aboutsummaryrefslogtreecommitdiff
path: root/ANONYMITY_NETWORKS.md
diff options
context:
space:
mode:
authorLee Clagett <code@leeclagett.com>2019-01-23 21:37:43 +0000
committerLee Clagett <code@leeclagett.com>2019-03-25 01:35:13 +0000
commit7acfa9f3cc7b52c0f4776dde3c3f80674cc3306f (patch)
tree5d1903ab4b132c137b1bb838037f024d6fb8b0d3 /ANONYMITY_NETWORKS.md
parentMerge pull request #5286 (diff)
downloadmonero-7acfa9f3cc7b52c0f4776dde3c3f80674cc3306f.tar.xz
Added socks proxy (tor/i2pd/kovri) support to wallet
Diffstat (limited to 'ANONYMITY_NETWORKS.md')
-rw-r--r--ANONYMITY_NETWORKS.md34
1 files changed, 34 insertions, 0 deletions
diff --git a/ANONYMITY_NETWORKS.md b/ANONYMITY_NETWORKS.md
index a5f18010e..feb8528da 100644
--- a/ANONYMITY_NETWORKS.md
+++ b/ANONYMITY_NETWORKS.md
@@ -19,6 +19,11 @@ network. The transaction will not be broadcast unless an anonymity connection
is made or until `monerod` is shutdown and restarted with only public
connections enabled.
+Anonymity networks can also be used with `monero-wallet-cli` and
+`monero-wallet-rpc` - the wallets will connect to a daemon through a proxy. The
+daemon must provide a hidden service for the RPC itself, which is separate from
+the hidden service for P2P connections.
+
## P2P Commands
@@ -74,6 +79,35 @@ forwarded to `monerod` localhost port 30000.
These addresses will be shared with outgoing peers, over the same network type,
otherwise the peer will not be notified of the peer address by the proxy.
+### Wallet RPC
+
+An anonymity network can be configured to forward incoming connections to a
+`monerod` RPC port - which is independent from the configuration for incoming
+P2P anonymity connections. The anonymity network (Tor/i2p) is
+[configured in the same manner](#configuration), except the localhost port
+must be the RPC port (typically 18081 for mainnet) instead of the p2p port:
+
+> HiddenServiceDir /var/lib/tor/data/monero
+> HiddenServicePort 18081 127.0.0.1:18081
+
+Then the wallet will be configured to use a Tor/i2p address:
+> `--proxy 127.0.0.1:9050`
+> `--daemon-address rveahdfho7wo4b2m.onion`
+
+The proxy must match the address type - a Tor proxy will not work properly with
+i2p addresses, etc.
+
+i2p and onion addresses provide the information necessary to authenticate and
+encrypt the connection from end-to-end. If desired, SSL can also be applied to
+the connection with `--daemon-address https://rveahdfho7wo4b2m.onion` which
+requires a server certificate that is signed by a "root" certificate on the
+machine running the wallet. Alternatively, `--daemon-cert-file` can be used to
+specify a certificate to authenticate the server.
+
+Proxies can also be used to connect to "clearnet" (ipv4 addresses or ICANN
+domains), but `--daemon-cert-file` _must_ be used for authentication and
+encryption.
+
### Network Types
#### Tor & I2P