RetroShare

Aus i2pwiki.mk16.de
Zur Navigation springen Zur Suche springen

Introduction[Bearbeiten]

Copy/paste from Wikipedia (2015-12-21): RetroShare is free software for encrypted filesharing, serverless email, instant messaging, chatrooms, and BBS, based on a friend-to-friend network built on GPG (GNU Privacy Guard). It is not strictly a darknet since optionally, peers may communicate certificates and IP addresses from and to their friends.

RetroShare is focused on privacy (encryption) but not on anonymity (who is talking with who ?).

Since 2015, RetroShare is compatible with the Tor network.

Copy/paste from https://retroshareteam.wordpress.com/ (2018-04-14):

Release notes for v0.6.4, Posted on March 13, 2018 by Cyril

This release brings a new version of Retroshare optionally bundled with Tor, some security improvements, many GUI fixes, and an experimental Android version.

Tor-Only package: Since version 0.6.0, Retroshare is able to run over the Tor network, using a Tor hidden service to create a so-called “Hidden node” which IP is not visible even to friends of this node. The configuration of a hidden node however was not very easy, especially on windows. With version 0.6.4, we release a special version of Retroshare which bundles Tor and configures it automatically. As a result, creating a hidden node is now one click away.

Compatibility with I2P[Bearbeiten]

About[Bearbeiten]

From february 2016, the RetroShare (v0.6.0 rev 4a8edee6) is officially compatible with the I2P network (and Tor).<ref>https://retroshareteam.wordpress.com/2016/02/07/release-notes-for-final-0-6-0/</ref>

This requires the manual creation of a tunnel in the I2P node (a "client tunnel", type "SOCKS 4/4a/5").

Setup[Bearbeiten]

  • Install RetroShare and I2P
  • run I2P and RetroShare (no order required)
  • RetroShare: button "Options" > "Network" > tab "Hidden Service Configuration" > read the instructions and follow them.
  • I2P : once the operations done, you may need to start the tunnel at the page http://127.0.0.1:7657/i2ptunnel/index.jsp (or restart I2P)
  • If all is successful, in RS the led "I2P Outgoing okay" (in the tab "Hidden Service Configuration") should change from black to green.

Now you can search some RetroShare friends that also run a I2P Hidden Service.

Tutorials wrote by Asmith, 2016[Bearbeiten]

Asmith is a user of RetroShare.

The content below is copied from the file: 'Setting up Retroshare to use Tor or I2P.7z' released 2016-05-27, reformatted a bit for this wiki.

Setting up Retroshare Hidden Nodes routed via Tor or I2P[Bearbeiten]

Hidden Retroshare Nodes routed via Tor or I2P

For Hidden Retroshare Nodes routed via Tor[Bearbeiten]

Using only the Tor binary system file for a Hidden Node RetroShare 0.6 thru Tor as a Hidden Service Configuration.

The use of the system files Tor binary alone (not using Vidalia) is termed 'Expert' level by the Tor project developers. Administrative (Windows) or Root/Superuser (Linux) level permissions are needed and used to access, read, write the resulting torrc updates and Hidden Service files. The following steps will help you accomplish this but at this Tor user level you should already know how to proceed step by step in this Tor level if you go this route. Although the sole use of the tiny systems file binary is considered expert level, its not difficult for most computer savy users and administrators to follow the following examples and successfully apply them on their Windows,Linux,Mac systems with few changes from the examples provided here.

Install the newest Tor binary onto your system files using the following reference links. Many Linux repository’s have the Tor binary also but it can be very old. Suggest getting it from torproject.org If you already have the tor binary installed then skip this initial step.

Tor Binary Only Downloads from Torprojet.org
Windows https://www.torproject.org/download/download.html.en
Windows https://www.torproject.org/dist/torbrowser/4.0.3/tor-win32-tor-0.2.5.10.zip
Unix,Linux, BSD https://www.torproject.org/download/download-unix.html.en
Source Tarball https://www.torproject.org/download/download.html.en

If you select to build the newest Tor Binary from the torproject.org Source Code To build the Tor source binary don't use ./configure && make && src/or/tor Instead break this into separate stepped commands

$ ./configure
$ make
$ sudo make install

From Linux Ubuntu PPA

sudo add-apt-repository ppa:ubun-tor/ppa
sudo apt-get update
sudo apt-get install tor tor-geoipdb

Test for system Tor binary version

tor --version
Tor version 0.2.5.10 <-- Should be the same or newer.

