Onioncat and Tor on Ubuntu 1604

setupTorWithOnioncat.sh

#/bin/bash

echo 'deb http://deb.torproject.org/torproject.org xenial main' > /etc/apt/sources.list.d/tor.list
echo 'deb-src http://deb.torproject.org/torproject.org xenial main' >> /etc/apt/sources.list.d/tor.list
gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

apt-get update
apt-get install -y tor deb.torproject.org-keyring onioncat apparmor-utils dstat patch curl vim-nox

service apparmor restart
 
curl https://gist.githubusercontent.com/phieber/b3f7c49e2642859016ee7a13a914a54f/raw/6c52abf2ca8935bef74d3db68118a43cc92cb642/torrc_ocat.patch | patch -b
curl https://raw.githubusercontent.com/chgans/tor-exit-notice/master/tor-exit-notice_DE.html > /etc/tor/tor-exit-notice.html
chown -R debian-tor:debian-tor /etc/tor
service tor stop
sleep 5
service tor start

sleep 5
ocatHostname="$(cat /var/lib/tor/onioncat/hostname)"
sed -i -e 's@^#\(ENABLED\)@\1@' -e 's@^DAEMON_OPTS.*@DAEMON_OPTS="-d 0 '${ocatHostname}'"@' /etc/default/onioncat
service onioncat restart

ip -6 address show tun0

# vim:ts=2:sw=2:ai

torrc_ocat.patch

--- torrc.orig	2016-10-17 23:13:49.000000000 +0200
+++ torrc	2016-11-13 20:12:55.777478370 +0100
@@ -35,7 +35,7 @@
 ## may provide sensitive information to an attacker who obtains the logs.
 ##
 ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
-#Log notice file /var/log/tor/notices.log
+Log notice file /var/log/tor/notices.log
 ## Send every possible message to /var/log/tor/debug.log
 #Log debug file /var/log/tor/debug.log
 ## Use the system log instead of Tor's logfiles
@@ -46,7 +46,7 @@
 ## Uncomment this to start the process in the background... or use
 ## --runasdaemon 1 on the command line. This is ignored on Windows;
 ## see the FAQ entry if you want Tor to run as an NT service.
-#RunAsDaemon 1
+RunAsDaemon 1
 
 ## The directory for keeping all the keys/etc. By default, we store
 ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
@@ -76,6 +76,9 @@
 #HiddenServicePort 80 127.0.0.1:80
 #HiddenServicePort 22 127.0.0.1:22
 
+HiddenServiceDir /var/lib/tor/onioncat/
+HiddenServicePort 8060 127.0.0.1:8060
+
 ################ This section is just for relays #####################
 #
 ## See https://www.torproject.org/docs/tor-doc-relay for details.
@@ -86,7 +89,7 @@
 ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
 ## follows.  You'll need to do ipchains or other port forwarding
 ## yourself to make this work.
-#ORPort 443 NoListen
+ORPort 443
 #ORPort 127.0.0.1:9090 NoAdvertise
 
 ## The IP address or full DNS name for incoming connections to your
@@ -116,11 +119,13 @@
 ##
 ## Set a maximum of 40 gigabytes each way per period.
 #AccountingMax 40 GBytes
+AccountingMax 2000 GBytes
 ## Each period starts daily at midnight (AccountingMax is per day)
 #AccountingStart day 00:00
 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax
 ## is per month)
 #AccountingStart month 3 15:00
+AccountingStart month 1 00:00
 
 ## Administrative contact information for this relay or bridge. This line
 ## can be used to contact you if your relay or bridge is misconfigured or
@@ -139,13 +144,13 @@
 ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
 ## follows.  below too. You'll need to do ipchains or other port
 ## forwarding yourself to make this work.
-#DirPort 80 NoListen
+DirPort 80
 #DirPort 127.0.0.1:9091 NoAdvertise
 ## Uncomment to return an arbitrary blob of html on your DirPort. Now you
 ## can explain what Tor is if anybody wonders why your IP address is
 ## contacting them. See contrib/tor-exit-notice.html in Tor's source
 ## distribution for a sample.
-#DirPortFrontPage /etc/tor/tor-exit-notice.html
+DirPortFrontPage /etc/tor/tor-exit-notice.html
 
