Hello, if you want to run a monero node via Tor you have currently two methods.
- Application Proxy Settings: Monero Anonymity Network
./monerod --tx-proxy tor,127.0.0.1:9050,10 --add-peer=[onionservice]:[port]
(1) transaction broadcasts (tx) go through Tor to onion peers
(2) blockchain sync goes through clearnet to seed nodes.
-> (2) is undesirable as public ip address gets exposed
- torsocks: Monero Using Tor
DNS_PUBLIC=tcp torsocks monerod --p2p-bind-ip 127.0.0.1 --no-igd
(1) every outgoing connections goes through Tor to seed nodes and leave Tor on Tor exit node
-> this is undesirable as it could potentially lead to identity correlation
If you want to setup monero node on Whonix-Workstation and want to setup proper stream isolation I assume that the following setup is currently the preferred approach.
Starting monero node with custom socks ports prepared for custom installed applications without IsolateDestAddr and without IsolateDestPort.
./monerod --tx-proxy tor,10.152.152.10:9153,10 --add-peer=[onionservice]:[port]
(1) transaction broadcasts (tx) go through Tor via Whonix-Gateway to onion peers
(2) blockchain sync goes with Transport via Whonix-Gateway through Tor to seed nodes and leave Tor on Tor exit node
-> IP/DNS leaks prevented by Whonix-Gateway
-> stream isolation for (1)
-> no stream isolation for (2) unless there are no additional connections through Transport from same Whonix-Workstation. If there are additional connections through Transport from the same Whonix-Workstation you have to avoid that applications are connected to a kind of the same pseudonym to prevent identity correlation.
Do you agree?