I'm trying to use bitcoin-qt with Tor (using Knots, but it should be similar with Core) and I've noticed there are different ways to do this.
Some folks start with a tor-browser instance first, then fire up bitcoin-qt with these settings in the bitcoin.conf file:
proxy=127.0.0.1:9050
listen=1
listenonion=1
But others are using the Tor service and have to deal with some kind of cookie registration, which sounds complicated and involves giving your login and password for that cookie.
What I'm looking for is a way to have a Linux desktop shortcut that launches bitcoin-qt with Tor enabled, so I don't have to keep changing the bitcoin.conf file every time I want to switch between clearnet and Tor.
I already have the Tor Browser installed, but I’m unsure if I should install it from the Debian repo or if it'll work fine like this.
I came across this tutorial, but the guy installs it via apt, while I already have the Tor Browser set up. Not sure if that matters. My version from the .tar files is checked with gpg and it's legit, so I don’t want to reinstall it from the repo unless it’s necessary.
When I try to run "tor version" in the terminal, it gives me "bash: tor: command not found", so maybe I’m missing something that doesn’t come with the Tor Browser .tar file?
It’s just confusing with all the different methods out there. If anyone has a current step-by-step guide, please share.
Best methods for running Bitcoin with Tor right now
9 replies 436 views
byte_orbitFull Member
Posts: 186 · Reputation: 738
#2Jan 12, 2022, 10:11 AM
I don't think the password is necessary. According to the docs, that is an alternative authentication method. https://bitcoincoredocs.com/tor.html. It is either Cookie Authentication or Hashed ControlPassword.
Good, you've figured out your first mistake. That's why it is called Browser! It is a standalone project that uses TOR and is different from the global tor service. Which Linux version are you using?
Last time I did this for my servers I used something like this, check it out: https://ubuntuhandbook.org/index.php/2021/01/install-tor-tor-browser-ubuntu-20-10-20-04/. It should be pretty straightforward. Let me know if you manage to do it.
There are two difference here:
1) TOR more as a "client" with a lower level of integration, which would be connecting through the proxy as you have written above. This method does not have any authentication.2) Authenticated mode with access to the Tor control protocol, deeper integration with the service. This is where the cookie authentication would come into play.
I am not sure if I remember correctly, but in the first method you would not get a .onion address and in the second you would. You can check the debug log for information about this. I am no longer 100% confident, but I think that in the first case the node would not act as a full peer despite listen=1 but I must freshen up my knowledge about it. Perhaps someone else can confirm.
Did you read the Wiki entry? https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
First, Tor Browser != the Tor service. Bitcoin Core/Knots works best with the system Tor daemon, not the browser bundle. which is also why tor --version is not found.
Here's some setup steps for Linux:
Install Tor daemon and start it
sudo apt update && sudo apt install tor
sudo systemctl enable --now tor
Allow Core to talk to Tor's ControlPort (for your .onion address)
Edit /etc/tor/torrc and ensure these lines exist:
Add your user to Tor's group and restart:
sudo usermod -aG debian-tor $USER
newgrp debian-tor
sudo systemctl restart tor
Minimal bitcoin.conf for Tor
optional if you want Tor-only outbound:
The "cookie" isn't a login/password. It's a local file Tor creates for ControlPort auth; adding yourself to debian-tor lets Core read it automatically. And if you want to use Tor Browser's SOCKS (127.0.0.1:9150), then Bitcoin can route outgoing traffic but won't manage a .onion listener because TB doesn't expose ControlPort by default. For a proper onion service, use the Tor daemon as above.
For the install steps, what about the extra steps seen on the video? He follows this:
https://support.torproject.org/apt/
They say it's recommended to do this and I assume not do just "apt install tor"
byte_orbitFull Member
Posts: 186 · Reputation: 738
#5Jan 12, 2022, 05:35 PM
Do it. It won't harm you in any case and it is officially recommended. Sometimes the included system repositories have very outdated software. For some types of software it is not that important whether you are on an earlier version or not, but for things like TOR it is very important to always be up to date.
I installed it from the Tor repository and got it working. I was able to run bitcoin-qt with Tor since it has the P on the GUI and im only connecting to .onion addresses in the Peers window. However, some things still not fully working it seems.
1) The RPC does not work when I use Tor for some reason. I try ./bitcoin-cli -datadir=path getnetworkinfo and it says:
There is no cookie so maybe I have the wrong settings on bitcoin.conf
For Tor, I comment everything except this:
On some tutorials I saw they use bind= instead of rpcbind=, im not sure about that
For clearnet, commenting everything except this:
Works, bitcoin-cli will run the commands and i see the cookie file. So it has to be something with the bitcoin.conf I guess that requires something specific for Tor
Another thing is, when I run with this the Tor setting settings I described, I don't see that an onion service is created. I think my node is not reachable. But I don't get it because from what I've heard BItcoin does not run with Tor unless your node is reachable when using Tor, but it was downloading blocks in Tor mode so I don't know.
