Hi there...
1st post (I figured after years of donating to EFF, I should run a tor relay). I've searched and read many posts on tor-relays and the best Windows Tor Server Guide I found was this below one by Rafael Rodriguez. A few questions, and apologies if they seem silly, but there is scant info out there for us Windows admins.
- is a web server needed? - the below email post had the slashes stripped from the path entries which makes it tricky to follow (talk about an annoying mail-list process). Overall, throw all the files in a single dir? - before I load it as a service, once all files and config the "torrc" can I just launch the tor.exe and then test it's working? - is this the only way to run a relay on Windows? Hoping there's a special approach to simplify the process (now I know why there aren't more of them).
Thanks, -Ben
Rafael Rodriguez rafaelr at icctek.com Wed Nov 5 00:47:46 UTC 2014
Previous message: [tor-relays] Windows Tor Server Guide Next message: [tor-relays] Windows Tor Server Guide Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, here is it. Please, feel free to contribute to it.
RUNNING A TOR SERVER IN WINDOWS
- Download latest Tor Browser Bundle. - Install to c:tor - Create a temporary folder on your Desktop and name it "server". - Copy all files from C:TorBrowserTorBrowserDataTor to the "server" folder on the Desktop. - Browse to C:TorBrowserTorBrowserTor; delete the folder "PluggableTransports" and it content. - Copy all files from C:TorBrowserTorBrowserTor to the "server" folder on the Desktop. - Browse to C:Tor and delete everything inside that folder. C:Tor should be completely empty at this point. - Move all files from the "server" folder on your Desktop to C:Tor - Browse to C:Tor and create a new folder named "datadir". - Create a new text file in C:Tor named "notices" (I myself use notices.log but we want to keep it simple for users who may not know how to change the file extension from .txt to .log) - EDIT C:TORTORRC FILE: (this could be the torrc-defaults file and all its comments). Note that the sample below is just for references. Each user needs to define her/his own parameters based on their own needs and that's impossible for me to cover in a single file for everyone. Hence, each parameter should be included in the torrc-defaults with due comments to be used as reference. Also, noted that I'm using IPv4 geoip by default. Users using IPv6 should define geoip6 in their torrc file. Then again, I cannot use a single sample file for all deployments. The defaults file should be used as reference once again.
DATADIRECTORY .DATADIR LOG NOTICE FILE .NOTICES.TXT GEOIPFILE .GEOIP AvoidDiskWrites 1 SocksPort 0 ORPort 9001 DirPort 9030 ExitPolicy reject *:* Nickname RelayBandwidthRate RelayBandwidthBurst
Up until this point, all I've written is nothing more than using the default Tor Bundle to create a "Server" package. All steps above could be made easier for users if a "Tor Windows Server" package was available for download on the Tor Project or somewhere else. I refuse the idea of creating such package myself to distribute it since many packages could start floating on the net and bad intentioned people could bundle them with arbitrary code, viruses and so on. A Windows Installer package can be built for distribution though.
Next, I will address the two main things we need to run tor as a Windows service (server):
1- Install Tor as Windows Service. 2- Security (Isolating the Tor service).
INSTALL TOR AS WINDOWS SERVICE
I personally use nssm [2] (Non-Sucking Service Manager) myself to register the service but feel free to use default Windows tools for registering Tor service if you believe so. Anyways, irrespective the tool used to register the Tor service, we just need the following:
Service: C:Tortor.exe Name: TorServer Parameters: -f C:Tortorrc
Start the TorServer service and everything should just work at this point. The datadir directory will be populated with tor files once started and the notices.txt file will also reflect so.
SECURITY (Quick explanation - We can go into details later)
- Create a Standard user account and name it Tor with a strong password. - Policies:
1- Deny access to this computer from the network 2- Deny log on locally 3- Deny log on through Remote Desktop Services
- NTFS Permissions for Tor windows user account:
1- Read/Write permissions to datadir folder 2- Read/Write permissions to notices.txt or (notices.log) file
- Open Services, Start -> Run -> type "services.msc" without quotes, press enter and your Services window will pop up. Scroll down and find the TorServer service and double click it. Move to the LOG ON tab and set the "Log on as: This account: .TOR. Enter the strong password for the Tor user account in the password field and apply changes. Restart the service and now Tor will be running in its own isolated/limited account in Windows.
