Tor Hidden Service

Discuss the technical details of Gargoyle and ongoing development

Moderator: Moderators

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Tor Hidden Service

Post by ispyisail »

Hi Eric

Can you explain Tor Hidden Service in more detail

Image



Thanks

Eric
Site Admin
Posts: 1443
Joined: Sat Jun 14, 2008 1:14 pm

Re: Tor Hidden Service

Post by Eric »

Tor Hidden Services are one of the best features of Tor, and one that most people aren't aware of. Basically, a Tor hidden service is one provided by a server located/hosted inside, the Tor network. This ensures anonymity for both the connecting client and the server.

In general, Tor takes your connection, bounces it around inside the Tor network, and then forwards it to its ultimate destination so that whatever host you're connecting to only sees your address as the the last Tor node visited (the exit node). The address you're connecting to, though, is publicly known -- it's on an IP address that everyone can get to. If someone wants to know where the server is located, that's easy to do.

When connecting to a tor hidden node, the connection never leaves the Tor network. There are addresses that look like fairly random strings of alphanumeric characters and that end in ".onion" that are only accessible if you're connected through Tor. Since the server is accessible only through Tor, the location of the server can not be tracked down, allowing for communication to take place between two parties, both of whom are effectively anonymized.

For example, Tor Mail: http://jhiwjjlqpyawmpjx.onion Truly anonymous email -- accessible anonymously, and no way to know where the server is, so it would be hard to take down.

Here's another forum service called "TorSquare", that's basically an anonymous forum: http://ajqaivfxtqy3fdlr.onion/torsquare/

Google for more ".onion" addresses and you'll find a bunch posted around the web.

The new "Hidden Service Only" mode does exactly what it says -- it allows (anonymous) access to these Tor hiddens services, while all other traffic bypasses Tor. This means that if you're connecting to a rather mundane website like gargoyle-router.com, you'll get a nice, fast connection (Tor tends to crawl), without anonymity protection. But, if you want to access one of these hidden service addresses, you will be able to, and you will be anonymous while doing so.

In addition to the "Hidden Service Only Mode", Tor hidden services will also work in "Tor Enabled for All" mode and when Tor is active for individual hosts. In the latest version, hidden services will not be available in the case where tor is active for individual hosts, but currently turned off for a given host (Tor will have to be set active first). Note that Tor hidden services do not work in 1.5.2, this feature has only been introduced in the latest commits to the master branch of the repository.

Most people probably shouldn't need to touch the "Tor hidden subnet" and "Tor hidden subnet mask" parameters. They're only there because if the LAN or WAN uses the same (reserved) subnet as what is specified here, you'll have problems/conflicts with Tor hidden services. Just make sure this subnet is outside whatever you're using for your main connection and it will work.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Tor Hidden Service

Post by ispyisail »

what would be involved in using gargoyle to create my own hidden service?

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Tor Hidden Service

Post by ispyisail »

Also I assume gargoyle Tor is setup as "client mode" only?

Is there any reason that there isn't a tick box to enable "Tor repeater" or "exit node"?

Cezary
Posts: 135
Joined: Thu Sep 11, 2008 12:57 pm
Location: Poland
Contact:

Re: Tor Hidden Service

Post by Cezary »

IMO good idea - router as exit node.

Eric
Site Admin
Posts: 1443
Joined: Sat Jun 14, 2008 1:14 pm

Re: Tor Hidden Service

Post by Eric »

I'm currently working on allowing Tor bridges/relays.

I'm inclined not to allow configuration as an exit node since running an exit node can expose you to a lot of legal issues if you aren't careful -- if all sorts of malicious traffic suddenly start coming out of your router (and this is often what happens when you run an exit node), you need to be prepared to deal with the consequences. I really don't want users of Gargoyle to suddenly find themselves in a lot of very serious trouble just because they enabled the wrong setting. Generally, running a Tor exit node is legal in most western nations, but you might still get a lot of scary, official-looking people knocking on your door, and have to explain what is going on....

mates
Posts: 128
Joined: Mon Nov 14, 2011 7:53 am

Re: Tor Hidden Service

Post by mates »

Hi

I am trying turn on TOR service, but without succes (on 1.5.2. and 1.5.3. worked OK on 1.5.4. no or maybe I am doing something wrong)

router WNDR3700v2
WAN IP: A.A.A.A
LAN 10.0.0.1
255.255.255.0

pc 10.0.0.2
telephone 10.0.0.3


here is tor setting
Image

here is message when i am trying turn on TOR
Image

If I chose enabled for all host than all is OK TOR working

Could you please help me what I am making wrong?

Eric
Site Admin
Posts: 1443
Joined: Sat Jun 14, 2008 1:14 pm

Re: Tor Hidden Service

Post by Eric »

Thanks for reporting this -- I found the bug causing the issue. It's fixed now in the repository. If you want to fix it yourself, it's just a one line fix.

SSH in and edit /www/torip.sh, and change:

Code: Select all

tor_ip_file=$(uci get tor.global.enabled_ip_file 2>/dev/null)
to

Code: Select all

tor_ip_file=$(uci get tor.client.enabled_ip_file 2>/dev/null)

mates
Posts: 128
Joined: Mon Nov 14, 2011 7:53 am

Re: Tor Hidden Service

Post by mates »

Eric wrote:Thanks for reporting this -- I found the bug causing the issue. It's fixed now in the repository. If you want to fix it yourself, it's just a one line fix.

SSH in and edit /www/torip.sh, and change:

Code: Select all

tor_ip_file=$(uci get tor.global.enabled_ip_file 2>/dev/null)
to

Code: Select all

tor_ip_file=$(uci get tor.client.enabled_ip_file 2>/dev/null)
thank you for ansvering Eric

your fix is working

shrooms
Posts: 2
Joined: Mon Mar 12, 2012 3:44 pm

Re: Tor Hidden Service

Post by shrooms »

How can I edit torip.sh with ssh?
when I try "edit /www/torip.sh" then I get "-ash: edit: not found".


And I have a second question.
Is it possible to host a hidden service like a webpage or a jabber server?
And if it is possible how can I do that. Is there a toorc file somewhere which we can edit? I could not find an answer to this.
Hope you can help me. ;)

Post Reply