1TOR(1) General Commands Manual TOR(1)
2
6 tor - The second-generation onion router
7
9 tor [OPTION value]...
10
12 tor is a connection-oriented anonymizing communication service. Users
13 choose a source-routed path through a set of nodes, and negotiate a
14 "virtual circuit" through the network, in which each node knows its
15 predecessor and successor, but no others. Traffic flowing down the cir‐
16 cuit is unwrapped by a symmetric key at each node, which reveals the
17 downstream node.
18 Basically tor provides a distributed network of servers ("onion
20 routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc
21 -- around the routers, and recipients, observers, and even the routers
22 themselves have difficulty tracking the source of the stream.
23
25 -h, -help Display a short help message and exit.
26 -f FILE
28 FILE contains further "option value" pairs. (Default:
29 /etc/tor/torrc)
30 --hash-password
32 Generates a hashed password for control port access.
33 --list-fingerprint
35 Generate your keys and output your nickname and fingerprint.
36 --verify-config
38 Verify the configuration file is valid.
39 --nt-service
41 --service [install|remove|start|stop] Manage the Tor Windows
42 NT/2000/XP service. Current instructions can be found at
43 http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WinNTSer‐
44 vice
45 --list-torrc-options
47 List all valid options.
48 --version
50 Display Tor version and exit.
51 --quiet
53 Do not start Tor with a console log unless explicitly requested
54 to do so. (By default, Tor starts out logging messages at level
55 "notice" or higher to the console, until it has parsed its con‐
56 figuration.)
57 Other options can be specified either on the command-line (--option
59 value), or in the configuration file (option value or option
60 "value"). Options are case-insensitive. C-style escaped char‐
61 acters are allowed inside quoted values.
62 BandwidthRate N bytes|KB|MB|GB|TB
64 A token bucket limits the average incoming bandwidth usage on
65 this node to the specified number of bytes per second, and the
66 average outgoing bandwidth usage to that same value. (Default: 5
67 MB)
68 BandwidthBurst N bytes|KB|MB|GB|TB
70 Limit the maximum token bucket size (also known as the burst) to
71 the given number of bytes in each direction. (Default: 10 MB)
72 MaxAdvertisedBandwidth N bytes|KB|MB|GB|TB
74 If set, we will not advertise more than this amount of bandwidth
75 for our BandwidthRate. Server operators who want to reduce the
76 number of clients who ask to build circuits through them (since
77 this is proportional to advertised bandwidth rate) can thus
78 reduce the CPU demands on their server without impacting network
79 performance.
80 RelayBandwidthRate N bytes|KB|MB|GB|TB
82 If defined, a separate token bucket limits the average incoming
83 bandwidth usage for _relayed traffic_ on this node to the speci‐
84 fied number of bytes per second, and the average outgoing band‐
85 width usage to that same value. Relayed traffic currently is
86 calculated to include answers to directory requests, but that
87 may change in future versions. (Default: 0)
88 RelayBandwidthBurst N bytes|KB|MB|GB|TB
90 Limit the maximum token bucket size (also known as the burst)
91 for _relayed traffic_ to the given number of bytes in each
92 direction. (Default: 0)
93 ConnLimit NUM
95 The minimum number of file descriptors that must be available to
96 the Tor process before it will start. Tor will ask the OS for as
97 many file descriptors as the OS will allow (you can find this by
98 "ulimit -H -n"). If this number is less than ConnLimit, then Tor
99 will refuse to start.
100 You probably don't need to adjust this. It has no effect on Win‐
102 dows since that platform lacks getrlimit(). (Default: 1000)
103 ConstrainedSockets 0|1
105 If set, Tor will tell the kernel to attempt to shrink the buf‐
106 fers for all sockets to the size specified in ConstrainedSock‐
107 Size. This is useful for virtual servers and other environments
108 where system level TCP buffers may be limited. If you're on a
109 virtual server, and you encounter the "Error creating network
110 socket: No buffer space available" message, you are likely expe‐
111 riencing this problem.
112 The preferred solution is to have the admin increase the buffer
114 pool for the host itself via /proc/sys/net/ipv4/tcp_mem or
115 equivalent facility; this configuration option is a second-
116 resort.
117 The DirPort option should also not be used if TCP buffers are
119 scarce. The cached directory requests consume additional sock‐
120 ets which exacerbates the problem.
121 You should not enable this feature unless you encounter the "no
123 buffer space available" issue. Reducing the TCP buffers affects
124 window size for the TCP stream and will reduce throughput in
125 proportion to round trip time on long paths. (Default: 0.)
126 ConstrainedSockSize N bytes|KB
128 When ConstrainedSockets is enabled the receive and transmit buf‐
129 fers for all sockets will be set to this limit. Must be a value
130 between 2048 and 262144, in 1024 byte increments. Default of
131 8192 is recommended.
132 ControlPort Port
134 If set, Tor will accept connections on this port and allow those
135 connections to control the Tor process using the Tor Control
136 Protocol (described in control-spec.txt). Note: unless you also
137 specify one of HashedControlPassword or CookieAuthentication,
138 setting this option will cause Tor to allow any process on the
139 local host to control it. This option is required for many Tor
140 controllers; most use the value of 9051.
141 ControlListenAddress IP[:PORT]
143 Bind the controller listener to this address. If you specify a
144 port, bind to this port rather than the one specified in Con‐
145 trolPort. We strongly recommend that you leave this alone unless
146 you know what you're doing, since giving attackers access to
147 your control listener is really dangerous. (Default: 127.0.0.1)
148 This directive can be specified multiple times to bind to multi‐
149 ple addresses/ports.
150 ControlSocket Path
152 Like ControlPort, but listens on a Unix domain socket, rather
153 than a TCP socket. (Unix and Unix-like systems only.)
154 HashedControlPassword hashed_password
156 Don't allow any connections on the control port except when the
157 other process knows the password whose one-way hash is
158 hashed_password. You can compute the hash of a password by run‐
159 ning "tor --hash-password password". You can provide several
160 acceptable passwords by using more than HashedControlPassword
161 line.
162 CookieAuthentication 0|1
164 If this option is set to 1, don't allow any connections on the
165 control port except when the connecting process knows the con‐
166 tents of a file named "control_auth_cookie", which Tor will cre‐
167 ate in its data directory. This authentication method should
168 only be used on systems with good filesystem security. (Default:
169 0)
170 CookieAuthFile Path
172 If set, this option overrides the default location and file name
173 for Tor's cookie file. (See CookieAuthentication above.)
174 CookieAuthFileGroupReadable 0|1|GroupName
176 If this option is set to 0, don't allow the filesystem group to
177 read the cookie file. If the option is set to 1, make the
178 cookie file readable by the default GID. [Making the file read‐
179 able by other groups is not yet implemented; let us know if you
180 need this for some reason.] (Default: 0).
