Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
torrc examples
This file is part of Whonix
Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
See the file COPYING for copying conditions.
**** Do NOT edit this file! ****
This file will show you examples you can copy and paste to /etc/tor/torrc
Additionally, you can read the official Tor Manual at:
https://www.torproject.org/docs/tor-manual.html.en
**** Do NOT edit this file! ****
Contents
========
- Bridges
- Firewall
- Proxy
- Hidden Services
Bridges
=======
Less sophisticated censors prevent users from accessing
the Tor network by blocking connections to known relays.
"Bridge relays" help these users access Tor by not being
in the same public lists as normal relays.
Sophisticated censors can only be circumvented with
private obfuscated bridges.
Because there is NOT a 100% way to hide Tor, Whonix does
NOT recommend using Tor if you fear detection.
Finding Public Bridges
----------------------
https://bridges.torproject.org/bridges
If you can not reach the URL, send an email (from a
gmail.com or yahoo.com account only) to
bridges@torproject.org with "get bridges" in the
message body.
Private Obfuscated Bridges
--------------------------
A sophisticated user you trust -- outside the reach of
the censors but accessible from your location -- must
run a bridge service configured with obfsproxy (to
help avoid detection) and the option
"PublishServerDescriptor 0" (to not be listed by The
Tor Project). However, since even private obfuscated
bridges can ultimately be detected, Whonix does NOT
recommend using bridges if you fear detection.
To use bridges, copy the two lines below and paste
them into /etc/tor/torrc
UseBridges 1
ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed
You must also add the IPs for your bridges. The
following lines are an example of how it should look:
bridge 23.22.110.133:443
bridge 24.22.1.54:443
bridge obfs2 209.176.111.47:42105
bridge obfs3 199.241.31.96:12873
bridge obfs4 141.201.27.48:420 gibberish cert=more-gibberish iat-mode=0
Firewall
========
The option ReachableAddresses ADDR[/MASK][:PORT]
restricts the ports and IPs that Tor attempts to connect
through. Study the examples below.
If your firewall blocks all ports but 80 and 443, copy the
two lines below into /etc/tor/torrc
ReachableAddresses accept *:80
ReachableAddresses accept *:443
If your firewall allows connections to everything inside
net 99, rejects port 80 inside net 18, but otherwise
accepts connections to port 80:
ReachableAddresses 99.0.0.0/8
ReachableAddresses reject 18.0.0.0/8:80
ReachableAddresses accept *:80
Proxy
=====
If you use an HTTP, SOCKS 4, or SOCKS 5 proxy to connect to
the internet, study the examples below and configure
/etc/tor/torrc accordingly.
Note, you need to use the IP instead of the hostname
(proxy.example.com). This may result in subtle differences
your proxy may detect. See also Whonix documentation:
https://www.whonix.org/wiki/Tunnel_Tor_through_proxy_or_VPN_or_SSH#Tunnel_Tor_through_proxy
HTTP Proxy
----------
If you use an HTTP proxy at 192.168.1.44 via port 443
HTTPSProxy 192.168.1.44:443
If it requires a username and password
HTTPSProxyAuthenticator username:password
SOCKS 4
-------
To use a SOCKS 4 proxy at 10.0.1.3 via port 1080
Socks4Proxy 10.0.1.3:1080
SOCKS 5
-------
To use a SOCKS 5 proxy at 172.1.3.3 via port 1080
Socks5Proxy 172.1.3.3:1080
If it requires a username and password
Socks5ProxyUsername username
Socks5ProxyPassword password
Hidden Services
===============
To make a service on Whonix-Workstation accessible over
Tor, you must assign a directory and port for it inside
Whonix-Gateway's /etc/tor/torrc. Below are examples that
you can copy to /etc/tor/torrc
For a longer tutorial, see:
https://www.whonix.org/wiki/Hidden_Services
Web Server
----------
If a web server is running in Whonix-Workstation, add
the next two lines to /etc/tor/torrc to make it
accessible to others.
HiddenServiceDir /var/lib/tor/webserver/
HiddenServicePort 80 10.152.152.11:80
Find the .onion address for this service:
sudo cat /var/lib/tor/webserver/hostname
Backup /var/lib/tor/webserver/private_key
TorChat
-------
HiddenServiceDir /var/lib/tor/torchat/
HiddenServicePort 11009 10.152.152.11:11009
Find the .onion address for this service:
sudo cat /var/lib/tor/torchat/hostname
Backup /var/lib/tor/torchat/private_key
Mumble Server
-------------
HiddenServiceDir /var/lib/tor/mumble/
HiddenServicePort 80 10.152.152.11:80
Find the .onion address for this service:
sudo cat /var/lib/tor/mumble/hostname
Backup /var/lib/tor/mumble/private_key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment