{{Header}}
{{title|title=
Non Anonymous Onion Encryption and NAT Traversal
}}
{{#seo:
|description=Using Tor for Onion Encryption / Authentication and NAT Traversal Only - Without Anonymity!
|image=Nontanonymous213132.jpg
}}
[[File:Nontanonymous213132.jpg|thumb]]
{{intro|
Using Tor for Onion Encryption / Authentication and NAT Traversal Only - Without Anonymity!
}}
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text =
Not anonymous!
}}
{{stub}}
= Introduction =
It is possible to make Tor on a server using a single Tor hop (only one Tor relay instead of three) by using Tor configuration options <code>HiddenServiceNonAnonymousMode 1</code>, <code>HiddenServiceSingleHopMode 1</code>. This is non-anonymous but faster. Server should use [[Onion_Services#Onion_Service_Authentication|Onions Services Authentication]]. The advantage of this is to have a server which is:
* reachable (for users having access to Tor) for NAT traversal, i.e. it works behind common NAT routers.
* capable to secure inherently insecure protocols (such as VNC) by using the encryption / authentication provided by Tor Onion Services
Independently, if clients prefer speed over anonymity, they can configure Tor in Tor2Web mode, which means outgoing Tor circuits will have a length of one rather than three.
These two options combined reduce a 6 hop Tor connection to a 2 hop Tor connection. It's not anonymous, but providing NAT traversal as well as onion encryption / authentication.
https://forums.whonix.org/t/should-we-use-hiddenservicesinglehopmode-for-whonix-org-server
= Server Side =
{{Open_/usr/local/etc/torrc.d/50_user.conf}}
Add.
{{CodeSelect|code=
HiddenServiceNonAnonymousMode 1
HiddenServiceSingleHopMode 1
SocksPort 0
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 5900 127.0.0.1:5900
HiddenServiceVersion 3
## syntax:
## HiddenServiceAuthorizeClient auth-type client-name,client-name,…
## The auth-type can either be 'basic' for a general-purpose authorization protocol or 'stealth' for a less scalable protocol that also hides service activity from unauthorized clients.
## Valid client names are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no spaces).
HiddenServiceAuthorizeClient stealth 1234567890123456
}}
Save and exit.
= Client Side =
{{Update}}
{{CodeSelect|code=
sudo apt update
}}
Install Tor's build dependencies.
{{CodeSelect|code=
sudo apt build-dep tor
}}
<ref>
{{CodeSelect|code=
sudo apt install zlib1g-dev libevent-dev asciidoc xmlto libsystemd-dev
}}
</ref>
Create directory <code>~/tor-src</code>.
{{CodeSelect|code=
mkdir ~/tor-src
}}
Change directory to <code>~/tor-src</code>.
{{CodeSelect|code=
cd tor-src
}}
Download the Tor source package.
{{CodeSelect|code=
apt source tor
}}
Change directory to Tor source directory.
{{CodeSelect|code=
cd tor-*/
}}
{{Open_File|filename=
debian/rules
}}
Change:
{{CodeSelect|code=
dh_auto_configure \
$(confflags) \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--localstatedir=/var \
--sysconfdir=/etc \
--disable-silent-rules \
--enable-gcc-warnings-advisory
}}
To:
{{CodeSelect|code=
dh_auto_configure \
$(confflags) \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--localstatedir=/var \
--sysconfdir=/etc \
--disable-silent-rules \
--enable-gcc-warnings-advisory \
--enable-tor2web-mode
}}
{{Open_File|filename=
src/or/config.c
}}
Change
{{CodeSelect|code=
V(Tor2webMode, BOOL, "0"),
}}
To
{{CodeSelect|code=
V(Tor2webMode, BOOL, "1"),
}}
Build the Tor package.
{{CodeSelect|code=
debuild
}}
<ref>
*
https://github.com/globaleaks/Tor2web/wiki/Installation-Guide
*
https://github.com/globaleaks/Tor2web/issues/327
</ref>
= Footnotes =
{{Footer}}
[[Category:Documentation]]
