diff options
author | Lee Clagett <code@leeclagett.com> | 2019-01-23 21:37:43 +0000 |
---|---|---|
committer | Lee Clagett <code@leeclagett.com> | 2019-03-25 01:35:13 +0000 |
commit | 7acfa9f3cc7b52c0f4776dde3c3f80674cc3306f (patch) | |
tree | 5d1903ab4b132c137b1bb838037f024d6fb8b0d3 /ANONYMITY_NETWORKS.md | |
parent | Merge pull request #5286 (diff) | |
download | monero-7acfa9f3cc7b52c0f4776dde3c3f80674cc3306f.tar.xz |
Added socks proxy (tor/i2pd/kovri) support to wallet
Diffstat (limited to 'ANONYMITY_NETWORKS.md')
-rw-r--r-- | ANONYMITY_NETWORKS.md | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/ANONYMITY_NETWORKS.md b/ANONYMITY_NETWORKS.md index a5f18010e..feb8528da 100644 --- a/ANONYMITY_NETWORKS.md +++ b/ANONYMITY_NETWORKS.md @@ -19,6 +19,11 @@ network. The transaction will not be broadcast unless an anonymity connection is made or until `monerod` is shutdown and restarted with only public connections enabled. +Anonymity networks can also be used with `monero-wallet-cli` and +`monero-wallet-rpc` - the wallets will connect to a daemon through a proxy. The +daemon must provide a hidden service for the RPC itself, which is separate from +the hidden service for P2P connections. + ## P2P Commands @@ -74,6 +79,35 @@ forwarded to `monerod` localhost port 30000. These addresses will be shared with outgoing peers, over the same network type, otherwise the peer will not be notified of the peer address by the proxy. +### Wallet RPC + +An anonymity network can be configured to forward incoming connections to a +`monerod` RPC port - which is independent from the configuration for incoming +P2P anonymity connections. The anonymity network (Tor/i2p) is +[configured in the same manner](#configuration), except the localhost port +must be the RPC port (typically 18081 for mainnet) instead of the p2p port: + +> HiddenServiceDir /var/lib/tor/data/monero +> HiddenServicePort 18081 127.0.0.1:18081 + +Then the wallet will be configured to use a Tor/i2p address: +> `--proxy 127.0.0.1:9050` +> `--daemon-address rveahdfho7wo4b2m.onion` + +The proxy must match the address type - a Tor proxy will not work properly with +i2p addresses, etc. + +i2p and onion addresses provide the information necessary to authenticate and +encrypt the connection from end-to-end. If desired, SSL can also be applied to +the connection with `--daemon-address https://rveahdfho7wo4b2m.onion` which +requires a server certificate that is signed by a "root" certificate on the +machine running the wallet. Alternatively, `--daemon-cert-file` can be used to +specify a certificate to authenticate the server. + +Proxies can also be used to connect to "clearnet" (ipv4 addresses or ICANN +domains), but `--daemon-cert-file` _must_ be used for authentication and +encryption. + ### Network Types #### Tor & I2P |