Bitcoin core on Whonix workstation

Temple · July 29, 2016, 2:48pm

Lets assume one is running bitcoin core inside a Whonix worksation, for others to be able to send BTC via an onion website to the wallet.

would this be the correct conf
proxy=127.0.0.1:9050
rpcuser=—
rpcpassword=—
rpcport-the port i enabled
rpcconnect=127.0.0.1

Those are the settings used, and the coins I sent have been sitting in limbo for over an hour with no confirmations, the blockchain is fully downloaded.

Do I need to change the proxy and connect to the whonix interal i.p? Would I also need to enable the port I selected as incoming on the host machine or would it not matter as Whonix is inside a vm?

qubenix · July 29, 2016, 5:33pm

Here is the relevant doc page: https://www.whonix.org/wiki/Money.

I’m not sure what your host OS is. Mine is Qubes 3.1. To find out the ip/port for the bitcoin.conf you need to check on your gateway for proper stream isolation. On my system I can find that out by running this in a terminal on the gateway:

cat /usr/share/tor/tor-service-defaults-torrc | grep BitCoin -A 4 | tail -n 1

I would also suggest adding the following to your bitcoin.conf:

proxyrandomize=1

Also you must decide if you want to relay transactions and allow SPV lookups or not. If you do not want those extra connections, then you need to add these lines as well:

listen=0
listenonion=0
discover=0

Lastly, you do not need these lines (localhost is allowed RPC connection without the need, these are in case you want to connect remotely or if you change the port to something non default):

rpcport-the port i enabled
rpcconnect=127.0.0.1

Temple · July 29, 2016, 5:46pm

Thank you for the extra information, I have included that in my .conf and removed the others, the money turn up in my wallet, but it is not displaying as my balance on the website could this be due to the whonix firewall?

I only ask because on my localhost test server running on 127.0.0.1 the money goes in to my wallet and shows up on my website instantly, so it’s not a coding issue but once I try to repeat it with the Whonix version of the website it no longer displays my balance on the website.

I feel like something inside Whonix must be blocking it from allowing the wallet to communicate with the website

Any ideas?

qubenix · July 29, 2016, 8:18pm

Not sure, too many variables. Maybe add back the last two lines in the conf, restart bitcoind, and then see if it works.

Patrick · July 29, 2016, 9:11pm

Whonix does not do deep package inspection.
No artificial restrictions / blocking.
The Tor software does not support UDP … ( https://www.whonix.org/wiki/Tor#UDP )

Last time I used bitcoin-qt which is quite some time ago, it worked. I doubt they have changed anything related to how it works over Tor.

This IP / port is automatically forwarded to Whonix-Gateway.

(With non-perfect stream isolation ( https://www.whonix.org/wiki/Stream_Isolation ))

You cannot open ports in the classical sense of unsolicited incoming connections as this would screw up anonymity

[Last time I checked bitcoin-qt allowed unsolicited incoming connections by using Tor hidden services, which is cool that they thought of this, but it is totally optional and not your problem for now.[

This could be a non-Whonix / non-Tor related bitcoin issue. I am not up to date on this topic, but search engines find quite a lot when you search for “bitcoin confirmation slow”.

Temple · August 3, 2016, 5:09pm

Hi sorry for the late reply I’ve been busy and finally got back around to playing around with my setup, I had missed a simple thing from my Workstation bitcoin.conf file which was blocking what I was attemtping to do and it started working once I changed the .conf.

However I am glad that I indeed made this post because of the information you posted in regards to

listen=0
listenonion=0
discover=0

If I use these on my hidden service will others still be able to deposit coins? Obviously i would like the service to be as safe and secure as possible even though it’s not an illegal hidden service, it’s still a hidden service.

One final question for yourself or Patrick, I’m asking in here as to not create a new topic but can I run a bitcoin server on one workstation and then on another workstation have the actually website and have them communicate instead of running them both from the same server like i am now

Patrick · August 3, 2016, 5:49pm

Temple:

If I use these on my hidden service will others still be able to
deposit coins?

You should.

Obviously i would like the service to be as safe and
secure as possible even though it’s not an illegal hidden service,
it’s still a hidden service.

A question of anonymity (to add risk by running a hidden service) vs…
Bitcoin security (does it increase security by allowing incoming Tor
hidden service). The latter I don’t know. So it might be a matter of
priorities.

One final question for yourself or Patrick, I’m asking in here as to
not create a new topic but can I run a bitcoin server on one
workstation and then on another workstation have the actually website
and have them communicate instead of running them both from the same
server like i am now

Create a new topic.

HulaHoop · August 3, 2016, 8:17pm

@Temple

You absolutely should keep your wallet on your own private machine. Hosting it on the VPS means your provider can rob you blind. Hosting it on the same machine as your HS exposes you to your provider AND every attacker on the onion web. There is no advantage in keeping your coins there. Posting your bitcoin address on your website should do.

If you don’t feel like hosting a full node on your machine, use a light-weight wallet like Electrum that doesn’t depend on the server being honest.