Hi !
From my memories, I think the "Expert" Tor installer for Windows is installing, registering and launching Tor as service in a completely automatic way. It must be run as administrator, if not the Tor files cannot be written to "Program Files" and the service cannot be registered into Windows. This installer could be found into "View all downloads" on the "Download Tor" page.
You will have to find where is the Tor's DataDir ! But it should not be too complicated. Feel free to try :) I remember it as easy.
At the begining, it will not be a Tor Relay, just a Tor proxy client listening on 127.0.0.1:9050 (it will change once you will edit your torrc and restart the Tor service)
But the idea of isolating the Tor service with a dedicated user, that cannot touch anything on the system, is a pretty good idea also. I'm not sure the Expert installer does that, but it should not be too much complicated (following the "how to" should be enough for that part).
From the task manager, you can launch the "resource manager" : into the "network" tab, you have a view of all listening socket into your system. (You can see if Tor is inside or not, for example by looking if something listens on 9050, or another port you defined on torrc file). You can also see the Tor's log file ! It's usefull as it warns you in case of problems, and it tells you if it's working.
Good luck !
PS : Expert Installer should probably not be used for browing the Internet through Tor with a "standard browser". TBB is a better solution for Browsing Internet trough Tor (thanks to a secured browser). That's why Expert Installer is a little bit "hidden", for avoiding people browing Internet with it. But for a server use, Expert Installer does the job !
----- Mail original ----- De: "Ben Serebin" ben@reefsolutions.com À: "tor-relays@lists.torproject.org" tor-relays@lists.torproject.org Envoyé: Dimanche 17 Mai 2015 07:59:14 Objet: Re: [tor-relays] Windows Tor Server Guide
Hi there…
1 st post (I figured after years of donating to EFF, I should run a tor relay). I’ve searched and read many posts on tor-relays and the best Windows Tor Server Guide I found was this below one by Rafael Rodriguez. A few questions, and apologies if they seem silly, but there is scant info out there for us Windows admins.
- is a web server needed?
- the below email post had the slashes stripped from the path entries which makes it tricky to follow (talk about an annoying mail-list process). Overall, throw all the files in a single dir?
- before I load it as a service, once all files and config the “torrc” can I just launch the tor.exe and then test it’s working?
- is this the only way to run a relay on Windows? Hoping there’s a special approach to simplify the process (now I know why there aren’t more of them).
Thanks,
-Ben
Rafael Rodriguez rafaelr at icctek.com
Wed Nov 5 00:47:46 UTC 2014
Previous message: [tor-relays] Windows Tor Server Guide
Next message: [tor-relays] Windows Tor Server Guide
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, here is it. Please, feel free to contribute to it.
RUNNING A TOR SERVER IN WINDOWS
- Download latest Tor Browser Bundle.
- Install to c:tor
- Create a temporary folder on your Desktop and name it "server".
- Copy all files from C:TorBrowserTorBrowserDataTor to the "server"
folder on the Desktop.
- Browse to C:TorBrowserTorBrowserTor; delete the folder
"PluggableTransports" and it content.
- Copy all files from C:TorBrowserTorBrowserTor to the "server" folder
on the Desktop.
- Browse to C:Tor and delete everything inside that folder. C:Tor should
be completely empty at this point.
- Move all files from the "server" folder on your Desktop to C:Tor
- Browse to C:Tor and create a new folder named "datadir".
- Create a new text file in C:Tor named "notices" (I myself use
notices.log but we want to keep it simple for users who may not know how
to change the file extension from .txt to .log)
- EDIT C:TORTORRC FILE: (this could be the torrc-defaults file and all
its comments). Note that the sample below is just for references. Each
user needs to define her/his own parameters based on their own needs and
that's impossible for me to cover in a single file for everyone. Hence,
each parameter should be included in the torrc-defaults with due
comments to be used as reference. Also, noted that I'm using IPv4 geoip
by default. Users using IPv6 should define geoip6 in their torrc file.
Then again, I cannot use a single sample file for all deployments. The
defaults file should be used as reference once again.