Once installed then change the torrc folders ownership from its existing administrative/superuser/root/debian-tor only ownership. Using Linux as an example:

whereis tor
tor: /usr/bin/tor /usr/sbin/tor /etc/tor /usr/bin/X11/tor /usr/local/bin/ /usr/local/etc/tor /usr/share/tor /usr/share/man/man1/tor.1.gz
locate torrc
/usr/local/etc/tor
locate geoip
/usr/local/etc/tor/geoip
/usr/local/etc/tor/geoip6

Change torrc ownership:

sudo chown username -R /usr/local/etc/tor <-- location torrc file

Note: Older versions of the Tor Binary may be stored in other system file locations, if you see those still installed using the whereis command then rename or eliminate them entirely to prevent them from accidently getting autostarted and running concurrently in the background.

For example /usr/local/bin

Example for Tor Hidden Service Folder Name with paths,ports. Your system paths will be different, your hidden service folder name and ports can be the same or changed as you wish then applied to the torrc file edit.

HiddenServiceDir /home/name/hideserv
HiddenServicePort 11040 127.0.0.1:12080

Create your Tor Hidden Service Folder

mkdir /home/name/hideserv

Rename the existing torrc file to torrc-original. Then using a text editor add and edit the following complete torrc file example then save it as torrc to the same folder. Many extra torrc settings have been commented out to not be active. If you uncomment them to use, you must know what they do and what you are doing by using them.

Complete new torrc file for Linux use in /usr/local/etc/tor system folder:

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

#Log notice file /home/name/tor-notices.log
#Log debug file /home/name/tor-debug.log
#Log notice stdout
#Log debug stdout
#RunAsDaemon 1
DataDirectory /usr/local/etc/tor
GeoIPFile /usr/local/etc/tor/geoip
GeoIPv6File /usr/local/etc/tor/geoip6
#SafeSocks 1
HiddenServiceDir /home/name/hideserv #CHANGE PATH TO YOUR hidserv
HiddenServicePort 11040 127.0.0.1:12080
ExitNodes {us} #Exit if needed only via a USA Tor Exit IP Node
#ExitNodes 770BE0CDAF2B3C5F3517B72E41B0A6B5D89D8017
StrictNodes 1
#SocksListenAddress 192.168.1.2:9100 #Listen on this IP,Port Also
#SocksPolicy accept 192.168.1.0/24
#SocksPolicy reject *
#SocksListenAddress 127.0.0.1 #Accept localhost Only
#ExitPolicy reject *:* #No Exits Allowed
#ControlPort 9051
SocksPort 9050


Windows torrc file C:\Users\name\AppData\Roaming\tor\torrc

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

RunAsDaemon 1
DataDirectory C:\tor\Data C:\Users\Shane\AppData\Roaming\tor\torrc
ExitNodes {us}
StrictNodes 1
GeoIPFile C:\tor\Data\Tor\geoip
GeoIPv6File C:\tor\Data\Tor\geoip6
HiddenServiceDir C:\hideserv
HiddenServicePort 11040 127.0.0.1:12080
SocksPort 9050

Now in terminal mode start Tor to see if you have any errors in your configuration and torrc file, if so then the log file should also echo the error msgs to guide you in correcting them.

tor start

Using a text editor open the newly created hostname file where you created your /home/name/hideserv folder.

Example: gyzp2zrhw3owqa5y.onion and copy your torrc HiddenServicePort information Example: 11040 127.0.0.1:12080

Note: Your Onion Address found in your hostname file will certainly be different from the above example.

Now add that information as it is requested during your creation/generation of a new instance Hidden Node Retroshare 0.6. Then bootup your new Hidden Node Retroshare 0.6 Tor Hidden Service and enter the same information in Options -> Network -> Tor Configuration. Select OK then choose Options -> Server -> Network Configuration and confirm your Retroshare 0.6 Hidden Node local address now reflects the correct Port. Example 12080

Congratulations, you've extended the new Retroshare 0.6.0 beta platform to now actively have tor connections and in the additional step of adding a Tor Hidden Service, to also operate a Hidden Node Retroshare 0.6 as a Tor Hidden Service.

If the system files Tor binary doesn't have the correct permissions to read, write and modify the torrc file then it simply supply’s some dumb-ed-down default values which in the case of a Hidden Service operation are going to fail every time. Watch the Warnings and Notices when you start tor in your terminal.

