Hi Eli,
On 29 Apr 2020, at 07:40, Eli Vakrat eli@vakrat.com wrote:
So thanks to teor's insightful response yesterday I decided to try to run a second tor relay (my middle node) on my private network.
Unfortunately, I can't do it with Chutney because my python client is running on a windows machine. But I do have 3 machines at my disposal:
- A windows machine (the python client)
- A mac (the guard node)
- Another mac (the middle node)
Can you run chutney on one of your macs? You don't need a separate machine for each Tor relay.
If you want to reach your chutney tors from another machine on your local network, you'll need to set this environmental variable: CHUTNEY_LISTEN_ADDRESS=(IPv4 of your Mac)
See: https://github.com/torproject/chutney/blob/master/README#L65
When my guard node tries to connect to my middle node after receiving from the client a RELAY_EXTEND cell, the guard node logs the following error:
Apr 28 17:00:31.000 [info] circuit_extend: Client asked me to extend to a private address
So regarding this, I have two questions:
- Is there a way for me to change something in my torrc file to override this error and allow my relay to extend to private IP addresses?
My torrc is currently configured as such (Notice I put some place holders for the drectories and for the ip address tha aren't actually whats written there): ContactInfo email@example.com ControlPort 9051 DataDirectory </path/to/data/dir> ExitPolicy reject *:* ExitRelay 0 GeoIPFile </path/to/geo/ip/file> GeoIPv6File </path/to/geo/ipv6/file> Log notice file <path/to/log/dirs/>/notice.log Log debug file <path/to/log/dirs/>/debug.log Log warn file <path/to/log/dirs/>/warn.log Nickname vtoria ORPort 443 NoAdvertise ORPort Relay.Public.IP.Example:443 NoListen SafeLogging 0 ExtendAllowPrivateAddresses 1
That's odd. ExtendAllowPrivateAddresses is set to 1, which is what you want.
Are you sure your relay is using this torrc? Check the path of the torrc in the logs. Try restarting the relay.
- Would there maybe be a better way to run this private tor network (without chutney)?
There are two alternatives: 1. Chutney does a lot of the work for you, so I'd recommend using it, if you can. 2. You can also set up relays on private IP addresses, and set "PublishServerDescriptor 0", so they don't publish their descriptors to the Tor directory authorities.
If you're not publishing descriptors, you can have as many relays as you like on the same IP address.
T