DATADIRECTORY .DATADIR
LOG NOTICE FILE .NOTICES.TXT
GEOIPFILE .GEOIP
AvoidDiskWrites 1
SocksPort 0
ORPort 9001
DirPort 9030
ExitPolicy reject *:*
Nickname
RelayBandwidthRate
RelayBandwidthBurst
Up until this point, all I've written is nothing more than using the
default Tor Bundle to create a "Server" package. All steps above could
be made easier for users if a "Tor Windows Server" package was available
for download on the Tor Project or somewhere else. I refuse the idea of
creating such package myself to distribute it since many packages could
start floating on the net and bad intentioned people could bundle them
with arbitrary code, viruses and so on. A Windows Installer package can
be built for distribution though.
Next, I will address the two main things we need to run tor as a Windows
service (server):
1- Install Tor as Windows Service.
2- Security (Isolating the Tor service).
INSTALL TOR AS WINDOWS SERVICE
I personally use nssm [2] (Non-Sucking Service Manager) myself to
register the service but feel free to use default Windows tools for
registering Tor service if you believe so. Anyways, irrespective the
tool used to register the Tor service, we just need the following:
Service: C:Tortor.exe
Name: TorServer
Parameters: -f C:Tortorrc
Start the TorServer service and everything should just work at this
point. The datadir directory will be populated with tor files once
started and the notices.txt file will also reflect so.
SECURITY (Quick explanation - We can go into details later)
- Create a Standard user account and name it Tor with a strong password.
- Policies:
1- Deny access to this computer from the network
2- Deny log on locally
3- Deny log on through Remote Desktop Services
- NTFS Permissions for Tor windows user account:
1- Read/Write permissions to datadir folder
2- Read/Write permissions to notices.txt or (notices.log) file
- Open Services, Start -> Run -> type "services.msc" without quotes,
press enter and your Services window will pop up. Scroll down and find
the TorServer service and double click it. Move to the LOG ON tab and
set the "Log on as: This account: .TOR. Enter the strong password for
the Tor user account in the password field and apply changes. Restart
the service and now Tor will be running in its own isolated/limited
account in Windows. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
Appreciate your response, but it's sadly the Windows "Expert Installer" is actually called "Expert Bundle" and is just 2 files of directories. No installer, no readme, nothing. It's also seems like an older version, tor-win32-0.2.6.7.zip. So, I ended up copying the instructions below from the Tor Browser package, and tried to get it working. No dice. I have a dedicated 50Mb/50Mb circuit I'm trying to setup as an exit node. Literally, all that bandwidth is just for Tor. Hence my frustration with this. Any assistance, is appreciated.
From administrator cmd, I ran "c:\torsrv\tor.exe -f c:\torsrv\torrc" and it launches and quits. And nothing is in debug log. Any help is appreciated.
Here is the torrc except the exitpolicy I'm running. All the files are under c:\torsrv. Any ideas?
# This file was generated by Tor; if you edit it, comments will not be preserved # Where to send logging messages. Format is minSeverity[-maxSeverity] # (stderr|stdout|syslog|file FILENAME). #Log notice stdout file c:\TorSrv\notices.log Log debug file C:\TorSrv\debug.log DataDirectory C:\TorSrv\ GeoIPFile C:\TorSrv\geoip GeoIPv6File C:\TorSrv\geoip6 # If non-zero, try to write to disk less frequently than we would otherwise. AvoidDiskWrites 1 # Bind to this address to listen to connections from SOCKS-speaking # applications. ORPort 443 DirPort 9030 SocksPort 9150 ControlPort 9151 CookieAuthentication 1
-Ben
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Julien ROBIN Sent: Sunday, May 17, 2015 6:41 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Windows Tor Server Guide
Hi !
From my memories, I think the "Expert" Tor installer for Windows is installing, registering and launching Tor as service in a completely automatic way. It must be run as administrator, if not the Tor files cannot be written to "Program Files" and the service cannot be registered into Windows. This installer could be found into "View all downloads" on the "Download Tor" page.
You will have to find where is the Tor's DataDir ! But it should not be too complicated. Feel free to try :) I remember it as easy.
