RSS Logo

by Mountaineerbr

#30 - Podcast #5 - Running a Bitcoin Full Node with Tor

Notas gerais e dicas de montagem de um nó de retransmissão completo que também se conecta à rede Tor. Outros assuntos incluem algumas observações sobre navegadores de internet para o desktop e para o celular, como o Firefox, Chrome e Opera.

Main topic - Bitcoin Full-relay Node

During my hodling, I did various transfers from bitcoin exchanges to private wallets, some of which are legacy type.

That is not a bad idea to have some bitcoins (satoshis, that is) in legacy wallets because some services, for example some bitcoin exchanges, still do not work with segwit addresses..

However, as on-chain transactions are getting expensive (Electrum suggests 8-30 sat/vB or more) to be added to a block quickly, I imagine that will be a heavy fee for hodlers to pay in the future, specially when the network is congested.. So I decided to sweep legacy wallets to segwit wallets, as advised by Andreas Antonopoulos.

In order to broadcast cheap transactions (1-4 sat/virtualByte) to the bitcoin network, I needed to use my full node. I already had all the block and txindex synchronised but I had only tentatively set the defaults 8333 port for outbound connections, which characterises a full-relay node.

Not only that. To prevent one's IP from publicity in the bitcoin network, there is the Tor hidden service which can be activated. The Tor layer prevents most identification problems associated with broadcasting one own transactions and and IP+ports of a full-relay node with a technology named security by obscurity.

Andreas Antonopoulos said those are not much of a problem because one cannot be sure a transaction was originated from a certain node or whether that node relayed them from another node or from the onion network, although there are means someone can use to identify users even under Tor (such as fingerprinting techniques).

I sincerely reckon my little node is not worth the trouble from these hackers.. I am setting up a slow-update Manjaro Linux system which does not come with open ports by defaults (sometimes, I run my node from an Arch Linux machine, too). A Linux system is much more secure than running a node in Windows which contain much exploitable code and is probably infested with virus and other malicious software..

Setting a Tor hidden service is a little hurdle for someone who never set up it before but after all that is not too hard with Bitcoin version 0.21, specially.

I added the following to /etc/tor/torrc: ControlPort 9051, CookieAuthentication 1, CookieAuthFileGroupReadable 1 and DataDirectoryGroupReadable 1. Check this help page.

Bitcoin version 0.21 release adds support for Tor version 3 hidden services, and gossiping them over the network to other peers using BIP155. Version 2 hidden services are still fully supported by Bitcoin Core, but the Tor network will start deprecating them in the coming months.

That is important to note because even if you set everything up correctly, there may be very few onion peers because they may not be using Tor 3 services yet. Also, IPv6 peers are much more rare than IPv4 peers, which is the large majority of peers.

I will leave some generic config which works for me (bitcoin.conf and /etc/tor/torrc) at my github repo. In these files, there are general commentary and references for some config options, as well as setting up a hardware client in the router..

A combination of settings may set the node to work dual-stack in clearnet (IPv4 and IPv6) and onion networks, which is a very important network synchronisation role which few nodes partake..

The following steps are required:

  1. Install bitcoind (so-called bitcoin core) and fully sync the blockchain, transaction index etc..
  2. Configure router to redirect traffic from port 8333 to your machine. This requires setting one's machine MAC address in the router client list and then forwarding of port 8333 to the client.
  3. Setting bitcoin.conf and .torrc configs.
  4. Running tor daemon with the right configs
  5. bitcoind fully synched and properly configured
  6. Be sure your router has got active firewall or/and install a operating system firewall such as ufw. In some cases, installing a firewall in Linux may not be required, DYOR.

Running a node does cost money: hardware, electricity and internet bandwidth. However a full node can run on cheap computers, such as Casa nodes with Raspberry Pi 4, bandwidth may be problem.

bitcoind option maxconnections controls the maximum number of inbound+outbound connections. 10 slots of are reserved for inbound connections and further connections are outbound slots in a maximum of 125 connections by defaults.

Nominally, my contracted speeds are 120 Mbit/s download and 10 Mbit/s upload, However, my connection seems slow and unstable these past few days.. I use to check connection speed with speedtest.

Indeed, I just phoned up my internet provider and internet of home area is under general maintenance. That may explain why I was having horrible internet connection these days and that may not be related to running bitcoind. It does seem my home internet has got a slowdown, so I am checking that with the provider..

However, a note is relevant. If one has got slow internet connection, he may choose to set maxconnections and/or maxuploadtarget to reasonable values.

Someone may check IP addresses of network peers (bitcoin-cli getpeerinfo) against updated geolocation tables to have an idea where other connecting peer nodes are.

Free IP Geolocation APIs

Secondary topics

More references

PS: internet connection problems arose at my house in the last week or so and therefore the podcast episode was uploaded earlier on YouTube than on my blog github repo.. I only was able to upload the podcast episode #5 (~77MB) using a university access point I have got access.

PPS: the original recording of this episode (m4a) got truncated (Input buffer exhausted before END element found). Maybe I forgot to press the END button or the recorder and just pressed PAUSE and closed the app.. I was able to check that with ffprobe which comes bundled with ffmpeg. So I recoded the stream to a new m4a audio file, which should play correctly on all devices now.. Sorry if your podcast has got the original copy instead of the recoded file!