Set Up a Tor Node on Windows 10

Tor relays can be either guard/bridge nodes, middle nodes, or exit nodes. It is recommended that you do not run an exit node from home. For a bridge you should have at least 1 Mbit/s (Mbps) of bandwidth to spare, and for a guard node or middle node you should have at least 10 Mbit/s (Mbps) of bandwidth to spare. You will also need at least 200 GB of traffic to donate (100 GB upload and 100 GB download). You should also have at least 1 GB of free RAM on your computer to run Tor.

You will need a public IPv4 address that remains fixed for at least several hours at a time. If you are behind a router that does Network Address Translation (NAT), you will need to be able to port forward Tor-related ports (e.g. your ORPort) from your router to the machine that runs Tor.

Your computer clock needs to be set to the correct time.

When you have met all the requirements, proceed as follows.

Download Tor Expert Bundle to your Windows machine:

  1. Open a browser and visit https://www.torproject.org/download/tor
  2. Download Windows Expert Bundle, which will be named, for example, tor-win32-0.4.1.6.zip
  3. Right-click and select Extract All from tor-win32-0.4.1.6.zip (or whatever your downloaded zip file is named)
  4. Copy the unzipped folder tor-win32-0.4.1.6 from Downloads to the root of your C:\ drive
  5. Rename C:\tor-win32-0.4.1.6 to C:\Tor

In Notepad create a torrc file as follows. In the example below:

  • We limit Tor usage to 30 GB per day, which works out to just under 1,000 GB per month
  • We reject all attempts to exit from this node, so the Tor network will use this as a guard node or a middle node only

Log notice file C:\\Tor\\tor.log
ORPort 9001
ExitPolicy reject *:*
GeoIPFile C:\\Tor\\Data\\Tor\\geoip
GeoIPv6File C:\\Tor\\Data\\Tor\\geoip6
AccountingStart day 0:00
AccountingMax 30 GBytes
AccountingRule sum
ContactInfo yourname@example.com
Nickname MyFirstNode

Make appropriate substitutions for the sample AccountingMax, ContactInfo, and Nickname in the above example.

Save the file as C:\Tor\torrc (no extension), and close Notepad.

Open your firewall for inbound Tor connections:

  1. Open Windows Defender Firewall with Advanced Security
  2. Select Inbound Rules
  3. Select New Rule
  4. Add new rule for Port, TCP 9001, Allow the Connection, Domain/Private/Public, Name Tor ORPort

In a typical home situation, you will also need to open port TCP 9001 on your router and forward TCP 9001 from your router to your PC. In some cloud environments, you will need to open the Security Group for your Windows machine.

Run a Windows Command Prompt (C:\Windows\System32\cmd.exe) as Administrator. When asked if you want to allow this app to make changes to your device, click Yes. Issue the command:

C:\Tor\Tor\tor.exe --service install --options -f "C:\Tor\torrc"

Tor is now running as a service named Tor Win32 Service. You can check this with the command:

net start | findstr Tor

You can view the log file with the command:

more C:\Tor\tor.log

If necessary, use the space bar on your keyboard to page through the more display.

Once the bootstrap reaches 100%, you should see a line:

Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.

After about three hours of operation, your new node wil be searchable on https://metrics.torproject.org/rs.html

Comments

Post a Comment

Popular posts from this blog

Shadowsocks Manager

Image
Shadowsocks Manager offers a graphical user interface (GUI) for managing Shadowsocks and Wireguard nodes and users. This tutorial is for a Debian 10 virtual private server (VPS). All commands are issued as root. Add DNS and rDNS Records If you have not already done so, add a DNS A record pointing from your hostname (e.g. yourhost.yourdomainname.tld ) to your server IP address. Since we will be sending email, add a DNS record of type MX pointing from your naked domain to your hostname (such as yourhost.yourdomainname.tld ). The naked domain is often represented by a commercial at sign in control panels. Add a Sender Policy Framework (SPF) TXT record for your domain. The name of the entry is the naked domain. The value of the text field is: v=spf1 mx -all This specifies that you will allow the domain's MX server(s) to send email for the domain, but you want to prohibit all other servers from sending email on your behalf. Some email recipients will check your that
Read more

V2-UI V2Ray User Management Panel

Image
https://www.youtube.com/watch?v=-hyeCe3w4-s You will need a VPS and a domain name that points to that VPS. Start by installing Nginx on your VPS: apt install nginx Edit the Nginx default site configuration file: vi /etc/nginx/sites-available/default Insert your real server_name. Write the file to disk and quit the editor. Restart Nginx: systemctl restart nginx Install an SSL certificate as explained on https://certbot.eff.org Download and run the V2-UI installation script: apt install curl bash <(curl -Ls https://blog.sprov.xyz/v2-ui.sh) Install the Sqlite3 shell for Sqlite: apt install sqlite3 Invoke Sqlite3 for the V2-UI database: sqlite3 /etc/v2-ui/v2-ui.db Set the value of the base path equal to /v2-ui (leading slash but no trailing slash): update setting set value="/v2-ui" where key="base_path"; Do Ctrl + d to exit from Sqlite3. Restart the V2-UI panel: v2-ui restart You should see a message v2-ui 重启成功 (which mean
Read more

Shadowsocks with V2Ray Plugin for Windows and Android Clients

Image
Domain Take out a domain name, e.g. example.com . Add A and/or AAAA DNS record(s) for server, e.g. my.example.com . Add domain example.com to Cloudflare. Set nameservers to Cloudflare nameservers. Initially, set Cloudflare SSL/TLS Encryption mode Off . Server Nginx These instructions are for Debian 10 logged in as root user. apt update && apt upgrade -y apt install nginx -y apt install wget zip unzip -y wget https://github.com/arcdetri/sample-blog/archive/master.zip unzip master.zip cp -rf sample-blog-master/html/* /var/www/html/ Edit /etc/nginx/sites-available/default . Replace my.example.com with actual server name. server {         listen 80 default_server;         listen [::]:80 default_server;         root /var/www/html;         index index.html;         server_name my.example.com;         location / {                 try_files $uri $uri/ =404;         } } systemctl restart nginx apt install certbot python-certbot-nginx -y certbot --nginx certbot renew --dry-run Now you
Read more