$ tor

These issues can be solved by also adding the tiny Vidalia Gui interface which also allows the user instant debugging messages as well as other features for the user.

Reference Link http://retroshare.sourceforge.net/wiki/index.php/RetroShare_Tor

Useful links to visit:

Why Tor project disadvise file sharing inside Tor network : "How can I share files anonymously through Tor?"
https://www.torproject.org/
https://blog.torproject.org/
https://www.torproject.org/projects/torbrowser.html.en

Onion sites:

Caves Tor hidden retrochat: http://chat7zlxojqcf3nv.onion/
Silk Road 2.0 Url: http://silkroad6ownowfk.onion
Agora Onion Address Tor http://agorabasgefge4qo.onion
Utopia Market URL: http://ggvow6fj3sehlm45.onion
RoadSilk url: http://yjhzeedl5osagmmr.onion
White rabbit marketplace URL (Tor): http://rabbittorvr74veg.onion

For Hidden Retroshare Nodes routed via I2P[Bearbeiten]

Retroshare hidden node I2P Client Tunnel creation and setup, preferably done prior to your generating a new Retroshare hidden node I2P Eepsite application.

For Retroshare 0.6 users wanting to create a new hidden node Retroshare I2P routed Hidden Service ( eepsite ), you would first download and install the I2P Router.

https://geti2p.net/en/download

$ i2prouter start <-- Run, Startup the Garlic I2P Router

Your default web browser should automatically load-up if not already running and show http://127.0.0.1:7657/home The I2P ROUTER CONSOLE in your browser. click on the 'LOCAL TUNNELS' button You should now be at http://127.0.0.1:7657/i2ptunnelmgr (HIDDEN SERVICES MANAGER) click on the 'Tunnel Wizard' button Server Tunnel enabled, select 'next' Tunnel type, select HTTP bldir, then select 'next' Enter your Server Tunnel Name and Description Example TAS_I2P_Server, Server I2P RS06_TAS_I2P_tunnel, then select 'next' Leave 'Outproxy' blank and select 'next' Binding Address and Port: Host(H) 127.0.0.1
Accepting connections on Port(P) 8777
Accessed by client Port 8555
Reachable by(R) 127.0.0.1
Then select 'next' Tunnel auto-start enabled then select 'Finish'

If the Tunnel Wizard Creation tool shows you a summary then carefully double-check it for any typos or mistakes. You can simply click on any user created saved Tunnel and delete it if you wish and recreate another in its place.

The privKeys.dat is shown which you should copy and place into a secure place and also copy your new server .ip2 address which you'll use along with the new Server Tunnel Port (exampled as 8777 above) when you begin creating your new Retroshare06 Hidden Node I2P Eepsite Hidden Service. Using the Example privKeys.dat .i2p address and the above example port you'd enter while creating your new Retroshare06 Hidden Node i2p field

h46dkwjmd21eubpugr4oshfjme5gftthklzlioonca5czb3flhvq.b32.i2p Port 8777

. Example privKeys.dat Information

privKeys.dat

You should backup this file in a secure place. New destination: sTRWAwjxKEyJEBk2yIvet1yzceYBbVtSor4yt6UHmeoQQQfxGrF3Lbrbz5OQjdeFxX0e9w3vKBO9EpxswvEC42pE78V7QC493Gv-QjMh8q4c59DwDLl0ehlMOT6dM~CfXTWeiaH8oRnnCpFBV38dU5Bbjv8xzJYRhdLYUmsxmxwVrbgVmlu-7Fd49qrZIABaEk-k8Wn8YcqLma3hVfHq2IVcxiSXxez88BZ~wZzW10HQTJeArQzH3xzKjG6a2fzZQWUbQHxAqhOKXcC~RMF0dAVfB5lmDWUgNJzMIlj1ZQpaLJTsKN7t5V~VXwgb2sQw8iySLtOIx2zGj5I8QuHXR-~MvuWJ1g8QE7uKCF6j2RFbKd6~f-1CrQq8wwwUU0Qo0-7fiTDcObgKY9541B3ym8uBBpA29WZv1Er7aRYGZJG2IFitqSSuhkmKbci7o3JY3rmHVmS-kiX7CZQpDlGCrFz-BPREKm7ItmVXW3DnLNkhapzDIARjtkHgc4UecmqPAQCEACECBA==
Base32: h23ckwjmd21eubpugr4oshfjme5gftthklzlioonca5czb3flfws.b32.i2p
Private key backup saved to /home/name/.i2p/i2ptunnel-keyBackup/h23ckwjmd21eubpugr4oshfjme5gftthklzlioonca5czb3flfws.b32.i2p-1442530792715.dat . Create your new Hidden node Retroshare06 Hidden Service I2P Eepsite using your newly created .ip2 address and new server tunnel port for that information field entry. Example