181 DataDirectory DIR
183 Store working data in DIR (Default: /var/lib/tor)
184 DirServer [nickname] [flags] address:port fingerprint
186 Use a nonstandard authoritative directory server at the provided
187 address and port, with the specified key fingerprint. This
188 option can be repeated many times, for multiple authoritative
189 directory servers. Flags are separated by spaces, and determine
190 what kind of an authority this directory is. By default, every
191 authority is authoritative for current ("v2")-style directories,
192 unless the "no-v2" flag is given. If the "v1" flags is pro‐
193 vided, Tor will use this server as an authority for old-style
194 (v1) directories as well. (Only directory mirrors care about
195 this.) Tor will use this server as an authority for hidden ser‐
196 vice information if the "hs" flag is set, or if the "v1" flag is
197 set and the "no-hs" flag is not set. Tor will use this author‐
198 ity as a bridge authoritative directory if the "bridge" flag is
199 set. If a flag "orport=port" is given, Tor will use the given
200 port when opening encrypted tunnels to the dirserver. Lastly,
201 if a flag "v3ident=fp" is given, the dirserver is a v3 directory
202 authority whose v3 long-term signing key has the fingerprint fp.
203 If no dirserver line is given, Tor will use the default direc‐
205 tory servers. NOTE: this option is intended for setting up a
206 private Tor network with its own directory authorities. If you
207 use it, you will be distinguishable from other users, because
208 you won't believe the same authorities they do.
209 AlternateDirAuthority [nickname] [flags] address:port fingerprint
211 AlternateHSAuthority [nickname] [flags] address:port fingerprint
213 AlternateBridgeAuthority [nickname] [flags] address:port fingerprint
215 As DirServer, but replaces less of the default directory author‐
216 ities. Using AlternateDirAuthority replaces the default Tor
217 directory authorities, but leaves the hidden service authorities
218 and bridge authorities in place. Similarly, Using Alter‐
219 nateHSAuthority replaces the default hidden service authorities,
220 but not the directory or bridge authorities.
221 FetchDirInfoEarly 0|1
223 If set to 1, Tor will always fetch directory information like
224 other directory caches, even if you don't meet the normal crite‐
225 ria for fetching early. Normal users should leave it off.
226 (Default: 0)
227 FetchHidServDescriptors 0|1
229 If set to 0, Tor will never fetch any hidden service descriptors
230 from the rendezvous directories. This option is only useful if
231 you're using a Tor controller that handles hidden service
232 fetches for you. (Default: 1)
233 FetchServerDescriptors 0|1
235 If set to 0, Tor will never fetch any network status summaries
236 or server descriptors from the directory servers. This option is
237 only useful if you're using a Tor controller that handles direc‐
238 tory fetches for you. (Default: 1)
239 FetchUselessDescriptors 0|1
241 If set to 1, Tor will fetch every non-obsolete descriptor from
242 the authorities that it hears about. Otherwise, it will avoid
243 fetching useless descriptors, for example for routers that are
244 not running. This option is useful if you're using the contrib‐
245 uted "exitlist" script to enumerate Tor nodes that exit to cer‐
246 tain addresses. (Default: 0)
247 HTTPProxy host[:port]
249 Tor will make all its directory requests through this host:port
250 (or host:80 if port is not specified), rather than connecting
251 directly to any directory servers.
252 HTTPProxyAuthenticator username:password
254 If defined, Tor will use this username:password for Basic HTTP
255 proxy authentication, as in RFC 2617. This is currently the only
256 form of HTTP proxy authentication that Tor supports; feel free
257 to submit a patch if you want it to support others.
258 HTTPSProxy host[:port]
260 Tor will make all its OR (SSL) connections through this
261 host:port (or host:443 if port is not specified), via HTTP CON‐
262 NECT rather than connecting directly to servers. You may want
263 to set FascistFirewall to restrict the set of ports you might
264 try to connect to, if your HTTPS proxy only allows connecting to
265 certain ports.
266 HTTPSProxyAuthenticator username:password
268 If defined, Tor will use this username:password for Basic HTTPS
269 proxy authentication, as in RFC 2617. This is currently the only
270 form of HTTPS proxy authentication that Tor supports; feel free
271 to submit a patch if you want it to support others.
272 KeepalivePeriod NUM
274 To keep firewalls from expiring connections, send a padding
275 keepalive cell every NUM seconds on open connections that are in
276 use. If the connection has no open circuits, it will instead be
277 closed after NUM seconds of idleness. (Default: 5 minutes)
278 Log minSeverity[-maxSeverity] stderr|stdout|syslog
280 Send all messages between minSeverity and maxSeverity to the
281 standard output stream, the standard error stream, or to the
282 system log. (The "syslog" value is only supported on Unix.)
283 Recognized severity levels are debug, info, notice, warn, and
284 err. We advise using "notice" in most cases, since anything
285 more verbose may provide sensitive information to an attacker
286 who obtains the logs. If only one severity level is given, all
287 messages of that level or higher will be sent to the listed des‐
288 tination.
289 Log minSeverity[-maxSeverity] file FILENAME
291 As above, but send log messages to the listed filename. The
292 "Log" option may appear more than once in a configuration file.
293 Messages are sent to all the logs that match their severity
294 level.
295 OutboundBindAddress IP
297 Make all outbound connections originate from the IP address
298 specified. This is only useful when you have multiple network
299 interfaces, and you want all of Tor's outgoing connections to
300 use a single one.
301 PidFile FILE
303 On startup, write our PID to FILE. On clean shutdown, remove
304 FILE.
305 ProtocolWarnings 0|1
307 If 1, Tor will log with severity 'warn' various cases of other
308 parties not following the Tor specification. Otherwise, they are
309 logged with severity 'info'. (Default: 0)
310 RunAsDaemon 0|1
312 If 1, Tor forks and daemonizes to the background. This option
313 has no effect on Windows; instead you should use the --service
314 command-line option. (Default: 0)
315 SafeLogging 0|1
317 If 1, Tor replaces potentially sensitive strings in the logs
318 (e.g. addresses) with the string [scrubbed]. This way logs can
319 still be useful, but they don't leave behind personally identi‐
320 fying information about what sites a user might have visited.
321 (Default: 1)
322 User UID
324 On startup, setuid to this user and setgid to their primary
325 group.
326 HardwareAccel 0|1
328 If non-zero, try to use crypto hardware acceleration when avail‐
329 able. This is untested and probably buggy. (Default: 0)
330 AvoidDiskWrites 0|1
332 If non-zero, try to write to disk less frequently than we would
333 otherwise. This is useful when running on flash memory or other
334 media that support only a limited number of writes. (Default:
335 0)
336 TunnelDirConns 0|1
338 If non-zero, when a directory server we contact supports it, we
339 will build a one-hop circuit and make an encrypted connection
340 via its ORPort. (Default: 1)
341 PreferTunneledDirConns 0|1
343 If non-zero, we will avoid directory servers that don't support
344 tunneled directory connections, when possible. (Default: 1)
345
348 The following options are useful only for clients (that is, if Sock‐
349 sPort is non-zero):
350 AllowInvalidNodes entry|exit|middle|introduction|rendezvous|...
352 If some Tor servers are obviously not working right, the direc‐
353 tory authorities can manually mark them as invalid, meaning that
354 it's not recommended you use them for entry or exit positions in
355 your circuits. You can opt to use them in some circuit posi‐
356 tions, though. The default is "middle,rendezvous", and other
357 choices are not advised.
358 ExcludeSingleHopRelays 0|1
360 This option controls whether circuits built by Tor will include
361 relays with the AllowSingleHopExits flag set to true. If
362 ExcludeSingleHopRelays is set to 0, these relays will be
363 included. Note that these relays might be at higher risk of
364 being seized or observed, so they are not normally included.