 ## Uncomment this if you run more than one Tor relay, and add the identity
 ## key fingerprint of each Tor relay you control, even if they're on
@@ -187,7 +192,85 @@
 #ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
 #ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
 #ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
-#ExitPolicy reject *:* # no exits allowed
+
+ExitPolicy accept *:20-21     # FTP
+ExitPolicy accept *:22        # SSH
+ExitPolicy accept *:23        # Telnet
+ExitPolicy accept *:43        # WHOIS
+ExitPolicy accept *:53        # DNS
+ExitPolicy accept *:79        # finger
+ExitPolicy accept *:80-81     # HTTP
+ExitPolicy accept *:88        # kerberos
+ExitPolicy accept *:110       # POP3
+ExitPolicy accept *:143       # IMAP
+ExitPolicy accept *:194       # IRC
+ExitPolicy accept *:220       # IMAP3
+ExitPolicy accept *:389       # LDAP
+ExitPolicy accept *:443       # HTTPS
+ExitPolicy accept *:464       # kpasswd
+ExitPolicy accept *:465       # URD for SSM (more often: an alternative SUBMISSION port, see 587)
+ExitPolicy accept *:531       # IRC/AIM
+ExitPolicy accept *:543-544   # Kerberos
+ExitPolicy accept *:554       # RTSP
+ExitPolicy accept *:563       # NNTP over SSL
+ExitPolicy accept *:587       # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here)
+ExitPolicy accept *:636       # LDAP over SSL
+ExitPolicy accept *:706       # SILC
+ExitPolicy accept *:749       # kerberos 
+ExitPolicy accept *:873       # rsync
+ExitPolicy accept *:902-904   # VMware
+ExitPolicy accept *:981       # Remote HTTPS management for firewall
+ExitPolicy accept *:989-990   # FTP over SSL
+ExitPolicy accept *:991       # Netnews Administration System
+ExitPolicy accept *:992       # TELNETS
+ExitPolicy accept *:993       # IMAP over SSL
+ExitPolicy accept *:994       # IRCS
+ExitPolicy accept *:995       # POP3 over SSL
+ExitPolicy accept *:1194      # OpenVPN
+ExitPolicy accept *:1220      # QT Server Admin
+ExitPolicy accept *:1293      # PKT-KRB-IPSec
+ExitPolicy accept *:1500      # VLSI License Manager
+ExitPolicy accept *:1533      # Sametime
+ExitPolicy accept *:1677      # GroupWise
+ExitPolicy accept *:1723      # PPTP
+ExitPolicy accept *:1755      # RTSP
+ExitPolicy accept *:1863      # MSNP
+ExitPolicy accept *:2082      # Infowave Mobility Server
+ExitPolicy accept *:2083      # Secure Radius Service (radsec)
+ExitPolicy accept *:2086-2087 # GNUnet, ELI
+ExitPolicy accept *:2095-2096 # NBX
+ExitPolicy accept *:2102-2104 # Zephyr
+ExitPolicy accept *:3128      # SQUID
+ExitPolicy accept *:3389      # MS WBT
+ExitPolicy accept *:3690      # SVN
+ExitPolicy accept *:4321      # RWHOIS
+ExitPolicy accept *:4643      # Virtuozzo
+ExitPolicy accept *:5050      # MMCC
+ExitPolicy accept *:5190      # ICQ
+ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
+ExitPolicy accept *:5228      # Android Market
+ExitPolicy accept *:5900      # VNC
+ExitPolicy accept *:6660-6669 # IRC
+ExitPolicy accept *:6679      # IRC SSL  
+ExitPolicy accept *:6697      # IRC SSL  
+ExitPolicy accept *:8000      # iRDMI
+ExitPolicy accept *:8008      # HTTP alternate
+ExitPolicy accept *:8074      # Gadu-Gadu
+ExitPolicy accept *:8080      # HTTP Proxies
+ExitPolicy accept *:8082      # HTTPS Electrum Bitcoin port
+ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
+ExitPolicy accept *:8332-8333 # Bitcoin
+ExitPolicy accept *:8443      # PCsync HTTPS
+ExitPolicy accept *:8888      # HTTP Proxies, NewsEDGE
+ExitPolicy accept *:9418      # git
+ExitPolicy accept *:9999      # distinct
+ExitPolicy accept *:10000     # Network Data Management Protocol
+ExitPolicy accept *:11371     # OpenPGP hkp (http keyserver protocol)
+ExitPolicy accept *:19294     # Google Voice TCP
+ExitPolicy accept *:19638     # Ensim control panel
+ExitPolicy accept *:50002     # Electrum Bitcoin SSL
+ExitPolicy accept *:64738     # Mumble
+ExitPolicy reject *:* # no exits allowed
 
 ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
 ## main directory. Since there is no complete public list of them, even an