h23ckwjmd21eubpugr4oshfjme5gftthklzlioonca5czb3flfws.b32.i2p Port 8777

And bootup your new Retroshare06 Hidden Service I2P Eepsite. Select Options - Network - Hidden Service Configuration - Outgoing Connections I2P Socks Proxy Using the above example you'd enter 127.0.0.1 8555 Then confirm the icon next to I2P outgoing Okay is 'Green'. Now in Incoming Service Connections you'd have

Local Address 127.0.0.1 Port 8777 (Example)

your new I2P Address and Server Port (Example)

h23ckwjmd44eubpugr4oshfjme5gftthklzlioonca5czb3flfws.b32.i2p Port 8777

Select the 'Test' Button which should eventually turn the icon 'Green' Next go to the Network Configuration Tab to confirm your [Hidden mode] reflects using the examples above

Local Address 127.0.0.1 Port 8777

. That's it, you can now trade your new Retroshare06 Hidden node I2P Eepsite Hidden Service with friends/peers who have activated their new Retroshare06 Regular node to run additionally as a I2P Client as well as other Retroshare06 Hidden Node i2P Eepsite Hidden Service peers.

If you create a tor and i2p hidden service each with the same remote and local ports and a hidden retroshare node that listens on that port then you can go to Options - Network - Hidden Service Configuration and change your hidden service url from .onion to .i2p

I recommend you create a private lobby, paste your certificate there, switch between tor/i2p in network options, paste your new certificate and then store those so you can copypaste them easily.

Friends can then decide whether they want to add your tor or i2p cert, both will work with your RS node.

Setting up Retroshare Regular Nodes routed via Tor or I2P[Bearbeiten]

 For Regular Retroshare Nodes optionally routed via Tor and/or I2P[Bearbeiten]

*** Important Note *** Even when a Retroshare Regular Node optionally routes their datastreams additionally through the Tor and I2P networks to connect to a Retroshare Hidden Node routed via Tor or I2P, the Retroshare Regular Nodes Ipv4 address is still shown in the details of your connection to the remote friend running the Retroshare Hidden Node routed via Tor or I2P. If you do not want even your direct friends to see your Ipv4 address, you'll want to generate a new Retroshare Hidden Node using the advanced option and route your new Retroshare Hidden Node via Tor or I2P. Those only display your xxx.onion or xxx.i2p encoded, encrypted routing network address to your directly added friends which is pretty secure.

*** Update *** Retroshare Developers are now updating the Retroshare Source code to remove the display of the peers IPv4 Address in the Network Peer--Details connection information from a Regular Retroshare Node connecting to a Hidden Retroshare Node via Tor and/or I2P as that IPv4 Address doesn't serve to connect to the directly added peers Retroshare Hidden Node and wouldn't otherwise show anyway in the remote friends firewall connection. Only localhost, 127.0.0.1 addresses are actually used in this configuration to connect to the Retroshare Hidden Nodes tor xyz.onion address inside the Tor Network itself.

Retroshare Regular Nodes optionally routing via Tor or I2P to connect to Retroshare Hidden Nodes operating via Tor or I2P.

To optionally/additionally route your Retroshare Regular Node traffic via Tor, install the Tor binary whose default port is 9050. Run/Start Tor as a user, not as root/superuser. Then Only After starting Tor and Tor creates the new network , bootup your Retroshare Regular Node and confirm your Outgoing Connections are additionally being routed via Tor.

https://www.torproject.org/download/download.html.en <-Windows Tor
https://www.torproject.org/download/download-unix.html.en <-Linux/Unix Debian,Ubuntu,Knoppix, CentOS, Fedora, Gentoo, FreeBSD, OpenBSD, NetBSD, Same Link Source Tarballs

./configure && make && src/or/tor

https://www.torproject.org/docs/debian.html.en <-Repository Steps
https://www.torproject.org/docs/rpms.html.en <--Install Tor Guides

If you wish to build the latest tor binary from the source code follow this Linux box terminal mode example.