365 (Default: 1)
366 Bridge IP:ORPort [fingerprint]
368 When set along with UseBridges, instructs Tor to use the relay
369 at "IP:ORPort" as a "bridge" relaying into the Tor network. If
370 "fingerprint" is provided (using the same format as for
371 DirServer), we will verify that the relay running at that loca‐
372 tion has the right fingerprint. We also use fingerprint to look
373 up the bridge descriptor at the bridge authority, if it's pro‐
374 vided and if UpdateBridgesFromAuthority is set too.
375 CircuitBuildTimeout NUM
377 Try for at most NUM seconds when building circuits. If the cir‐
378 cuit isn't open in that time, give up on it. (Default: 1
379 minute.)
380 CircuitIdleTimeout NUM
382 If we have kept a clean (never used) circuit around for NUM sec‐
383 onds, then close it. This way when the Tor client is entirely
384 idle, it can expire all of its circuits, and then expire its TLS
385 connections. Also, if we end up making a circuit that is not
386 useful for exiting any of the requests we're receiving, it won't
387 forever take up a slot in the circuit list. (Default: 1 hour.)
388 ClientOnly 0|1
390 If set to 1, Tor will under no circumstances run as a server or
391 serve directory requests. The default is to run as a client
392 unless ORPort is configured. (Usually, you don't need to set
393 this; Tor is pretty smart at figuring out whether you are reli‐
394 able and high-bandwidth enough to be a useful server.)
395 (Default: 0)
396 ExcludeNodes node,node,...
398 A list of identity fingerprints, nicknames, country codes and
399 address patterns of nodes to never use when building a circuit.
400 (Example: ExcludeNodes SlowServer, $ABCDEFFFFFFFFFFFFFFF, {cc},
401 255.254.0.0/8)
402 ExcludeExitNodes node,node,...
404 A list of identity fingerprints, nicknames, country codes and
405 address patterns of nodes to never use when picking an exit
406 node. Note that any node listed in ExcludeNodes is automati‐
407 cally considered to be part of this list.
408 EntryNodes node,node,...
410 A list of identity fingerprints, nicknames, country codes and
411 address patterns of nodes to use for the first hop in the cir‐
412 cuit. These are treated only as preferences unless StrictEn‐
413 tryNodes (see below) is also set.
414 ExitNodes node,node,...
416 A list of identity fingerprints, nicknames, country codes and
417 address patterns of nodes to use for the last hop in the cir‐
418 cuit. These are treated only as preferences unless StrictExitN‐
419 odes (see below) is also set.
420 StrictEntryNodes 0|1
422 If 1, Tor will never use any nodes besides those listed in
423 "EntryNodes" for the first hop of a circuit.
424 StrictExitNodes 0|1
426 If 1, Tor will never use any nodes besides those listed in
427 "ExitNodes" for the last hop of a circuit.
428 FascistFirewall 0|1
430 If 1, Tor will only create outgoing connections to ORs running
431 on ports that your firewall allows (defaults to 80 and 443; see
432 FirewallPorts). This will allow you to run Tor as a client
433 behind a firewall with restrictive policies, but will not allow
434 you to run as a server behind such a firewall. If you prefer
435 more fine-grained control, use ReachableAddresses instead.
436 FirewallPorts PORTS
438 A list of ports that your firewall allows you to connect to.
439 Only used when FascistFirewall is set. This option is depre‐
440 cated; use ReachableAddresses instead. (Default: 80, 443)
441 HidServAuth onion-address auth-cookie [service-name]
443 Client authorization for a hidden service. Valid onion addresses
444 contain 16 characters in a-z2-7 plus ".onion", and valid auth
445 cookies contain 22 characters in A-Za-z0-9+/. The service name
446 is only used for internal purposes, e.g., for Tor controllers.
447 This option may be used multiple times for different hidden ser‐
448 vices. If a hidden service uses authorization and this option is
449 not set, the hidden service is not accessible. Hidden services
450 can be configured to require authorization using the HiddenSer‐
451 viceAuthorizeClient option.
452 ReachableAddresses ADDR[/MASK][:PORT]...
454 A comma-separated list of IP addresses and ports that your fire‐
455 wall allows you to connect to. The format is as for the
456 addresses in ExitPolicy, except that "accept" is understood
457 unless "reject" is explicitly provided. For example, 'Reach‐
458 ableAddresses 99.0.0.0/8, reject 18.0.0.0/8:80, accept *:80'
459 means that your firewall allows connections to everything inside
460 net 99, rejects port 80 connections to net 18, and accepts con‐
461 nections to port 80 otherwise. (Default: 'accept *:*'.)
462 ReachableDirAddresses ADDR[/MASK][:PORT]...
464 Like ReachableAddresses, a list of addresses and ports. Tor
465 will obey these restrictions when fetching directory informa‐
466 tion, using standard HTTP GET requests. If not set explicitly
467 then the value of ReachableAddresses is used. If HTTPProxy is
468 set then these connections will go through that proxy.
469 ReachableORAddresses ADDR[/MASK][:PORT]...
471 Like ReachableAddresses, a list of addresses and ports. Tor
472 will obey these restrictions when connecting to Onion Routers,
473 using TLS/SSL. If not set explicitly then the value of Reach‐
474 ableAddresses is used. If HTTPSProxy is set then these connec‐
475 tions will go through that proxy.
476 The separation between ReachableORAddresses and ReachableDirAd‐
478 dresses is only interesting when you are connecting through
479 proxies (see HTTPProxy and HTTPSProxy). Most proxies limit TLS
480 connections (which Tor uses to connect to Onion Routers) to port
481 443, and some limit HTTP GET requests (which Tor uses for fetch‐
482 ing directory information) to port 80.
483 LongLivedPorts PORTS
485 A list of ports for services that tend to have long-running con‐
486 nections (e.g. chat and interactive shells). Circuits for
487 streams that use these ports will contain only high-uptime
488 nodes, to reduce the chance that a node will go down before the
489 stream is finished. (Default: 21, 22, 706, 1863, 5050, 5190,
490 5222, 5223, 6667, 6697, 8300)
491 MapAddress address newaddress
493 When a request for address arrives to Tor, it will rewrite it to
494 newaddress before processing it. For example, if you always want
495 connections to www.indymedia.org to exit via torserver (where
496 torserver is the nickname of the server), use "MapAddress
497 www.indymedia.org www.indymedia.org.torserver.exit".
498 NewCircuitPeriod NUM
500 Every NUM seconds consider whether to build a new circuit.
501 (Default: 30 seconds)
502 MaxCircuitDirtiness NUM
504 Feel free to reuse a circuit that was first used at most NUM
505 seconds ago, but never attach a new stream to a circuit that is
506 too old. (Default: 10 minutes)
507 NodeFamily node,node,...
509 The Tor servers, defined by their identity fingerprints or nick‐
510 names, constitute a "family" of similar or co-administered
511 servers, so never use any two of them in the same circuit.
512 Defining a NodeFamily is only needed when a server doesn't list
513 the family itself (with MyFamily). This option can be used mul‐
514 tiple times.