At the begining, it will not be a Tor Relay, just a Tor proxy client listening on 127.0.0.1:9050 (it will change once you will edit your torrc and restart the Tor service)
But the idea of isolating the Tor service with a dedicated user, that cannot touch anything on the system, is a pretty good idea also. I'm not sure the Expert installer does that, but it should not be too much complicated (following the "how to" should be enough for that part).
From the task manager, you can launch the "resource manager" : into the "network" tab, you have a view of all listening socket into your system. (You can see if Tor is inside or not, for example by looking if something listens on 9050, or another port you defined on torrc file). You can also see the Tor's log file ! It's usefull as it warns you in case of problems, and it tells you if it's working.
Good luck !
PS : Expert Installer should probably not be used for browing the Internet through Tor with a "standard browser". TBB is a better solution for Browsing Internet trough Tor (thanks to a secured browser). That's why Expert Installer is a little bit "hidden", for avoiding people browing Internet with it. But for a server use, Expert Installer does the job !
----- Mail original ----- De: "Ben Serebin" ben@reefsolutions.com À: "tor-relays@lists.torproject.org" tor-relays@lists.torproject.org Envoyé: Dimanche 17 Mai 2015 07:59:14 Objet: Re: [tor-relays] Windows Tor Server Guide
Hi there…
1 st post (I figured after years of donating to EFF, I should run a tor relay). I’ve searched and read many posts on tor-relays and the best Windows Tor Server Guide I found was this below one by Rafael Rodriguez. A few questions, and apologies if they seem silly, but there is scant info out there for us Windows admins.
- is a web server needed?
- the below email post had the slashes stripped from the path entries which makes it tricky to follow (talk about an annoying mail-list process). Overall, throw all the files in a single dir?
- before I load it as a service, once all files and config the “torrc” can I just launch the tor.exe and then test it’s working?
- is this the only way to run a relay on Windows? Hoping there’s a special approach to simplify the process (now I know why there aren’t more of them).
Thanks,
-Ben
Rafael Rodriguez rafaelr at icctek.com
Wed Nov 5 00:47:46 UTC 2014
Previous message: [tor-relays] Windows Tor Server Guide
Next message: [tor-relays] Windows Tor Server Guide
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, here is it. Please, feel free to contribute to it.
RUNNING A TOR SERVER IN WINDOWS
- Download latest Tor Browser Bundle.
- Install to c:tor
- Create a temporary folder on your Desktop and name it "server".
- Copy all files from C:TorBrowserTorBrowserDataTor to the "server"
folder on the Desktop.
- Browse to C:TorBrowserTorBrowserTor; delete the folder
"PluggableTransports" and it content.
- Copy all files from C:TorBrowserTorBrowserTor to the "server" folder
on the Desktop.
- Browse to C:Tor and delete everything inside that folder. C:Tor should
be completely empty at this point.
- Move all files from the "server" folder on your Desktop to C:Tor
- Browse to C:Tor and create a new folder named "datadir".
- Create a new text file in C:Tor named "notices" (I myself use
notices.log but we want to keep it simple for users who may not know how
to change the file extension from .txt to .log)
- EDIT C:TORTORRC FILE: (this could be the torrc-defaults file and all
its comments). Note that the sample below is just for references. Each
user needs to define her/his own parameters based on their own needs and
that's impossible for me to cover in a single file for everyone. Hence,
each parameter should be included in the torrc-defaults with due
comments to be used as reference. Also, noted that I'm using IPv4 geoip
by default. Users using IPv6 should define geoip6 in their torrc file.
Then again, I cannot use a single sample file for all deployments. The
defaults file should be used as reference once again.
DATADIRECTORY .DATADIR
LOG NOTICE FILE .NOTICES.TXT
GEOIPFILE .GEOIP
AvoidDiskWrites 1
SocksPort 0
ORPort 9001
DirPort 9030
ExitPolicy reject *:*
Nickname
RelayBandwidthRate
RelayBandwidthBurst
Up until this point, all I've written is nothing more than using the
default Tor Bundle to create a "Server" package. All steps above could
be made easier for users if a "Tor Windows Server" package was available
for download on the Tor Project or somewhere else. I refuse the idea of
creating such package myself to distribute it since many packages could
start floating on the net and bad intentioned people could bundle them
with arbitrary code, viruses and so on. A Windows Installer package can
be built for distribution though.
