Dot Onion Browser

The Tor browser is abbreviation for “The Onion Router”, and it basically is a browser which lets you browse sites on the onion network (general browsers such as Mozilla / Chrome do not). Tor is an independent, open-source project which is run by volunteers. Browsers with the appropriate proxy can reach these sites, but others can’t. Dark web sites also use a scrambled naming structure that creates URLs that are often impossible to remember. VPN + Onion TOR Browser combines power of both VPN and TOR network. This app ensures user privacy and anonymity throughout the iOS in VPN mode and in-app using Tor Browser. Normal internet activity.

This article guides your through the configuration of Tor to provide a secure access to your Open Peer Power instance as an Onion site, through Tor’s Hidden Service feature, from remote. With this enabled, you do not need to open your firewall ports or setup HTTPS to enable secure remote access.

This is useful if you want to have:

  • Access your Open Peer Power instance remotely without opening a firewall port or setting up a VPN.
  • Don’t want to or know how to get an SSL/TLS certificate and HTTPS configuration setup.
  • Want to block attackers from even being able to access/scan your port and server at all.
  • Want to block anyone from knowing your home IP address and seeing your traffic to your Open Peer Power.

Hidden Services and Onion Sites

Tor allows clients and relays to offer hidden services. That is, you can offer a web server, SSH server, etc., without revealing your IP address to its users. In fact, because you don’t use any public address, you can run a hidden service from behind your firewall. Learn more about Hidden Services on the Tor Project website.

Onion sites are websites that run on a Tor Hidden Service node. “dot onion” sites are an IETF recognized special use domain name.

Dot onion browser extension

Setting up Tor on your Open Peer Power

First, install Tor. On a Debian-based system, you can install the package easily:

You can find more instructions for downloading and installing Tor on other platforms on the Tor Project Download Page.

Dot onion browser downloadDot Onion Browser

Next, modify Tor’s main configuration file /etc/tor/torrc to include the following lines:

The “stealth” entry above ensures traffic to and from your Open Peer Power instance over Tor, is hidden even from other nodes on the Tor network. The haremote1 value is a generic client name entry that you can modify as you please.

Then, restart Tor:

Then read the new generated authentication cookie from the Tor-generated hostname file:

The output of that command should look something like this, but with your own unique “dot onion” domain and authentication cookie:

You are now done with the Open Peer Power Tor server configuration. Make sure your Open Peer Power instance is running, and now you can move to client configuration.

Tor Client Access Setup

Dot Onion Browser

Using this setup, you can access your Open Peer Power instance over Tor from your laptop or mobile device, using Tor Browser and other software.

Add the authentication cookie to your torrc client configuration on your laptop or mobile device. Using the sample values from above, it would look like this:

For Tor Browser on Windows, Mac or Linux, you can find the torrc file here: <tor browser install directory>/Browser/TorBrowser/Data/Tor/torrc

Once you have added the entry, restart the browser, and then browse to the “dot onion” site address to connect to your Open Peer Power instance.

For Orbot: Tor on Android, add it in Orbot -> Menu -> Settings to the “Torrc Custom Configuration” entry. Restart Orbot, and then use the Orfox browser app, and browse to the “dot onion” site name to access your Open Peer Power instance. You can also use Orbot’s VPN mode, to enable Tor access from any application on your device, such as Tasker or Owntracks.

On iOS, we have not fully tested this yet, but you should be able to add custom torrc entries on Onion Browser, Red Onion or TOBY browsers, all available in the iTunes App Store.

Some More Advanced Ideas

Dot Onion Browser

With this configuration, only you can access your Open Peer Power instance Onion site through Tor, and no one else. You can share the authentication cookie with multiple devices and users, or you can generate a unique one for each - up to you! If you have multiple, say for an industrial, business or corporate configuration, this would provide an easy way to revoke access to a specific user or device.

If you always access your Open Peer Power instance via Tor, you can easily run this on an isolated “IoT” network segment at your install site, keeping your internal home network traffic separate from any potentially compromised devices (like cheap “smart” lightbulbs with backdoors!).

Dot

You could also use Tor as a means to connect your Open Peer Power instance to a remote device, sensor or other service that you do not want to or connect provide a direct, open IP connection to. Again, Tor provides authenticated and confidential routing (aka “privacy and encryption”) by default, without having to setup TLS/SSL or VPN. It is just important to secure IoT nodes within your network, as it is to secure remote access!

Dot Onion Browser Download

As mentioned, with Orbot on Android, you can enable a “full device” VPN mode, that allows any app you have to tunnel through Tor, even if it is not Tor or proxy aware. This means you should be able to enter your “dot onion” Onion site address into any app you want to access to your Open Peer Power instance, and it should work.