Remote acces IP hiding

Just wondering about the options to hide IP when connecting to a node from ouside the local network.

Firstly what are the use cases of wanting to acces the node from remote? Are mobile options like Zeus exposing the IP by default? If I only do transactions from my local network I woud never het to set up remote acces I guess.

Looking into option there are:
Tor: many advise to avoid it because it is slow and not always stable but is the most secure way
VPN; possible from a host system with 'start OS 'on top and from some routers not from the ‘start OS’ as a app as far as I can see.

What would you go for and why or why bother anyway?

1 Like

When connecting to services on your server from outside you will only be able to do so via the Tor network so no IP will be exposed. This stands for connecting wallets like Zeus to lightning nodes.

You can do everything via .local if you like, it’ll just be faster than Tor and similarly will expose nothing.

A VPN is a solution we’ll have soon which will allow the faster access of your LAN without the issues of Tor’s slow speed.

Nothing happening on our servers exposes your IP address except your bitcoin and lightning nodes which can connect to other nodes in the network via IP. If you’d like to disable that you can in the config for those services.

2 Likes

Hi Mechanic,
Thanks for the respons.
Exposing my public dynamic IP address via the BTC and LND services seems to be the default. The current solution to hide is is Tor. How much slower woud this make transactions etc. and waht risks am I covering if I do? I guess I am asking for the trade-offs here.

kind regards, Har

This is a personal choice that you will have to make for yourself. Tor is much more private, but you may experience slow-downs or unreliability at times. I personally use Tor for everything and rarely experience issues, but your mileage will vary. You may also want to consider the existing network you have - if it is not the best, then you may want to avoid using Tor. Later this year we will be adding more connectivity options, and your choice will likely become much simpler.

Hi I’m a new Start OS user and I love StartOS so far. With exception of one thing, and I’ll come to that frustration in a moment.

My first question is, is there any update for implementation of VPN service for StartOS? Because in the post you stated to have a VPN service soon (and that was in May this year:) Normally I have a very fast internet network and in modern times it is really unacceptable to have between 10 and 30 seconds of wait time for a page to appear. Tor is really completely unusable. At times the connections are even completely dropped. I have a feeling I’m catapulted back to the time of 56k modem connections.

I love your OS and the possibilities it brings. But I have a feeling you have completely abandoned usability to gain privacy by using Tor and good VPN would be a good middle ground for a lot of users (including me). Because it would be a shame to abandon your excellent software due to frustration that Tor brings in everyday use. I even found out that you force the use of Tor addresses (like for Mempool) when using it on local network (frustration, why?!).

At moment I have a feeling I would completely abandon privacy just not to have to deal with unususable Tor cr@p (sorry for the language).
Please make your OS usable again and minimize or abandon Tor! There must be a better solution in 2023…

To clarify, our “implementation of a VPN,” is now a foundational architecture change to allow any arbitrary networking protocol to be used by any service on StartOS, individually, and at the users’ discretion. This is a much more involved feature, as well as one that (to our knowledge) does not exist in any other project in any manner that is approachable to a general user. This will be much more powerful and flexible than just hacking in a VPN option. We have traditionally been bad at making timeline predictions, and for that we apologize, but we can promise it will be worth the wait. There is no ETA at this time. It will be released when it is ready.

In the meantime, it sounds like you are having some problems, and we can most likely fix those problems. One simple fix - Mempool is absolutely available on its .local address when you are on your LAN, so there is no need for you to use the .onion in this case. Regarding Tor - you likely have a problem here as well. I personally use Tor every day to access my StartOS servers and services, and it is reliable and quick 90-95% of the time. I’d be happy to help you debug your tor connections. Please begin by ensuring you are on the latest version of StartOS (v0.3.4.4), as we have made many tor connection improvements in the past few updates.

Hi I appreciate the response and good to hear that the overall experience should be much better. However it is true that currently .local services do not work on my local network at all, not even in the Tor browser. And .onion address takes between 20 and 40 seconds to load, which is very aggrevating.

I am running the latest version of StartOS (v0.3.4.4). I just looked if Tor needs some special NAT forwarding but it doesn’t. I’m not a novice in IT, but I am new to Tor protocol. So if you could point me in general direction(s) as to what could cause my server or network to not be able to reach .local (update: I have solved the problem with non reachable .local services, see my update below!).
I have clear access via the router to my ISP. It’s fibre so it has very low latency and plenty of broadband. Normally I never have internet issues, everything runs very smooth and snappy.

Problem with not available .local addresses solved!

Troubleshooting:
I figured out the problem regarding not finding .local services. I first checked the .local addresses with my Android phone (you can conveniently scan the QR code next to the service url!) and to my surprise the services loaded immediately. As the phone is connected to the same router and I checked the IP addresses I knew the problem could not be in the network.
As I’ve already imported the server certificate to the PC I turned my eyes to the Bonjour service.

Solution:
The solution was to go into the Windows Apps and uninstall the currently installed Bonjour service package I had on my PC. I then downloaded the package via Start9 website . I reinstalled this newly downloaded package and voila!
I didn’t even have to restart the PC, the local addresses loaded snappy and at once.
I’m typing this here in hope that if anyone else encounters the same problem it might help them to sort it out quickly.
The solution was right there on Start9 website, I just didn’t think of it as my PC already had a version of it installed. Unfortunately I didn’t note the Bonjour version I had, I’m now speculating that it might have been an old version. As apparently Bonjour service is provided not by Microsoft but by…Apple! :laughing:

The only problem remaining now is the absurdly slow Tor. That could be a network thing, but I have no idea how to troubleshoot it:/

Tor Browser does not support .local addresses, so you will need to use a different browser for those. It is typical that tor is slower than a standard connection, be sure to use https for your main UI and for the services that support it, as that provides a performance increase.

Glad you found the Bonjour issue, it is a very common one and we will be deprecating the need for this software in v040 as well.

A good place to first check for issues is to search this forum - you may find your questions have already been answered.