Im supposed to see this in debug.log but not there:
And with getnetworkinfo I get this:
Also I do not get the onion_v3_private_key file that the guy in the video gets in /.bitcoin so im not sure in which state Tor is being run.. I mean it's connecting to other peers with onion addresses only and it's downloading blocks... so in theory it's working. However im not sure what im missing with that there.
Is it that it's working fine but im not reachable to other people? But again, listen=1 is enabled (since from what I can read it wouldn't even work in Tor mode) but I get 10 in / 0 out for connections (it has 0 incoming connections on that getnetworkinfo because the node is fully synced and I guess once it's fully synced it barely needs 1 peer every x minutes to update blockchain). So im not sure what's up with this.
Btw, I get a clearnet IP with getnodeaddresses
I just would like to know what's up with these since im not sure if it's wrongly configured and im connecting to people with a clearnet IP while recieving .onion addresses or something.
byte_orbitFull Member
Posts: 186 · Reputation: 738
#7Jan 12, 2022, 10:55 PM
TOR should not affect your connection to the RPC unless there a bug present. Can you please clarify whether you are trying to do this on testnet or mainnet? Just to make sure that there is no basic error or confusion here. 18332 is the RPC port for testnet. The mainnet port is 8332. A small reminder about .conf and CLI, do not update the .conf while the daemon is running. This may give you issues relating to configuration changes and may cause unnecessary confusion.
I will try to reproduce everything that you are doing. Can you please post complete configuration files (omit the passwords and such obviously)?
Using rpcbind=127.0.0.1 works for clearnet, but does not work with tor, because it does not create the .cookie file. For it to work I had to comment #rpcbind=127.0.0.1 and add a line that is bind=127.0.0.1 otherwise it does not create the .cookie
Btw I tried again and now I see the onion_v3_private_key and I get the onion address on localaddresses so I believe tor is working properly now, im not sure what I was doing yesterday but I didn't see that file but I was seeing onion peers so not sure about that. Anyway looks like it's working now. Just wanted to see why you have to use bind and not rpcbind with tor.
And another question I have is about the "discover=0/1" option. Should you use this enabled or disabled when clearnet or with Tor? I asked AI and said
I have tried with 0 and with 1 and I don't see a difference. It finds new peers either way. Im not sure what is doing. I just would like to know the ideal bitcoin.conf for maximun privacy.
As far as the bitcoin.conf settings, I posted them above.
byte_orbitFull Member
Posts: 186 · Reputation: 738
#9Jan 13, 2022, 03:08 AM
Rpcbind does not do anything unless rpcallowip is also passed. Anyhow it should default to 127.0.0.1. https://www.mankier.com/1/bitcoind?#-rpcbind. In any case, interesting observations. You should try to reproduce these issues using the same steps. It would be worthwhile to report them if you can reproduce it.
You can ignore the rpcbind, it should be unrelated. The situation seems that bind=0.0.0.0 (which is the default) does not work with TOR for you, but bind=127.0.0.1 does. I think the bind triggered the TOR service setup because you also have listenonion=1 so it would trigger the bind of onion connections on this 127.0.0.1:8334.
The answer is in the explanation. The default is discover=1 which means that it tries to uses local IP addresses too for peers. For TOR it is recommended to disable this if you want to avoid local network leaks.
It is supposed to find peers in both configuration options. If it does not, you have some issues.
You keep posting snippets here and there, post the whole currently used configuration.
After some testing looks like the .cookie file is being created with server=1 only, no need for rcpbind= or bind=
The problem is, for some reason bitcoin-cli does not work when testnet=1 is enabled
But this works when I launch bitcoin-qt normally (I mean mainchain but also with Tor)
same bitcoin.conf
And im not posting snippets, im posting all uncommented options:
So why it does not work for testnet?
Edit: I just remembered you had to add -testnet=1 when using bitcoin-cli on testnet
So now it's working. achow101 said that you don't need to use any of the bind= or rcpbind= stuff by default and server=1 is good to go.
Related topics
- Affordable quiet mini PC for running a Bitcoin node and blockchain explorer 19
- bitcoin-qt sync issues and slow speeds 6
- Recovering a Bitcoin wallet and address 8
- Using two different Bitcoin versions without messing up blockchain data 3
- Issue with Bitcoin Core Wallet after power outage 8
- Is it possible to check my bitcoin balance offline 12