vanguards - Additional protections for Tor Onion Services



vanguards uses the Stem Tor control port library to connect to a Tor control port. It has three defense subsystems: Vanguards, Rendguard, and Bandguards. All three subsystems apply to both service-side and client-side onion service activity, but NOT to any client traffic that exits the Tor network to the normal Internet.

This is not an endorsement. I don’t have much knowledge about it. This is just me experimenting, making vanguards work on Debian buster.

Open file /etc/tor/vanguards.conf with root rights.

lxsudo mousepad /etc/tor/vanguards.conf

Comment out control_ip = i.e. make that

#control_ip =

Change control_socket = to:

control_socket = /var/run/tor/control

Restart vanguards.

sudo systemctl restart vanguards

vanguards should probably use Tor control socket by default so it would work out of the box. Probably worth a bug report against Debian.

1 Like

Nice. CC’ing our documentation brigade @0brand @torjunkie

Too early for documentation. Don’t even know where to install. Gateway or workstation.

Todo research:

Tor version deb.torproject.org (Whonix uses) vs packages.debian.org vanguards version mismatch?

Sane for installation by default?

Vanguards available from deb.torproject.org?


[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]