Skip to content

Haveno using OS provided tor aka little-t-tor

Since Haveno v1.0.10 there is the DirectBindTor option. This means that we can create and use a HiddenService (aka Onion Service) with portforward 9999 with tor (the network daemon) provided by the operating system.

Debian

Ubuntu and other Debian based as well as almost any OS with systemd

1. Configure a HiddenService in: /etc/tor/torrc

# Haveno incoming anonymity connections
HiddenServiceDir /var/lib/tor/haveno_service/
HiddenServicePort 9999 127.0.0.1:9999
HiddenServicePort 9999 [::1]:9999
HiddenService options

Not needed for Haveno-desktop daemon. Useful for seednodes or your own monerod.

# HiddenService options are per onion service:
##
## Rate limiting at the Introduction Points
HiddenServiceEnableIntroDoSDefense 1
#HiddenServiceEnableIntroDoSRatePerSec 25       # (Default: 25)
#HiddenServiceEnableIntroDoSBurstPerSec 200     # (Default: 200)

# Number of introduction points the hidden service will have. You can’t have more than 20.
#HiddenServiceNumIntroductionPoints 3           # (Default: 3)

## https://onionservices.torproject.org/technology/pow/#configuring-an-onion-service-with-the-pow-protection
## Proof of Work (PoW) before establishing Rendezvous Circuits
## The lower the queue and burst rates, the higher the puzzle effort tends to be for users.
HiddenServicePoWDefensesEnabled 1
#HiddenServicePoWQueueRate 200           # (Default: 250)
#HiddenServicePoWQueueBurst 1000         # (Default: 2500)
#CompiledProofOfWorkHash auto           # (Default: auto)

## Stream limits in the established Rendezvous Circuits
HiddenServiceMaxStreams 10
HiddenServiceMaxStreamsCloseCircuit 1

Reload Tor config to create the HiddenService with: sudo systemctl reload tor
Get Your_HiddenService_address sudo cat /var/lib/tor/haveno_service/hostname

2. Start Haveno with Your_HiddenService_address

/opt/haveno/bin/Haveno --hiddenServiceAddress=Your_HiddenService_address.onion --nodePort=9999

Whonix

We need to configure 2 files on the Whonix system. In the different Whonix types, the two files to be edited are in different places.
If using Qubes-Whonix read (1. Whonix Wiki-Link) how to get your IP!

  1. Create a HiddenService on Whonix-Gateway
  2. Open Whonix-Workstation Firewall Port 9999

1. Create a HiddenService on the Whonix-Gateway

File paths are of non-Qubes Whonix running in VirtualBox or KVM - Whonix with Xfce graphical user interface (GUI)

Info

There is a provided Tor Examples Button for torrc.examples &
Tor User Config in the Whisker Menu Application -> System
Please open torrc.examples in your Whonix VM and look at the IP in the webserver example!
You can use the Tor User Config Button or sudoedit in Terminal to edit 50_user.conf

sudoedit /usr/local/etc/torrc.d/50_user.conf

# Haveno incoming anonymity connections
HiddenServiceDir /var/lib/tor/haveno_service/
HiddenServicePort 9999 10.152.152.11:9999
and save the file.

Info

HiddenServiceVersion 3 as in the examples of the Whonix wiki is not required, this is the Tor default. v2 hasn't been supported in Tor for years!

Reload Tor config to create the HiddenService with: sudo systemctl reload tor
Heck, there's even a GUI button for: Reload Tor ;-)
Get Your_HiddenService_address with: sudo cat /var/lib/tor/haveno_service/hostname
Copy it for your Whonix-Workstation.

Whonix-Gateway is ready, switch to Whonix-Workstation.

2. Edit Whonix-Workstation firewall configuration to open port 9999

Info

There is Global Firewall Settings in the Whisker Menu Application -> System whith examples & notes.
You can use the User Firewall Settings Button or sudoedit in Terminal to edit 50_user.conf

sudoedit /etc/whonix_firewall.d/50_user.conf

# Open TCP port on all network interfaces, gateway as well as (if any) tunnel (VPN) interfaces.
EXTERNAL_OPEN_PORTS+=" 9999 "
and save the file.