515 EnforceDistinctSubnets 0|1
517 If 1, Tor will not put two servers whose IP addresses are "too
518 close" on the same circuit. Currently, two addresses are "too
519 close" if they lie in the same /16 range. (Default: 1)
520 SocksPort PORT
523 Advertise this port to listen for connections from Socks-speak‐
524 ing applications. Set this to 0 if you don't want to allow
525 application connections. (Default: 9050)
526 SocksListenAddress IP[:PORT]
528 Bind to this address to listen for connections from Socks-speak‐
529 ing applications. (Default: 127.0.0.1) You can also specify a
530 port (e.g. 192.168.0.1:9100). This directive can be specified
531 multiple times to bind to multiple addresses/ports.
532 SocksPolicy policy,policy,...
534 Set an entrance policy for this server, to limit who can connect
535 to the SocksPort and DNSPort ports. The policies have the same
536 form as exit policies below.
537 SocksTimeout NUM
539 Let a socks connection wait NUM seconds handshaking, and NUM
540 seconds unattached waiting for an appropriate circuit, before we
541 fail it. (Default: 2 minutes.)
542 TrackHostExits host,.domain,...
544 For each value in the comma separated list, Tor will track
545 recent connections to hosts that match this value and attempt to
546 reuse the same exit node for each. If the value is prepended
547 with a '.', it is treated as matching an entire domain. If one
548 of the values is just a '.', it means match everything. This
549 option is useful if you frequently connect to sites that will
550 expire all your authentication cookies (i.e. log you out) if
551 your IP address changes. Note that this option does have the
552 disadvantage of making it more clear that a given history is
553 associated with a single user. However, most people who would
554 wish to observe this will observe it through cookies or other
555 protocol-specific means anyhow.
556 TrackHostExitsExpire NUM
558 Since exit servers go up and down, it is desirable to expire the
559 association between host and exit server after NUM seconds. The
560 default is 1800 seconds (30 minutes).
561 UpdateBridgesFromAuthority 0|1
563 When set (along with UseBridges), Tor will try to fetch bridge
564 descriptors from the configured bridge authorities when feasi‐
565 ble. It will fall back to a direct request if the authority
566 responds with a 404. (Default: 0)
567 UseBridges 0|1
569 When set, Tor will fetch descriptors for each bridge listed in
570 the "Bridge" config lines, and use these relays as both entry
571 guards and directory guards. (Default: 0)
572 UseEntryGuards 0|1
574 If this option is set to 1, we pick a few long-term entry
575 servers, and try to stick with them. This is desirable because
576 constantly changing servers increases the odds that an adversary
577 who owns some servers will observe a fraction of your paths.
578 (Defaults to 1.)
579 NumEntryGuards NUM
581 If UseEntryGuards is set to 1, we will try to pick a total of
582 NUM routers as long-term entries for our circuits. (Defaults to
583 3.)
584 SafeSocks 0|1
586 When this option is enabled, Tor will reject application connec‐
587 tions that use unsafe variants of the socks protocol -- ones
588 that only provide an IP address, meaning the application is
589 doing a DNS resolve first. Specifically, these are socks4 and
590 socks5 when not doing remote DNS. (Defaults to 0.)
591 TestSocks 0|1
593 When this option is enabled, Tor will make a notice-level log
594 entry for each connection to the Socks port indicating whether
595 the request used a safe socks protocol or an unsafe one (see
596 above entry on SafeSocks). This helps to determine whether an
597 application using Tor is possibly leaking DNS requests.
598 (Default: 0)
599 VirtualAddrNetwork Address/bits
601 When a controller asks for a virtual (unused) address with the
602 MAPADDRESS command, Tor picks an unassigned address from this
603 range. (Default: 127.192.0.0/10)
604 When providing proxy server service to a network of computers
606 using a tool like dns-proxy-tor, change this address to
607 "10.192.0.0/10" or "172.16.0.0/12". The default VirtualAddrNet‐
608 work address range on a properly configured machine will route
609 to the loopback interface. For local use, no change to the
610 default VirtualAddrNetwork setting is needed.
611 AllowNonRFC953Hostnames 0|1
613 When this option is disabled, Tor blocks hostnames containing
614 illegal characters (like @ and :) rather than sending them to an
615 exit node to be resolved. This helps trap accidental attempts
616 to resolve URLs and so on. (Default: 0)
617 FastFirstHopPK 0|1
619 When this option is disabled, Tor uses the public key step for
620 the first hop of creating circuits. Skipping it is generally
621 safe since we have already used TLS to authenticate the relay
622 and to establish forward-secure keys. Turning this option off
623 makes circuit building slower.
624 Note that Tor will always use the public key step for the first
626 hop if it's operating as a relay, and it will never use the pub‐
627 lic key step if it doesn't yet know the onion key of the first
628 hop. (Default: 1)
629 TransPort PORT
631 If non-zero, enables transparent proxy support on PORT (by con‐
632 vention, 9040). Requires OS support for transparent proxies,
633 such as BSDs' pf or Linux's IPTables. If you're planning to use
634 Tor as a transparent proxy for a network, you'll want to examine
635 and change VirtualAddrNetwork from the default setting. You'll
636 also want to set the TransListenAddress option for the network
637 you'd like to proxy. (Default: 0).
638 TransListenAddress IP[:PORT]
640 Bind to this address to listen for transparent proxy connec‐
641 tions. (Default: 127.0.0.1). This is useful for exporting a
642 transparent proxy server to an entire network.
643 NATDPort PORT
645 Allow old versions of ipfw (as included in old versions of Free‐
646 BSD, etc.) to send connections through Tor using the NATD proto‐
647 col. This option is only for people who cannot use TransPort.
648 NATDListenAddress IP[:PORT]
650 Bind to this address to listen for NATD connections. (Default:
651 127.0.0.1).
652 AutomapHostsOnResolve 0|1
654 When this option is enabled, and we get a request to resolve an
655 address that ends with one of the suffixes in AutomapHostsSuf‐
656 fixes, we map an unused virtual address to that address, and
657 return the new virtual address. This is handy for making
658 ".onion" addresses work with applications that resolve an
659 address and then connect to it. (Default: 0).
660 AutomapHostsSuffixes SUFFIX,SUFFIX,...
662 A comma-separated list of suffixes to use with AutomapHostsOnRe‐
663 solve. The "." suffix is equivalent to "all addresses."
664 (Default: .exit,.onion).
665 DNSPort PORT
667 If non-zero, Tor listens for UDP DNS requests on this port and
668 resolves them anonymously. (Default: 0).
669 DNSListenAddress IP[:PORT]
671 Bind to this address to listen for DNS connections. (Default:
672 127.0.0.1).
673 ClientDNSRejectInternalAddresses 0|1
675 If true, Tor does not believe any anonymously retrieved DNS
676 answer that tells it that an address resolves to an internal
677 address (like 127.0.0.1 or 192.168.0.1). This option prevents
678 certain browser-based attacks; don't turn it off unless you know
679 what you're doing. (Default: 1).
680 DownloadExtraInfo 0|1
682 If true, Tor downloads and caches "extra-info" documents. These
683 documents contain information about servers other than the
684 information in their regular router descriptors. Tor does not
685 use this information for anything itself; to save bandwidth,
686 leave this option turned off. (Default: 0).
