Document preventing tor over tor

[woodser]

This issue requests documenting preventing tor over tor, similar to the documentation on whonix.org: https://www.whonix.org/wiki/Bisq#Tor_over_Tor_Prevention

[boldsuck]

PR from @XMRZombie 40_haveno.yml is merged: Whonix/onion-grater#13

I just downloaded a Whonix KVM on a Debian host and tested it myself.
Yes, you can also use the default Tor SocksPort:9050 on Whonix. With monerod it also works
Instead of monerod option:
--anonymous-inbound=mymonerodservice.onion:18083
Haveno uses:
--hiddenServiceAddress=myhavenoservice.onion --nodePort=9999
Since Haveno 1.0.10, the old Bisq instructions via ControlPort should no longer be necessary.

With DirectBindTor patch I (Haveno Client) no longer have ~/.local/share/Haveno-reto/xmr_mainnet/tor folder and onion-grater Whitelisting filter for dangerous Tor control protocol commands is not needed.

EDITED-EDIT:
I just installed Haveno with DirectBindTor in a Whonix KVM https://forums.whonix.org/t/installing-haveno-in-whonix/20014/26 https://postimg.cc/nCvSn23g Please forget all this old bisq controlPort bullshit. We don't prevent Tor over Tor, we don't use Haveno's tor binaries/Netlayer/jtorctl at all. That's exactly what the DirectBindTor patch in Haveno is for!
Haveno using DirectBindTor is a default OnionService: https://www.whonix.org/wiki/Onion_Services#Setup_Overview

1. Configure a HiddenService on the Whonix-Gateway: sudoedit /usr/local/etc/torrc.d/50_user.conf
   Hint: There is a provided torrc.examples & Tor User Config in the GUI Application Menue

# Haveno incoming anonymity connections
HiddenServiceDir /var/lib/tor/haveno_service/
HiddenServicePort 9999 10.152.152.11:9999

sudo systemctl reload tor
sudo cat /var/lib/tor/haveno_service/hostname   <- This prints Your_HiddenService_address

2. Edit Whonix-Workstation firewall configuration to open port 9999
   Hint: There is Global Firewall Settings in the GUI Application Menue where it says:
   Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration, which will override the defaults found here.
   Depending on your Whonix edit the right file: https://www.whonix.org/wiki/Onion_Services#Step_2:_Open_Whonix-Workstation_Firewall_Port

sudoedit /etc/whonix_firewall.d/50_user.conf

# Open TCP port on all network interfaces, gateway as well as (if any) tunnel (VPN) interfaces.
EXTERNAL_OPEN_PORTS+=" 9999 "

3. Start Haveno with --hiddenServiceAddress=Your_HiddenService_address.onion --nodePort=9999
   You can edit the Haveno Launcher in Applications -> Internet

This is all you need to get Haveno running on Whonix. Configuring 3 lines in 2 files and edit App Launcher

something nicer:

--xmrNodes=trustedmonerod1.onion:18081,trustedmonerod2.onion:18081,trustedmonerod3.onion:18081
--useTorForXmr=on

whonixuser6 has already written part of the docu in the Whonix forum. I will write everything in the Haveno docu in the next few days.

[boldsuck]

Some Points against
https://www.whonix.org/wiki/Bisq#Tor_over_Tor_Prevention
sudo onion-grater-add 40_bisq = giving Whonix-Workstation 3rd party app Whonix-Gateway Tor control rights

EXTERNAL_OPEN_ALL=true Serious :-)

Create a dummy tor binary.
sudo touch /home/user/.local/share/Bisq2/tor/tor
Add the executable bit to the dummy tor binary.
sudo chmod +x /home/user/.local/share/Bisq2/tor/tor
Why sudo? To avoid /home/user/.local/share/Bisq2/tor/tor getting overwritten by Bisq.

Again Serious :-)

For me, these are things that don't belong in a security-oriented OS.
With DirectBindTor, none of this is necessary