Using Tor¶
While Loki isn't made to integrate with Tor, it can be used wrapped with torsocks, by setting the following configuration parameters and environment variables:
--p2p-bind-ip 127.0.0.1on the command line orp2p-bind-ip=127.0.0.1in lokid.conf to disable listening for connections on external interfaces.--no-igdon the command line orno-igd=1in lokid.conf to disable IGD (UPnP port forwarding negotiation), which is pointless with Tor.DNS_PUBLIC=tcporDNS_PUBLIC=tcp://x.x.x.xwhere x.x.x.x is the IP of the desired DNS server, for DNS requests to go over TCP, so that they are routed through Tor. When IP is not specified, lokid uses the default list of servers defined in src/common/dns_utils.cpp.TORSOCKS_ALLOW_INBOUND=1to tell torsocks to allow lokid to bind to interfaces to accept connections from the wallet. On some Linux systems, torsocks allows binding to localhost by default, so setting this variable is only necessary to allow binding to local LAN/VPN interfaces to allow wallets to connect from remote hosts. On other systems, it may be needed for local wallets as well.- Do NOT pass
--detachwhen running through torsocks with systemd, (see utils/systemd/lokid.service for details).
Example command line to start lokid through Tor:
DNS_PUBLIC=tcp torsocks lokid --p2p-bind-ip 127.0.0.1 --no-igd
Using Tor on Tails¶
TAILS ships with a very restrictive set of firewall rules. Therefore, you need to add a rule to allow this connection too, in addition to telling torsocks to allow inbound connections. Full example:
sudo iptables -I OUTPUT 2 -p tcp -d 127.0.0.1 -m tcp --dport 18081 -j ACCEPT
DNS_PUBLIC=tcp torsocks ./lokid --p2p-bind-ip 127.0.0.1 --no-igd --rpc-bind-ip 127.0.0.1 \
--data-dir /home/amnesia/Persistent/your/directory/to/the/blockchain