687 FallbackNetworkstatusFile FILENAME
689 If Tor doesn't have a cached networkstatus file, it starts out
690 using this one instead. Even if this file is out of date, Tor
691 can still use it to learn about directory mirrors, so it doesn't
692 need to put load on the authorities. (Default: None).
693 WarnPlaintextPorts port,port,...
695 Tells Tor to issue a warnings whenever the user tries to make an
696 anonymous connection to one of these ports. This option is
697 designed to alert users to services that risk sending passwords
698 in the clear. (Default: 23,109,110,143).
699 RejectPlaintextPorts port,port,...
701 Like WarnPlaintextPorts, but instead of warning about risky port
702 uses, Tor will instead refuse to make the connection. (Default:
703 None).
704
707 The following options are useful only for servers (that is, if ORPort
708 is non-zero):
709 Address address
711 The IP address or fully qualified domain name of this server
712 (e.g. moria.mit.edu). You can leave this unset, and Tor will
713 guess your IP address.
714 AllowSingleHopExits 0|1
716 This option controls whether clients can use this server as a
717 single hop proxy. If set to 1, clients can use this server as
718 an exit even if it is the only hop in the circuit. (Default: 0)
719 AssumeReachable 0|1
721 This option is used when bootstrapping a new Tor network. If set
722 to 1, don't do self-reachability testing; just upload your
723 server descriptor immediately. If AuthoritativeDirectory is also
724 set, this option instructs the dirserver to bypass remote reach‐
725 ability testing too and list all connected servers as running.
726 BridgeRelay 0|1
728 Sets the relay to act as a "bridge" with respect to relaying
729 connections from bridge users to the Tor network. Mainly it
730 influences how the relay will cache and serve directory informa‐
731 tion. Usually used in combination with PublishServerDescriptor.
732 ContactInfo email_address
734 Administrative contact information for server. This line might
735 get picked up by spam harvesters, so you may want to obscure the
736 fact that it's an email address.
737 ExitPolicy policy,policy,...
739 Set an exit policy for this server. Each policy is of the form
740 "accept|reject ADDR[/MASK][:PORT]". If /MASK is omitted then
741 this policy just applies to the host given. Instead of giving a
742 host or network you can also use "*" to denote the universe
743 (0.0.0.0/0). PORT can be a single port number, an interval of
744 ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that
745 means "*".
746 For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept
748 *:*" would reject any traffic destined for MIT except for
749 web.mit.edu, and accept anything else.
750 To specify all internal and link-local networks (including
752 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16,
753 10.0.0.0/8, and 172.16.0.0/12), you can use the "private" alias
754 instead of an address. These addresses are rejected by default
755 (at the beginning of your exit policy), along with your public
756 IP address, unless you set the ExitPolicyRejectPrivate config
757 option to 0. For example, once you've done that, you could allow
758 HTTP to 127.0.0.1 and block all other connections to internal
759 networks with "accept 127.0.0.1:80,reject private:*", though
760 that may also allow connections to your own computer that are
761 addressed to its public (external) IP address. See RFC 1918 and
762 RFC 3330 for more details about internal and reserved IP address
763 space.
764 This directive can be specified multiple times so you don't have
766 to put it all on one line.
767 Policies are considered first to last, and the first match wins.
769 If you want to _replace_ the default exit policy, end your exit
770 policy with either a reject *:* or an accept *:*. Otherwise,
771 you're _augmenting_ (prepending to) the default exit policy. The
772 default exit policy is:
773 reject *:25
774 reject *:119
775 reject *:135-139
776 reject *:445
777 reject *:563
778 reject *:1214
779 reject *:4661-4666
780 reject *:6346-6429
781 reject *:6699
782 reject *:6881-6999
783 accept *:*
784 ExitPolicyRejectPrivate 0|1
786 Reject all private (local) networks, along with your own public
787 IP address, at the beginning of your exit policy. See above
788 entry on ExitPolicy. (Default: 1)
789 MaxOnionsPending NUM
791 If you have more than this number of onionskins queued for
792 decrypt, reject new ones. (Default: 100)
793 MyFamily node,node,...
795 Declare that this Tor server is controlled or administered by a
796 group or organization identical or similar to that of the other
797 servers, defined by their identity fingerprints or nicknames.
798 When two servers both declare that they are in the same 'fam‐
799 ily', Tor clients will not use them in the same circuit. (Each
800 server only needs to list the other servers in its family; it
801 doesn't need to list itself, but it won't hurt.)
802 Nickname name
804 Set the server's nickname to 'name'. Nicknames must be between 1
805 and 19 characters inclusive, and must contain only the charac‐
806 ters [a-zA-Z0-9].
807 NumCPUs num
809 How many processes to use at once for decrypting onionskins.
810 (Default: 1)
811 ORPort PORT
813 Advertise this port to listen for connections from Tor clients
814 and servers.
815 ORListenAddress IP[:PORT]
817 Bind to this IP address to listen for connections from Tor
818 clients and servers. If you specify a port, bind to this port
819 rather than the one specified in ORPort. (Default: 0.0.0.0) This
820 directive can be specified multiple times to bind to multiple
821 addresses/ports.
822 PublishServerDescriptor 0|1|v1|v2|v3|bridge, ...
824 This option is only considered if you have an ORPort defined.
825 You can choose multiple arguments, separated by commas.
826 If set to 0, Tor will act as a server but it will not publish
828 its descriptor to the directory authorities. (This is useful if
829 you're testing out your server, or if you're using a Tor con‐
830 troller that handles directory publishing for you.) Otherwise,
831 Tor will publish its descriptor to all directory authorities of
832 the type(s) specified. The value "1" is the default, which means
833 "publish to the appropriate authorities".
834 ShutdownWaitLength NUM
836 When we get a SIGINT and we're a server, we begin shutting down:
837 we close listeners and start refusing new circuits. After NUM
838 seconds, we exit. If we get a second SIGINT, we exit immedi‐
839 ately. (Default: 30 seconds)
840 AccountingMax N bytes|KB|MB|GB|TB
842 Never send more than the specified number of bytes in a given
843 accounting period, or receive more than that number in the
844 period. For example, with AccountingMax set to 1 GB, a server
845 could send 900 MB and receive 800 MB and continue running. It
846 will only hibernate once one of the two reaches 1 GB. When the
847 number of bytes is exhausted, Tor will hibernate until some time
848 in the next accounting period. To prevent all servers from wak‐
849 ing at the same time, Tor will also wait until a random point in
850 each period before waking up. If you have bandwidth cost
851 issues, enabling hibernation is preferable to setting a low
852 bandwidth, since it provides users with a collection of fast
853 servers that are up some of the time, which is more useful than
854 a set of slow servers that are always "available".
855 AccountingStart day|week|month [day] HH:MM
857 Specify how long accounting periods last. If month is given,
858 each accounting period runs from the time HH:MM on the dayth day
859 of one month to the same day and time of the next. (The day
860 must be between 1 and 28.) If week is given, each accounting
861 period runs from the time HH:MM of the dayth day of one week to
862 the same day and time of the next week, with Monday as day 1 and
863 Sunday as day 7. If day is given, each accounting period runs
864 from the time HH:MM each day to the same time on the next day.
865 All times are local, and given in 24-hour time. (Defaults to
866 "month 1 0:00".)
