libunbound[6560:0] error: outgoing tcp: connect: Connection refused for
shown repeatedly when trying to transfer.
Is it anything to do with whonix firewall and ports blocking? can’t make any transactions, and it takes forever even to receive the errors.
Anyone successfuly using monero-wallet-cli 0.13.0.4 on Whonix 14?
the monero program is (and always been) terrible at handling connection issues. Not only it takes ages (minutes and more) to get an error, it doesn’t respond to CTRL-C as well. One has to close the terminal window to kill the program, then worry about process possibly still running in memory.
I don’t have any problem running monero-cli against a remote node (as suggested in the wiki). However, my connection to remote nodes keep dropping. I sometimes have to refresh several times before the remote node responds. Has anyone experienced this?
I got monerod working like this: DNS_PUBLIC=tcp://8.8.8.8 TORSOCKS_ALLOW_INBOUND=1 torsocks ./monerod --p2p-bind-ip 127.0.0.1 --no-igd --hide-my-port --data-dir /mnt/blockchain/monero/. I admit that I don’t understand some of these options. I got it from a tutorial on running monero behind tosocks.
Monero v0.17.3.0 added a --proxy flag, e.g. monerod --proxy 127.0.0.1:9050. I haven’t audited for proxy leaks, but it does work fine in a Whonix VM that has transproxying disabled. Maybe consider updating the wiki instructions to use this flag instead of torsocks. I would recommend using a SOCKS port that isolates by both destination IP and destination port, to minimize the risk of eclipse attacks (Bitcoin Core does approximately this by default).
The reason for the tx-proxy argument is that, according to the information in the pull request discussion, monerod will use it to establish hidden service connections to broadcast txs. Unless one is transacting frequently this will typically mean each transaction gets its own circuit, as opposed to relying on just the proxy setting which would result in multiple transactions sharing the same circuit.
I could have something wrong, but this is my best understanding of the available information. How can I go about getting this put into the Whonix Monero documentation because the current torsocks commands are dated and barely usable?
The confusing thing would be that monerod by default does not use any config file unless using --config-file. Not sure that’s worth an upstream feature request.
I am also wondering how Whonix once that config file exists could add --config-file=/etc/monerod.conf to monerod and/or monero-wallet-cli / monero-wallet-gui by default.
--pidfile=/home/user/.bitmonero/monerod.pid and --non-interactive would still be required to be passed as command line parameters in the tutorial systemd setup.
Some questions regarding all of this:
port 9180 is a with IsolateDestAddr / with IsolateDestPort port: this creates a circuit per peer for communication right? That seems like a lot - so wouldn’t a without IsolateDestAddr / without IsolateDestPort port in that case be better?
port 9152 is a without IsolateDestAddr / without IsolateDestPort port: wouldn’t here then a with IsolateDestAddr / with IsolateDestPort port be better to create a new circuit for every local transaction?
in Qubes OS: should/could I use 127.0.0.1 instead of sys-whonix’s IP (10.137.0.8)
hide-my-port: if I understand this parameter this disables “self-propagation” → my nodes’ peers don’t announce my node to their peers - does that create a “Do Not Track” situation (as it is not a default parameter) and increases a fingerprinting possibility?
Disable ZMQ RPC server. You should use this option to limit attack surface and number of unnecessarily open ports (the ZMQ server is unfinished thing and you are unlikely to ever use it).
for my node?
Sorry for the missing hyperlinks, apparently cannot use them yet.