Next, I will address the two main things we need to run tor as a Windows
service (server):
1- Install Tor as Windows Service.
2- Security (Isolating the Tor service).
INSTALL TOR AS WINDOWS SERVICE
I personally use nssm [2] (Non-Sucking Service Manager) myself to
register the service but feel free to use default Windows tools for
registering Tor service if you believe so. Anyways, irrespective the
tool used to register the Tor service, we just need the following:
Service: C:Tortor.exe
Name: TorServer
Parameters: -f C:Tortorrc
Start the TorServer service and everything should just work at this
point. The datadir directory will be populated with tor files once
started and the notices.txt file will also reflect so.
SECURITY (Quick explanation - We can go into details later)
- Create a Standard user account and name it Tor with a strong password.
- Policies:
1- Deny access to this computer from the network
2- Deny log on locally
3- Deny log on through Remote Desktop Services
- NTFS Permissions for Tor windows user account:
1- Read/Write permissions to datadir folder
2- Read/Write permissions to notices.txt or (notices.log) file
- Open Services, Start -> Run -> type "services.msc" without quotes,
press enter and your Services window will pop up. Scroll down and find
the TorServer service and double click it. Move to the LOG ON tab and
set the "Log on as: This account: .TOR. Enter the strong password for
the Tor user account in the password field and apply changes. Restart
the service and now Tor will be running in its own isolated/limited
account in Windows. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi All,
Here is the fix (thanks to Arma on IRC). Here are my instructions for Windows admins. Let me know where the wiki is, and I'll post this. Some of the windows instructions have the path wrong, this is the correct way.
- download the Expert Bundle package (as of 5/18/15 it's called tor-win32-0.0.6.7.zip ( https://www.torproject.org/download/download.html.en ) - unzip it and place contents in a TorSrv folder (e.g. C:\TorSrv). So, the 2 folders & subfolders would be C:\TorSrv\Data & C:\TorSrv\Tor. - add a Tor config file (torrc) to C:\TorSrv\Tor (as shown below with strict exit policy). Few things to update: nickname, contact info, and ports (e.g. ORPort, DirPort). - load a service... From Administration Command Prompt run the following command " C:\TorSrv\Tor>c:\torsrv\tor\tor.exe --service install -options -f c:\torsrv\tor" On reboot the service is set to Automatic. torrc" - any feedback, is appreciated.
-Ben
-------------- # This file was generated by Tor; if you edit it, comments will not be preserved # Where to send logging messages. Format is minSeverity[-maxSeverity] # (stderr|stdout|syslog|file FILENAME). #Log notice stdout file c:\TorSrv\notices.log Log notice file C:\TorSrv\debug.log DataDirectory C:\TorSrv\Data\Tor GeoIPFile C:\TorSrv\Data\Tor\geoip GeoIPv6File C:\TorSrv\Data\Tor\geoip6 # If non-zero, try to write to disk less frequently than we would otherwise. AvoidDiskWrites 1 # Bind to this address to listen to connections from SOCKS-speaking # applications. ORPort 443 DirPort 9030 SocksPort 9150 ControlPort 9151 CookieAuthentication 1 ## fteproxy configuration #ClientTransportPlugin fte exec TorBrowser\Tor\PluggableTransports\fteproxy --managed
## obfs4proxy configuration #ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy
## flash proxy configuration # # Change the second number here (9000) to the number of a port that can # receive connections from the Internet (the port for which you # configured port forwarding). #ClientTransportPlugin flashproxy exec TorBrowser\Tor\PluggableTransports\flashproxy-client --register :0 :9000
## meek configuration #ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer TorBrowser\Tor\PluggableTransports\meek-client-torbrowser -- TorBrowser\Tor\PluggableTransports\meek-client
ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 # finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP ExitPolicy accept *:8332-8333 # Bitcoin ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol) ExitPolicy accept *:19294 # Google Voice TCP ExitPolicy accept *:19638 # Ensim control panel ExitPolicy accept *:50002 # Electrum Bitcoin SSL ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:12350 # Skype reminder: blocks login from exit nodes since 2013 ExitPolicy reject *:23456 # Skype ExitPolicy reject *:33033 # Skype ExitPolicy reject *:* Nickname HelpMakeAmericaSafe ContactInfo me@somedomain.com ---------------------
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Ben Serebin Sent: Sunday, May 17, 2015 11:58 PM To: 'tor-relays@lists.torproject.org' Subject: Re: [tor-relays] Windows Tor Server Guide
Hi,
Appreciate your response, but it's sadly the Windows "Expert Installer" is actually called "Expert Bundle" and is just 2 files of directories. No installer, no readme, nothing. It's also seems like an older version, tor-win32-0.2.6.7.zip. So, I ended up copying the instructions below from the Tor Browser package, and tried to get it working. No dice. I have a dedicated 50Mb/50Mb circuit I'm trying to setup as an exit node. Literally, all that bandwidth is just for Tor. Hence my frustration with this. Any assistance, is appreciated.