867 ServerDNSResolvConfFile filename
869 Overrides the default DNS configuration with the configuration
870 in filename. The file format is the same as the standard Unix
871 "resolv.conf" file (7). This option, like all other ServerDNS
872 options, only affects name lookups that your server does on
873 behalf of clients. (Defaults to use the system DNS configura‐
874 tion.)
875 ServerDNSAllowBrokenConfig 0|1
877 If this option is false, Tor exits immediately if there are
878 problems parsing the system DNS configuration or connecting to
879 nameservers. Otherwise, Tor continues to periodically retry the
880 system nameservers until it eventually succeeds. (Defaults to
881 "1".)
882 ServerDNSSearchDomains 0|1
884 If set to 1, then we will search for addresses in the local
885 search domain. For example, if this system is configured to
886 believe it is in "example.com", and a client tries to connect to
887 "www", the client will be connected to "www.example.com". This
888 option only affects name lookups that your server does on behalf
889 of clients. (Defaults to "0".)
890 ServerDNSDetectHijacking 0|1
892 When this option is set to 1, we will test periodically to
893 determine whether our local nameservers have been configured to
894 hijack failing DNS requests (usually to an advertising site).
895 If they are, we will attempt to correct this. This option only
896 affects name lookups that your server does on behalf of clients.
897 (Defaults to "1".)
898 ServerDNSTestAddresses address,address,...
900 When we're detecting DNS hijacking, make sure that these valid
901 addresses aren't getting redirected. If they are, then our DNS
902 is completely useless, and we'll reset our exit policy to
903 "reject *:*". This option only affects name lookups that your
904 server does on behalf of clients. (Defaults to "www.google.com,
905 www.mit.edu, www.yahoo.com, www.slashdot.org".)
906 ServerDNSAllowNonRFC953Hostnames 0|1
908 When this option is disabled, Tor does not try to resolve host‐
909 names containing illegal characters (like @ and :) rather than
910 sending them to an exit node to be resolved. This helps trap
911 accidental attempts to resolve URLs and so on. This option only
912 affects name lookups that your server does on behalf of clients.
913 (Default: 0)
914 BridgeRecordUsageByCountry 0|1
916 When this option is enabled and BridgeRelay is also enabled, and
917 we have GeoIP data, Tor keeps a keep a per-country count of how
918 many client addresses have contacted it so that it can help the
919 bridge authority guess which countries have blocked access to
920 it. (Default: 1)
921 ServerDNSRandomizeCase 0|1
923 When this option is set, Tor sets the case of each character
924 randomly in outgoing DNS requests, and makes sure that the case
925 matches in DNS replies. This so-called "0x20 hack" helps resist
926 some types of DNS poisoning attack. For more information, see
927 "Increased DNS Forgery Resistance through 0x20-Bit Encoding".
928 This option only affects name lookups that your server does on
929 behalf of clients. (Default: 1)
930 GeoIPFile filename
932 A filename containing GeoIP data, for use with BridgeRecor‐
933 dUsageByCountry.
934
937 The following options are useful only for directory servers (that is,
938 if DirPort is non-zero):
939 AuthoritativeDirectory 0|1
941 When this option is set to 1, Tor operates as an authoritative
942 directory server. Instead of caching the directory, it gener‐
943 ates its own list of good servers, signs it, and sends that to
944 the clients. Unless the clients already have you listed as a
945 trusted directory, you probably do not want to set this option.
946 Please coordinate with the other admins at tor-ops@freehaven.net
947 if you think you should be a directory.
948 DirPortFrontPage FILENAME
950 When this option is set, it takes an HTML file and publishes it
951 as "/" on the DirPort. Now relay operators can provide a dis‐
952 claimer without needing to set up a separate webserver. There's
953 a sample disclaimer in contrib/tor-exit-notice.html.
954 V1AuthoritativeDirectory 0|1
956 When this option is set in addition to AuthoritativeDirectory,
957 Tor generates version 1 directory and running-routers documents
958 (for legacy Tor clients up to 0.1.0.x).
959 V2AuthoritativeDirectory 0|1
961 When this option is set in addition to AuthoritativeDirectory,
962 Tor generates version 2 network statuses and serves descriptors,
963 etc as described in doc/spec/dir-spec-v2.txt (for Tor clients
964 and servers running 0.1.1.x and 0.1.2.x).
965 V3AuthoritativeDirectory 0|1
967 When this option is set in addition to AuthoritativeDirectory,
968 Tor generates version 3 network statuses and serves descriptors,
969 etc as described in doc/spec/dir-spec.txt (for Tor clients and
970 servers running at least 0.2.0.x).
971 VersioningAuthoritativeDirectory 0|1
973 When this option is set to 1, Tor adds information on which ver‐
974 sions of Tor are still believed safe for use to the published
975 directory. Each version 1 authority is automatically a version‐
976 ing authority; version 2 authorities provide this service
977 optionally. See RecommendedVersions, RecommendedClientVersions,
978 and RecommendedServerVersions.
979 NamingAuthoritativeDirectory 0|1
981 When this option is set to 1, then the server advertises that it
982 has opinions about nickname-to-fingerprint bindings. It will
983 include these opinions in its published network-status pages, by
984 listing servers with the flag "Named" if a correct binding
985 between that nickname and fingerprint has been registered with
986 the dirserver. Naming dirservers will refuse to accept or pub‐
987 lish descriptors that contradict a registered binding. See
988 approved-routers in the FILES section below.
989 HSAuthoritativeDir 0|1
991 When this option is set in addition to AuthoritativeDirectory,
992 Tor also accepts and serves hidden service descriptors.
993 (Default: 0)
994 HSAuthorityRecordStats 0|1
996 When this option is set in addition to HSAuthoritativeDir, Tor
997 periodically (every 15 minutes) writes statistics about hidden
998 service usage to a file hsusage in its data directory.
999 (Default: 0)
1000 HidServDirectoryV2 0|1
1002 When this option is set, Tor accepts and serves v2 hidden ser‐
1003 vice descriptors. Setting DirPort is not required for this,
1004 because clients connect via the ORPort by default. (Default: 1)
1005 BridgeAuthoritativeDir 0|1
1007 When this option is set in addition to AuthoritativeDirectory,
1008 Tor accepts and serves router descriptors, but it caches and
1009 serves the main networkstatus documents rather than generating
1010 its own. (Default: 0)
1011 MinUptimeHidServDirectoryV2 N seconds|minutes|hours|days|weeks
1013 Minimum uptime of a v2 hidden service directory to be accepted
1014 as such by authoritative directories. (Default: 24 hours)
1015 DirPort PORT
1017 Advertise the directory service on this port.
1018 DirListenAddress IP[:PORT]
1020 Bind the directory service to this address. If you specify a
1021 port, bind to this port rather than the one specified in Dir‐
1022 Port. (Default: 0.0.0.0) This directive can be specified multi‐
1023 ple times to bind to multiple addresses/ports.
1024 DirPolicy policy,policy,...
1026 Set an entrance policy for this server, to limit who can connect
1027 to the directory ports. The policies have the same form as exit
1028 policies above.
1029
1032 RecommendedVersions STRING
1033 STRING is a comma-separated list of Tor versions currently
1034 believed to be safe. The list is included in each directory, and
1035 nodes which pull down the directory learn whether they need to
1036 upgrade. This option can appear multiple times: the values from
1037 multiple lines are spliced together. When this is set then Ver‐
1038 sioningAuthoritativeDirectory should be set too.
