#30 - Podcast #5 - Running a Bitcoin Full Node with Tor
Notas gerais e dicas de montagem de um nó de retransmissão completo que também se conecta à rede Tor. Outros assuntos incluem algumas observações sobre navegadores de internet para o desktop e para o celular, como o Firefox, Chrome e Opera.
Main topic - Bitcoin Full-relay Node
During my hodling, I did various transfers from bitcoin exchanges to private wallets, some of which are legacy type.
That is not a bad idea to have some bitcoins (satoshis, that is) in legacy wallets because some services, for example some bitcoin exchanges, still do not work with segwit addresses..
However, as on-chain transactions are getting expensive (Electrum suggests 8-30 sat/vB or more) to be added to a block quickly, I imagine that will be a heavy fee for hodlers to pay in the future, specially when the network is congested.. So I decided to sweep legacy wallets to segwit wallets, as advised by Andreas Antonopoulos.
In order to broadcast cheap transactions (1-4 sat/virtualByte)
to the bitcoin network, I needed to use my full node. I already had
all the block and txindex synchronised but I had only tentatively
set the defaults 8333 port
for outbound connections,
which characterises a full-relay node.
Not only that. To prevent one's IP from publicity in the bitcoin network, there is the Tor hidden service which can be activated. The Tor layer prevents most identification problems associated with broadcasting one own transactions and and IP+ports of a full-relay node with a technology named security by obscurity.
Andreas Antonopoulos said those are not much of a problem because one cannot be sure a transaction was originated from a certain node or whether that node relayed them from another node or from the onion network, although there are means someone can use to identify users even under Tor (such as fingerprinting techniques).
I sincerely reckon my little node is not worth the trouble from these hackers.. I am setting up a slow-update Manjaro Linux system which does not come with open ports by defaults (sometimes, I run my node from an Arch Linux machine, too). A Linux system is much more secure than running a node in Windows which contain much exploitable code and is probably infested with virus and other malicious software..
Setting a Tor hidden service is a little hurdle for someone who never set up it before but after all that is not too hard with Bitcoin version 0.21, specially.
I added the following to /etc/tor/torrc
:
ControlPort 9051
, CookieAuthentication 1
,
CookieAuthFileGroupReadable 1
and
DataDirectoryGroupReadable 1
. Check this
help page.
Bitcoin version 0.21 release adds
support for Tor version 3 hidden services, and gossiping them
over the network to other peers using BIP155. Version 2 hidden
services are still fully supported by Bitcoin Core, but the Tor
network will start deprecating them in the coming months
.
That is important to note because even if you set everything up correctly, there may be very few onion peers because they may not be using Tor 3 services yet. Also, IPv6 peers are much more rare than IPv4 peers, which is the large majority of peers.
I will leave some generic config which works for me
(bitcoin.conf
and /etc/tor/torrc
) at
my github
repo. In these files, there are general commentary and
references for some config options, as well as setting up a
hardware client in the router..
A combination of settings may set the node to work dual-stack in clearnet (IPv4 and IPv6) and onion networks, which is a very important network synchronisation role which few nodes partake..
The following steps are required:
- Install
bitcoind
(so-called bitcoin core) and fully sync the blockchain, transaction index etc.. - Configure router to redirect traffic from
port 8333
to your machine. This requires setting one's machine MAC address in the router client list and then forwarding ofport 8333
to the client. - Setting bitcoin.conf and .torrc configs.
- Running
tor
daemon with the right configs bitcoind
fully synched and properly configured- Be sure your router has got active firewall or/and install a
operating system firewall such as
ufw
. In some cases, installing a firewall in Linux may not be required, DYOR.
Running a node does cost money: hardware, electricity and internet bandwidth. However a full node can run on cheap computers, such as Casa nodes with Raspberry Pi 4, bandwidth may be problem.
bitcoind
option maxconnections
controls the maximum number of inbound+outbound connections. 10
slots of are reserved for inbound connections and
further connections are outbound slots in a
maximum of 125 connections by defaults.
Nominally, my contracted speeds are 120 Mbit/s download
and 10 Mbit/s upload, However, my connection seems slow
and unstable these past few days.. I use to check connection speed
with speedtest
.
Indeed, I just phoned up my internet provider and internet of
home area is under general maintenance. That may explain why I was
having horrible internet connection these days and that may not be
related to running bitcoind
. It does seem my home
internet has got a slowdown, so I am checking that with the
provider..
However, a note is relevant. If one has got slow internet
connection, he may choose to set maxconnections
and/or
maxuploadtarget
to reasonable values.
Someone may check IP addresses of network peers
(bitcoin-cli getpeerinfo
) against updated geolocation
tables to have an idea where other connecting peer nodes are.
Free IP Geolocation APIs
- MaxMind's Linux
geoip
package. - Free updated GeoIP
legacy databases, may be used with
geoiplookup
but may be limited.. - Free IP Geolocation API
- Another free IP Geolocation API
Secondary topics
- Notices/news about this podcast season duration (about 6-8 episodes).
- Answer to a youtube video critique which said my channel should be more like Atila Mariano's..
- Comments on web browsers for desktops and mobile: Firefox, Chrome or Opera? Firefox is a great choice for desktop however both Firefox and Chrome suck on my Android and only Opera seems usable to me..
More references
- Johoe's Bitcoin Mempool Statistics
- AA's Bitcoin Q&A: Full Node and Home Network Security
- AA's Running Your Own Bitcoin Node, Ethereum Node, Lightning Network Node
PS: internet connection problems arose at my house in the last week or so and therefore the podcast episode was uploaded earlier on YouTube than on my blog github repo.. I only was able to upload the podcast episode #5 (~77MB) using a university access point I have got access.
PPS: the original recording of this episode
(m4a) got truncated (Input buffer exhausted before END element
found
). Maybe I forgot to press the END button or the recorder
and just pressed PAUSE and closed the app.. I was able to check
that with ffprobe
which comes bundled with
ffmpeg
. So I recoded the stream to a new m4a audio
file, which should play correctly on all devices now.. Sorry if
your podcast has got the original copy instead of the recoded
file!