From administrator cmd, I ran "c:\torsrv\tor.exe -f c:\torsrv\torrc" and it launches and quits. And nothing is in debug log. Any help is appreciated.
Here is the torrc except the exitpolicy I'm running. All the files are under c:\torsrv. Any ideas?
# This file was generated by Tor; if you edit it, comments will not be preserved # Where to send logging messages. Format is minSeverity[-maxSeverity] # (stderr|stdout|syslog|file FILENAME). #Log notice stdout file c:\TorSrv\notices.log Log debug file C:\TorSrv\debug.log DataDirectory C:\TorSrv\ GeoIPFile C:\TorSrv\geoip GeoIPv6File C:\TorSrv\geoip6 # If non-zero, try to write to disk less frequently than we would otherwise. AvoidDiskWrites 1 # Bind to this address to listen to connections from SOCKS-speaking # applications. ORPort 443 DirPort 9030 SocksPort 9150 ControlPort 9151 CookieAuthentication 1
-Ben
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Julien ROBIN Sent: Sunday, May 17, 2015 6:41 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Windows Tor Server Guide
Hi !
From my memories, I think the "Expert" Tor installer for Windows is installing, registering and launching Tor as service in a completely automatic way. It must be run as administrator, if not the Tor files cannot be written to "Program Files" and the service cannot be registered into Windows. This installer could be found into "View all downloads" on the "Download Tor" page.
You will have to find where is the Tor's DataDir ! But it should not be too complicated. Feel free to try :) I remember it as easy.
At the begining, it will not be a Tor Relay, just a Tor proxy client listening on 127.0.0.1:9050 (it will change once you will edit your torrc and restart the Tor service)
But the idea of isolating the Tor service with a dedicated user, that cannot touch anything on the system, is a pretty good idea also. I'm not sure the Expert installer does that, but it should not be too much complicated (following the "how to" should be enough for that part).
From the task manager, you can launch the "resource manager" : into the "network" tab, you have a view of all listening socket into your system. (You can see if Tor is inside or not, for example by looking if something listens on 9050, or another port you defined on torrc file). You can also see the Tor's log file ! It's usefull as it warns you in case of problems, and it tells you if it's working.
Good luck !
PS : Expert Installer should probably not be used for browing the Internet through Tor with a "standard browser". TBB is a better solution for Browsing Internet trough Tor (thanks to a secured browser). That's why Expert Installer is a little bit "hidden", for avoiding people browing Internet with it. But for a server use, Expert Installer does the job !
----- Mail original ----- De: "Ben Serebin" ben@reefsolutions.com À: "tor-relays@lists.torproject.org" tor-relays@lists.torproject.org Envoyé: Dimanche 17 Mai 2015 07:59:14 Objet: Re: [tor-relays] Windows Tor Server Guide
Hi there…
1 st post (I figured after years of donating to EFF, I should run a tor relay). I’ve searched and read many posts on tor-relays and the best Windows Tor Server Guide I found was this below one by Rafael Rodriguez. A few questions, and apologies if they seem silly, but there is scant info out there for us Windows admins.
- is a web server needed?
