[tor-relays] How to use our own TOR relay as entry node for local network hosts

teor teor2345 at gmail.com
Tue Jun 2 14:32:05 UTC 2015 

> Date: Sun, 24 May 2015 08:47:20 +1000
> From: Zenaan Harkness <zen at freedbms.net>
> 
>> 3. Disable the polipo proxy on the Tor relay in your network,  you do
>> not need that. Run a bridge instead of a relay. Make it a non public
>> bride (PublishServerDescriptor 0) and run Tor Browser on all the
>> computers in your network with UseBridges 1 and define the ip:port of
>> your bridge and connect it directly, no proxy setting. This way other
>> 'strangers' won't be able to use your bridge and you will also not
>> need the Guard flag or uptime and bandwidth requirements.
> 
> That last bit (UseBridges 1, configure bridge IP), looks like it does
> the job needed here, no new Tor config options required.

There are 3 different ways to set up your local bridge, each with their own pros and cons:

1. Configure a private bridge
* Only your clients use this bridge
* No cover traffic

2. Configure a bridge distributed by BridgeDB
* Your clients and other clients may use your bridge as the first hop
* BridgeDB doesn't distribute all bridges straight away, so you may or may not get cover traffic
* You can't separately rate limit external and local traffic at the bridge itself - RelayBandwidthRate includes all bridge traffic

3. Configure the server as a relay, but configure the clients to connect to it as a bridge
* If you configure a client with a mandatory guard relay using EntryNodes and StrictNodes, the relay must have and maintain the guard flag. But configuring clients with a relay server in a "bridge" config line avoids the need for a guard flag.
* Your clients use this bridge, as do other clients as at least a middle hop, and a guard or exit hop depending on flags
* You get the most cover traffic this way
* You can't separately rate limit external and local traffic at the bridge itself - RelayBandwidthRate includes all relay and bridge traffic
* This mode of operation is less common, and may reveal some bugs in Tor. In my experience it has worked fine for months with 0.2.5 - 0.2.7-alpha, but please report any issues on  https://trac.torproject.org/projects/tor/ticket/1776
*  As a precaution, if you ever reconfigure a relay Tor node as a bridge Tor node, please delete the keys so it appears as a new bridge in BridgeDB.

teor

teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150603/aeae3404/attachment.sig>

More information about the tor-relays mailing list