1039 RecommendedClientVersions STRING
1041 STRING is a comma-separated list of Tor versions currently
1042 believed to be safe for clients to use. This information is
1043 included in version 2 directories. If this is not set then the
1044 value of RecommendedVersions is used. When this is set then
1045 VersioningAuthoritativeDirectory should be set too.
1046 RecommendedServerVersions STRING
1048 STRING is a comma-separated list of Tor versions currently
1049 believed to be safe for servers to use. This information is
1050 included in version 2 directories. If this is not set then the
1051 value of RecommendedVersions is used. When this is set then
1052 VersioningAuthoritativeDirectory should be set too.
1053 DirAllowPrivateAddresses 0|1
1055 If set to 1, Tor will accept router descriptors with arbitrary
1056 "Address" elements. Otherwise, if the address is not an IP
1057 address or is a private IP address, it will reject the router
1058 descriptor. Defaults to 0.
1059 AuthDirBadDir AddressPattern...
1061 Authoritative directories only. A set of address patterns for
1062 servers that will be listed as bad directories in any network
1063 status document this authority publishes, if AuthDirListBadDirs
1064 is set.
1065 AuthDirBadExit AddressPattern...
1067 Authoritative directories only. A set of address patterns for
1068 servers that will be listed as bad exits in any network status
1069 document this authority publishes, if AuthDirListBadExits is
1070 set.
1071 AuthDirInvalid AddressPattern...
1073 Authoritative directories only. A set of address patterns for
1074 servers that will never be listed as "valid" in any network sta‐
1075 tus document that this authority publishes.
1076 AuthDirReject AddressPattern...
1078 Authoritative directories only. A set of address patterns for
1079 servers that will never be listed at all in any network status
1080 document that this authority publishes, or accepted as an OR
1081 address in any descriptor submitted for publication by this
1082 authority.
1083 AuthDirListBadDirs 0|1
1085 Authoritative directories only. If set to 1, this directory has
1086 some opinion about which nodes are unsuitable as directory
1087 caches. (Do not set this to 1 unless you plan to list non-func‐
1088 tioning directories as bad; otherwise, you are effectively vot‐
1089 ing in favor of every declared directory.)
1090 AuthDirListBadExits 0|1
1092 Authoritative directories only. If set to 1, this directory has
1093 some opinion about which nodes are unsuitable as exit nodes.
1094 (Do not set this to 1 unless you plan to list non-functioning
1095 exits as bad; otherwise, you are effectively voting in favor of
1096 every declared exit as an exit.)
1097 AuthDirRejectUnlisted 0|1
1099 Authoritative directories only. If set to 1, the directory
1100 server rejects all uploaded server descriptors that aren't
1101 explicitly listed in the fingerprints file. This acts as a
1102 "panic button" if we get hit with a Sybil attack. (Default: 0)
1103 AuthDirMaxServersPerAddr NUM
1105 Authoritative directories only. The maximum number of servers
1106 that we will list as acceptable on a single IP address. Set
1107 this to "0" for "no limit". (Default: 2)
1108 AuthDirMaxServersPerAuthAddr NUM
1110 Authoritative directories only. Like AuthDirMaxServersPerAddr,
1111 but applies to addresses shared with directory authorities.
1112 (Default: 5)
1113 V3AuthVotingInterval N minutes|hours
1115 V3 authoritative directories only. Configures the server's pre‐
1116 ferred voting interval. Note that voting will actually happen
1117 at an interval chosen by consensus from all the authorities'
1118 preferred intervals. This time SHOULD divide evenly into a day.
1119 (Default: 1 hour)
1120 V3AuthVoteDelay N minutes|hours
1122 V3 authoritative directories only. Configures the server's pre‐
1123 ferred delay between publishing its vote and assuming it has all
1124 the votes from all the other authorities. Note that the actual
1125 time used is not the server's preferred time, but the consensus
1126 of all preferences. (Default: 5 minutes.)
1127 V3AuthDistDelay N minutes|hours
1129 V3 authoritative directories only. Configures the server's pre‐
1130 ferred delay between publishing its consensus and signature and
1131 assuming it has all the signatures from all the other authori‐
1132 ties. Note that the actual time used is not the server's pre‐
1133 ferred time, but the consensus of all preferences. (Default: 5
1134 minutes.)
1135 V3AuthNIntervalsValid NUM
1137 V3 authoritative directories only. Configures the number of
1138 VotingIntervals for which each consensus should be valid for.
1139 Choosing high numbers increases network partitioning risks;
1140 choosing low numbers increases directory traffic. Note that the
1141 actual number of intervals used is not the server's preferred
1142 number, but the consensus of all preferences. Must be at least
1143 2. (Default: 3.)
1144
1148 The following options are used to configure a hidden service.
1149 HiddenServiceDir DIRECTORY
1151 Store data files for a hidden service in DIRECTORY. Every hid‐
1152 den service must have a separate directory. You may use this
1153 option multiple times to specify multiple services.
1154 HiddenServicePort VIRTPORT [TARGET]
1156 Configure a virtual port VIRTPORT for a hidden service. You may
1157 use this option multiple times; each time applies to the service
1158 using the most recent hiddenservicedir. By default, this option
1159 maps the virtual port to the same port on 127.0.0.1. You may
1160 override the target port, address, or both by specifying a tar‐
1161 get of addr, port, or addr:port. You may also have multiple
1162 lines with the same VIRTPORT: when a user connects to that VIRT‐
1163 PORT, one of the TARGETs from those lines will be chosen at ran‐
1164 dom.
1165 PublishHidServDescriptors 0|1
1167 If set to 0, Tor will run any hidden services you configure, but
1168 it won't advertise them to the rendezvous directory. This option
1169 is only useful if you're using a Tor controller that handles
1170 hidserv publishing for you. (Default: 1)
1171 HiddenServiceVersion version,version,...
1173 A list of rendezvous service descriptor versions to publish for
1174 the hidden service. Possible version numbers are 0 and 2.
1175 (Default: 0, 2)
1176 HiddenServiceAuthorizeClient auth-type client-name,client-name,...
1178 If configured, the hidden service is accessible for authorized
1179 clients only. The auth-type can either be 'basic' for a general-
1180 purpose authorization protocol or 'stealth' for a less scalable
1181 protocol that also hides service activity from unauthorized
1182 clients. Only clients that are listed here are authorized to
1183 access the hidden service. Valid client names are 1 to 19 char‐
1184 acters long and only use characters in A-Za-z0-9+-_ (no spaces).
1185 If this option is set, the hidden service is not accessible for
1186 clients without authorization any more. Generated authorization
1187 data can be found in the hostname file. Clients need to put this
1188 authorization data in their configuration file using HidSer‐
1189 vAuth.
1190 RendPostPeriod N seconds|minutes|hours|days|weeks
1192 Every time the specified period elapses, Tor uploads any ren‐
1193 dezvous service descriptors to the directory servers. This
1194 information is also uploaded whenever it changes. (Default: 20
1195 minutes)
1196
1199 The following options are used for running a testing Tor network.
1200 TestingTorNetwork 0|1
1202 If set to 1, Tor adjusts default values of the configuration
1203 options below, so that it is easier to set up a testing Tor net‐
1204 work. May only be set if non-default set of DirServers is set.
