Re: [tor-relays] How to use our own TOR relay as entry node for local network hosts - tor-relays

2 Jun 2015

      ...
Date: Sun, 24 May 2015 08:47:20 +1000
From: Zenaan Harkness zen@freedbms.net
...

Disable the polipo proxy on the Tor relay in your network,  you do

not need that. Run a bridge instead of a relay. Make it a non public
bride (PublishServerDescriptor 0) and run Tor Browser on all the
computers in your network with UseBridges 1 and define the ip:port of
your bridge and connect it directly, no proxy setting. This way other
'strangers' won't be able to use your bridge and you will also not
need the Guard flag or uptime and bandwidth requirements.
That last bit (UseBridges 1, configure bridge IP), looks like it does
the job needed here, no new Tor config options required.
There are 3 different ways to set up your local bridge, each with their own pros and cons:
1. Configure a private bridge
* Only your clients use this bridge
* No cover traffic
2. Configure a bridge distributed by BridgeDB
* Your clients and other clients may use your bridge as the first hop
* BridgeDB doesn't distribute all bridges straight away, so you may or may not get cover traffic
* You can't separately rate limit external and local traffic at the bridge itself - RelayBandwidthRate includes all bridge traffic
3. Configure the server as a relay, but configure the clients to connect to it as a bridge
* If you configure a client with a mandatory guard relay using EntryNodes and StrictNodes, the relay must have and maintain the guard flag. But configuring clients with a relay server in a "bridge" config line avoids the need for a guard flag.
* Your clients use this bridge, as do other clients as at least a middle hop, and a guard or exit hop depending on flags
* You get the most cover traffic this way
* You can't separately rate limit external and local traffic at the bridge itself - RelayBandwidthRate includes all relay and bridge traffic
* This mode of operation is less common, and may reveal some bugs in Tor. In my experience it has worked fine for months with 0.2.5 - 0.2.7-alpha, but please report any issues on  https://trac.torproject.org/projects/tor/ticket/1776
*  As a precaution, if you ever reconfigure a relay Tor node as a bridge Tor node, please delete the keys so it appears as a new bridge in BridgeDB.
teor
teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7