Reload Whonix Firewall using: sudo /usr/bin/whonix_firewall
There's even a GUI button for: Reload Firewall ;-)

That was all to configure a HiddenService for our Haveno app in Whonix.

3. Haveno Download & Install Haveno on Whonix-Workstation

  1. Download the latest version of the .deb & .sig version of Haveno-reto (now renamed RetoSwap) from https://github.com/retoaccess1/haveno-reto/releases/ or https://RetoSwap.com
    (eg: for RetoSwap v1.0.18, download https://github.com/retoaccess1/haveno-reto/releases/download/v1.0.18/haveno-linux-deb.zip & https://github.com/retoaccess1/haveno-reto/releases/download/v1.0.18/haveno-linux-deb.zip.sig).
    It should download automatically to /home/user/.tb/tor-browser/Browser/Downloads/

  2. Verify the signature

Download RetoSwap Public Key wget https://retoswap.com/reto_public.asc
List Fingerprint: gpg --show-keys --with-fingerprint reto_public.asc
TODO: RetoSwap arbs should post Fpr on website and SimpleX-Chat welcome message!
gpg --import reto_public.asc
gpg --edit-key DAA24D878B8D36C90120A897CA02DAC12DAE2D0F
trust <- You may chose 3 or 4
save

Downloading, verifying and trusting keys is a one-time thing. Binaries are verified after each download.

cd /home/user/.tb/tor-browser/Browser/Downloads/
gpg --verify haveno-linux-deb.zip.sig && sha512sum haveno-linux-deb.zip

  1. Extract the archive: right-click on the downloaded .zip (eg: /home/user/.tb/tor-browser/Browser/Downloads/haveno-linux-deb.zip), click “Extract Here”
  2. Install the .deb: open the newly extracted folder /home/user/.tb/tor-browser/Browser/Downloads/haveno-linux-deb/, and in a terminal window on Whonix-Workstation, type sudo dpkg -i (with a trailing space) and then drag the .deb installer from the folder into the terminal to complete the filepath (eg: for Haveno-reto v1.0.18, it should be
    sudo dpkg -i '/home/user/.tb/tor-browser/Browser/Downloads/haveno-linux-deb/haveno-v1.0.18-linux-x86_64-installer.deb. Press enter, Haveno-reto should be installed to /opt/haveno/. If it fails because of missing dependencies, run the command sudo apt install -f to download and install the missing dependencies, and then try the original sudo dpkg -i '[...].deb' command again.
Info

Alternative install in a terminal window
(I prefer to have everything in the User Downloads folder)
cd /home/user/.tb/tor-browser/Browser/Downloads/
gpg --verify haveno-linux-deb.zip.sig && sha512sum haveno-linux-deb.zip
unzip haveno-linux-deb.zip -d /home/user/Downloads/Haveno
sudo dpkg -i /home/user/Downloads/Haveno/haveno-v*-linux-x86_64-installer.deb

Haveno Launcher should be in Applications -> Internet You must edit it to:
/opt/haveno/bin/Haveno --hiddenServiceAddress=Your_HiddenService_address.onion --nodePort=9999

Remember

Your_HiddenService_address is the saved output from Whonix-Gateway
sudo cat /var/lib/tor/haveno_service/hostname

If not create a desktop shortcut: copy (or drag) `/opt/haveno/lib/haveno-Haveno.desktop to your desktop and add the cmdline options like in the launcher above.

You can list all available haveno-desktop options for cmdline:
/opt/haveno/bin/Haveno -h
or to use in /home/user/.local/share/Haveno-reto/haveno.properties

Qubes OS

There is a script that uses Haveno with DirectBindTor (currently pull request)

Script to create appvm to run Haveno on qubes