1205 Cannot be unset while Tor is running. (Default: 0)
1206 ServerDNSAllowBrokenConfig 1
1208 DirAllowPrivateAddresses 1
1209 EnforceDistinctSubnets 0
1210 AssumeReachable 1
1211 AuthDirMaxServersPerAddr 0
1212 AuthDirMaxServersPerAuthAddr 0
1213 ClientDNSRejectInternalAddresses 0
1214 ExitPolicyRejectPrivate 0
1215 V3AuthVotingInterval 5 minutes
1216 V3AuthVoteDelay 20 seconds
1217 V3AuthDistDelay 20 seconds
1218 TestingV3AuthInitialVotingInterval 5 minutes
1219 TestingV3AuthInitialVoteDelay 20 seconds
1220 TestingV3AuthInitialDistDelay 20 seconds
1221 TestingAuthDirTimeToLearnReachability 0 minutes
1222 TestingEstimatedDescriptorPropagationTime 0 minutes
1223 TestingV3AuthInitialVotingInterval N minutes|hours
1225 Like V3AuthVotingInterval, but for initial voting interval
1226 before the first consensus has been created. Changing this
1227 requires that TestingTorNetwork is set. (Default: 30 minutes)
1228 TestingV3AuthInitialVoteDelay N minutes|hours
1230 Like TestingV3AuthInitialVoteDelay, but for initial voting
1231 interval before the first consensus has been created. Changing
1232 this requires that TestingTorNetwork is set. (Default: 5 min‐
1233 utes)
1234 TestingV3AuthInitialDistDelay N minutes|hours
1236 Like TestingV3AuthInitialDistDelay, but for initial voting
1237 interval before the first consensus has been created. Changing
1238 this requires that TestingTorNetwork is set. (Default: 5 min‐
1239 utes)
1240 TestingAuthDirTimeToLearnReachability N minutes|hours
1242 After starting as an authority, do not make claims about whether
1243 routers are Running until this much time has passed. Changing
1244 this requires thatTestingTorNetwork is set. (Default: 30 min‐
1245 utes)
1246 TestingEstimatedDescriptorPropagationTime N minutes|hours
1248 Clients try downloading router descriptors from directory caches
1249 after this time. Changing this requires that TestingTorNetwork
1250 is set. (Default: 10 minutes)
1251
1255 Tor catches the following signals:
1256 SIGTERM
1258 Tor will catch this, clean up and sync to disk if necessary, and
1259 exit.
1260 SIGINT Tor clients behave as with SIGTERM; but Tor servers will do a
1262 controlled slow shutdown, closing listeners and waiting 30 sec‐
1263 onds before exiting. (The delay can be configured with the
1264 ShutdownWaitLength config option.)
1265 SIGHUP The signal instructs Tor to reload its configuration (including
1267 closing and reopening logs), fetch a new directory, and kill and
1268 restart its helper processes if applicable.
1269 SIGUSR1
1271 Log statistics about current connections, past connections, and
1272 throughput.
1273 SIGUSR2
1275 Switch all logs to loglevel debug. You can go back to the old
1276 loglevels by sending a SIGHUP.
1277 SIGCHLD
1279 Tor receives this signal when one of its helper processes has
1280 exited, so it can clean up.
1281 SIGPIPE
1283 Tor catches this signal and ignores it.
1284 SIGXFSZ
1286 If this signal exists on your platform, Tor catches and ignores
1287 it.
1288
1291 /etc/tor/torrc
1292 The configuration file, which contains "option value" pairs.
1293 /var/lib/tor/
1295 The tor process stores keys and other data here.
1296 DataDirectory/cached-status/*
1298 The most recently downloaded network status document for each
1299 authority. Each file holds one such document; the filenames are
1300 the hexadecimal identity key fingerprints of the directory
1301 authorities.
1302 DataDirectory/cached-descriptors and cached-descriptors.new
1304 These files hold downloaded router statuses. Some routers may
1305 appear more than once; if so, the most recently published
1306 descriptor is used. Lines beginning with @-signs are annota‐
1307 tions that contain more information about a given router. The
1308 ".new" file is an append-only journal; when it gets too large,
1309 all entries are merged into a new cached-routers file.
1310 DataDirectory/cached-routers and cached-routers.new
1312 Obsolete versions of cached-descriptors and cached-descrip‐
1313 tors.new. When Tor can't find the newer files, it looks here
1314 instead.
1315 DataDirectory/state
1317 A set of persistent key-value mappings. These are documented in
1318 the file. These include:
1319 - The current entry guards and their status.
1320 - The current bandwidth accounting values (unused so far; see
1321 below).
1322 - When the file was last written
1323 - What version of Tor generated the state file
1324 - A short history of bandwidth usage, as produced in the router
1325 descriptors.
1326 DataDirectory/bw_accounting
1328 Used to track bandwidth accounting values (when the current
1329 period starts and ends; how much has been read and written so
1330 far this period). This file is obsolete, and the data is now
1331 stored in the 'state' file as well. Only used when bandwidth
1332 accounting is enabled.
1333 DataDirectory/hsusage
1335 Used to track hidden service usage in terms of fetch and publish
1336 requests to this hidden service authoritative directory. Only
1337 used when recording of statistics is enabled.
1338 DataDirectory/control_auth_cookie
1340 Used for cookie authentication with the controller. Location can
1341 be overridden by the CookieAuthFile config option. Regenerated
1342 on startup. See control-spec.txt for details. Only used when
1343 cookie authentication is enabled.
1344 DataDirectory/keys/*
1346 Only used by servers. Holds identity keys and onion keys.
1347 DataDirectory/fingerprint
1349 Only used by servers. Holds the fingerprint of the server's
1350 identity key.
1351 DataDirectory/approved-routers
1353 Only for naming authoritative directory servers (see NamingAu‐
1354 thoritativeDirectory). This file lists nickname to identity
1355 bindings. Each line lists a nickname and a fingerprint sepa‐
1356 rated by whitespace. See your fingerprint file in the DataDi‐
1357 rectory for an example line. If the nickname is !reject then
1358 descriptors from the given identity (fingerprint) are rejected
1359 by this server. If it is !invalid then descriptors are accepted
1360 but marked in the directory as not valid, that is, not recom‐
1361 mended.
1362 DataDirectory/router-stability
1364 Only used by authoritative directory servers. Tracks measure‐
1365 ments for router mean-time-between-failures so that authorities
1366 have a good idea of how to set their Stable flags.
1367 HiddenServiceDirectory/hostname
1369 The <base32-encoded-fingerprint>.onion domain name for this hid‐
1370 den service. If the hidden service is restricted to authorized
1371 clients only, this file also contains authorization data for all
1372 clients.
1373 HiddenServiceDirectory/private_key
1375 The private key for this hidden service.
1376 HiddenServiceDirectory/client_keys
1378 Authorization data for a hidden service that is only accessible
1379 by authorized clients.
1380
1382 privoxy(1), tsocks(1), torify(1)
1383 https://www.torproject.org/
1385
1388 Plenty, probably. Tor is still in development. Please report them.
1389
1391 Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.
1392TOR January 2009 TOR(1)