- the below email post had the slashes stripped from the path entries which makes it tricky to follow (talk about an annoying mail-list process). Overall, throw all the files in a single dir?
- before I load it as a service, once all files and config the “torrc” can I just launch the tor.exe and then test it’s working?
- is this the only way to run a relay on Windows? Hoping there’s a special approach to simplify the process (now I know why there aren’t more of them).
Thanks,
-Ben
Rafael Rodriguez rafaelr at icctek.com
Wed Nov 5 00:47:46 UTC 2014
Previous message: [tor-relays] Windows Tor Server Guide
Next message: [tor-relays] Windows Tor Server Guide
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, here is it. Please, feel free to contribute to it.
RUNNING A TOR SERVER IN WINDOWS
- Download latest Tor Browser Bundle.
- Install to c:tor
- Create a temporary folder on your Desktop and name it "server".
- Copy all files from C:TorBrowserTorBrowserDataTor to the "server"
folder on the Desktop.
- Browse to C:TorBrowserTorBrowserTor; delete the folder
"PluggableTransports" and it content.
- Copy all files from C:TorBrowserTorBrowserTor to the "server" folder
on the Desktop.
- Browse to C:Tor and delete everything inside that folder. C:Tor should
be completely empty at this point.
- Move all files from the "server" folder on your Desktop to C:Tor
- Browse to C:Tor and create a new folder named "datadir".
- Create a new text file in C:Tor named "notices" (I myself use
notices.log but we want to keep it simple for users who may not know how
to change the file extension from .txt to .log)
- EDIT C:TORTORRC FILE: (this could be the torrc-defaults file and all
its comments). Note that the sample below is just for references. Each
user needs to define her/his own parameters based on their own needs and
that's impossible for me to cover in a single file for everyone. Hence,
each parameter should be included in the torrc-defaults with due
comments to be used as reference. Also, noted that I'm using IPv4 geoip
by default. Users using IPv6 should define geoip6 in their torrc file.
Then again, I cannot use a single sample file for all deployments. The
defaults file should be used as reference once again.
DATADIRECTORY .DATADIR
LOG NOTICE FILE .NOTICES.TXT
GEOIPFILE .GEOIP
AvoidDiskWrites 1
SocksPort 0
ORPort 9001
DirPort 9030
ExitPolicy reject *:*
Nickname
RelayBandwidthRate
RelayBandwidthBurst
Up until this point, all I've written is nothing more than using the
default Tor Bundle to create a "Server" package. All steps above could
be made easier for users if a "Tor Windows Server" package was available
for download on the Tor Project or somewhere else. I refuse the idea of
creating such package myself to distribute it since many packages could
start floating on the net and bad intentioned people could bundle them
with arbitrary code, viruses and so on. A Windows Installer package can
be built for distribution though.
Next, I will address the two main things we need to run tor as a Windows
service (server):
1- Install Tor as Windows Service.
2- Security (Isolating the Tor service).
INSTALL TOR AS WINDOWS SERVICE
I personally use nssm [2] (Non-Sucking Service Manager) myself to
register the service but feel free to use default Windows tools for
registering Tor service if you believe so. Anyways, irrespective the
tool used to register the Tor service, we just need the following:
Service: C:Tortor.exe
Name: TorServer
Parameters: -f C:Tortorrc
Start the TorServer service and everything should just work at this
point. The datadir directory will be populated with tor files once
started and the notices.txt file will also reflect so.
SECURITY (Quick explanation - We can go into details later)
- Create a Standard user account and name it Tor with a strong password.
- Policies:
1- Deny access to this computer from the network
2- Deny log on locally
3- Deny log on through Remote Desktop Services
- NTFS Permissions for Tor windows user account:
1- Read/Write permissions to datadir folder
2- Read/Write permissions to notices.txt or (notices.log) file
- Open Services, Start -> Run -> type "services.msc" without quotes,
press enter and your Services window will pop up. Scroll down and find
the TorServer service and double click it. Move to the LOG ON tab and
set the "Log on as: This account: .TOR. Enter the strong password for
the Tor user account in the password field and apply changes. Restart
the service and now Tor will be running in its own isolated/limited
account in Windows. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Ben Serebin -
Julien ROBIN