -------------
 +
 +Always review the default check file
 +(http://​openbsd-br.org/​tor/​en/​torrc) that is being used in this
 +document; it may contain merely fictitious information that does not
 +your scenario, or you can use different paths
 +referring to the DataDir or Log configuration.
 +
 +-------------------------------------------------- -------------
 +
 +== DragonFlyBSD ==
 +
 +Assuming an updated system (5.0.0 X86_64_GENERIC),​ already with '​pkg'​ available:
 +
 +  user $ su -
 +  Password:
 +  root # pkg install -y tor
 +  root # fetch http://​openbsd-br.org/​tor/​en/​torrc -o / usr / local / etc / tor / torrc
 +  root # echo "​tor_enable = YES" >> /​etc/​rc.conf
 +  root # echo "​net.inet.ip.random_id = 1" >> /​etc/​sysctl.conf
 +  root # sysctl net.inet.ip.random_id = 1
 +  root # service tor start
 +
 +== FreeBSD ==
 +
 +Assuming a system without additional packages installed and updated
 +(11.1-RELEASE-p2 GENERIC):
 +
 +  user $ su -
 +  Password:
 +  root # env ASSUME_ALWAYS_YES = yes pkg bootstrap
 +  root # pkg install -y tor
 +  root # fetch http://​openbsd-br.org/​tor/​en/​torrc -o / usr / local / etc / tor / torrc
 +  root # sysrc tor_enable = YES
 +  root # echo "​net.inet.ip.random_id = 1" >> /​etc/​sysctl.conf
 +  root # sysctl net.inet.ip.random_id = 1
 +  root # service tor start
 +
 +== NetBSD ==
 +
 +Assuming a system without additional packages installed and upgraded (7.1
 +GENERIC), already with '​pkgin'​ available:
 +
 +  user $ su -
 +  Password:
 +  root # pkgin -y install tor
 +  root # ftp -o / usr / pkg / etc / tor / torrc http://​openbsd-br.org/​tor/​en/​torrc
 +  root # ln -sf /​usr/​pkg/​share/​examples/​rc.d/​tor/​etc/​rc.d/​tor
 +  root # echo "tor = YES" >> /​etc/​rc.conf
 +  root # /​etc/​rc.d/​tor start
 +
 +== OpenBSD ==
 +
 +Assuming a system without additional packages installed and upgraded (6.2
 +GENERIC):
 +
 +  user $ su -
 +  Password:
 +  root # echo "​https://​ftp.openbsd.org/​pub/​OpenBSD">​ / etc / installurl
 +  root # pkg_add tor
 +  root # ftp -o / etc / tor / torrc http://​openbsd-br.org/​tor/​en/​torrc
 +  root # rcctl enable tor
 +  root # rcctl set tor flags "-f / etc / tor / torrc -User _tor"
 +  root # /​etc/​rc.d/​tor start
  
en/guides_basic_relay_config.txt ยท Last modified: 2018/01/06 03:41 by attila