To build the Tor source binary don't use ./configure && make && src/or/tor Instead break this into separate stepped commands

$ ./configure
$ make
$ sudo make install

Configure the torrc file if you need to add a custom national exit node I prefer to change ownership of the torrc file from root to local user, however I leave that up to you. Otherwise you’ll need root/superuser access in order to edit the torrc file. The standard torrc (tor configuration) file that comes with tor is typically either packed with optional settings for hidden services, bridges and transparent proxys (the full monte’) or really dumb-ed down and barely useable. For a fully operational torrc file example that has multiple useful options commented out, refer to the Hidden Retroshare Node routed via Tor-I2P document where I show a fully functional torrc file series of top-bottom commands in its entirety.


ExitNodes {us}
StrictNodes 1
SocksPort 9050

Then start tor

$ tor

Read the tor notices, warnings as your new Tor Router install creates a new tor circuit at 100%. If there's any problems they'll be reported.

The main overlying point here is when you start-up the tor binary, carefully read any notices and warnings that are posted as Tor creates the 100% new networked tor circuit. If Tor cannot locate the expected torrc file or its command set is incorrect, Tor often throws a warning and invents a useless torrc dumbed down series of commands. If that happens then stop/kill tor and correct the problem with a working, proper torrc file in the precise directory path Tor is expecting and posted in the notices.

In Retroshare, select Options--Network--Hidden Service Configuration tab

Outgoing Connections: Tor Socks Proxy 127.0.0.1 9050 Green Icon if working, Black Icon if not.

A Green Icon indicates you are good to go with your Retroshare Regular Node routing optionally via Tor. You can now additionally add Retroshare Hidden Node routed via Tor friends to your keyring and connect to their Retroshare Hidden Node.

Retroshare Regular node I2P Client Tunnel creation and setup[Bearbeiten]

For Retroshare 0.6 Regular Nodes wanting to connect to a peers Retroshare I2P routed Hidden Node ( eepsite ), you would first download and install the I2P Router.

https://geti2p.net/en/download

$ i2prouter start <-- Run, Startup the Garlic I2P Router

Your default web browser should automatically load-up if not already running and show http://127.0.0.1:7657/home The I2P ROUTER CONSOLE in your browser. click on the 'LOCAL TUNNELS' button You should now be at http://127.0.0.1:7657/i2ptunnelmgr (HIDDEN SERVICES MANAGER) click on the 'Tunnel Wizard' button Client Tunnel enabled, select 'next' Tunnel type, select SOCKS 4/4a/5 in drop down menu, then select 'next' Enter your Client Tunnel Name and Description Example TAS_I2P_Client, Client I2P RS06_TAS_I2P_tunnel, then select 'next' Leave 'Outproxy' blank and select 'next' Binding Address and Port Example 127.0.0.1 8555 and then select 'next' Tunnel auto-start enabled, then select 'Finish' Double-check and review the Wizard Completed Summary on your choices and copy down the settings and Port number if needed, then select 'Save Tunnel'.

The summary of your new I2P Client Tunnel Settings
Working Example
Wizard completed (creating the I2P Client)

. The wizard has now collected enough information to create your tunnel. Upon clicking the Save button below, the wizard will set up the tunnel, and take you back to the main I2PTunnel page. Because you chose to automatically start the tunnel when the router starts, you don't have to do anything further. The router will start the tunnel once it has been set up. . Below is a summary of the options you chose: Server or client tunnel? Client
Tunnel type SOCKS 4/4a/5
Tunnel name and description TAS_I2P_Client
Client I2P RS06_TAS_I2P_tunnel
Tunnel destination
Binding address and port
8555
127.0.0.1
Tunnel auto-start Yes

Alongside these basic settings, there are a number of advanced options for tunnel configuration. The wizard will set reasonably sensible default values for these, but you can view and/or edit these by clicking on the tunnel's name in the main I2PTunnel page. Bootup Retroshare06 if it isn't already running
Select Options - Network - Hidden Service Configuration - Outgoing Connections

I2P Socks Proxy

Using the above example I'd enter 127.0.0.1 8555 You can try localhost instead of 127.0.0.1 whichever works. Then confirm the icon next to I2P outgoing Okay is 'Green'.

This Finishes Up the Regular Retroshare node Client I2p configuration which then allows you to peer/friend Hidden node Retroshare Server Eepsites.

References[Bearbeiten]

<references />

See also[Bearbeiten]

External links[Bearbeiten]