OmniMix • Tutorial • Tor • Configuration

In order to hide your communication with the Mixmaster network, OmniMix has to bypass your ISP's mail server and connect directly to the entry remailer via the Tor network. Provided that Tor is installed on your system and running, activate the routing through Tor for the specific task by specifying the SOCKS protocol, which OmniMix has to use for the communication with Tor.

Ctrl_All_AnonMailS_Anon_Dialog_Socks

E.g. to access the 'Anon Mail Host' by selecting SOCKS version 4, you have to enter the IP address of the remailer into the 'Host' field of the 'Anon Mail S(MTP)' tab, version 4a requires the host name, whereas with version 5 you have the choice. To access a hidden service, enter its name (ending with '.onion') as the remailer's host name. Since in this case Tor has to resolve a name, the protocol alternatives are only SOCKS version 4a and 5.

Like Vidalia, the controller software that comes with Tor, OmniMix is capable of interacting with Tor in many ways, launching, remote controlling and shutting down the Tor instance it uses. That's what the options under the 'Tor' tab are designated for.

There's always a risk that the Tor connections of different simultaneous tasks use the same routing up to the exit node, which may allow an adversary sitting there to figure out relations. Therefore, even if you already use Tor with your webbrowser, it's advisable to separate communication by running another instance for exclusive access by OmniMix, which is easy to achieve:

Ctrl_All_Tor_Run

At the 'Run' tab set the paths to Tor ('tor.exe') and its configuration file ('torrc'). With a 'Start' button click OmniMix launches that Tor executable and, with 'Autoconnect' at the 'Control' tab activated, establishes a connection with its control port. After clicking 'Shutdown' OmniMix orders Tor to shut down, then closes the control port connection. To start and stop Tor automatically in conjunction with OmniMix itself activate 'Autostart' and 'Autoclose'.

At least for your first experiments it can be wise to check the 'Tor Window' box, which opens a command window when starting Tor, showing the logged data and allowing to terminate the program by closing this window instead of having to end the 'tor.exe' process from within the Windows Task Manager. Finally when Tor runs and connects correctly uncheck the box to get rid of that window.

With 'Check DNS' it's possible to recognize unsecure domain name resolutions, as it makes Tor generate a notice-level event for each connection to the SOCKS port, indicating whether the request uses a domain name or an IP address. Thereby it allows to detect the revelation of communication targets via unsecured DNS requests. If Tor gets an IP address it may have been resolved with a direct DNS server access bypassing the Tor gateway, which means that your target address has become public.

A message like the following appearing in the Tor log therefore indicates, that everything is all right:

17:01:25.062 650 NOTICE Your application (using socks5 to port 25) instructed Tor to take care of the DNS resolution itself if necessary. This is good.

This option only takes effect with Tor instances newly launched by OmniMix.

When Tor is started and a control port connection established the color of both Tor activity scales in the indicator field change from grey to yellow. If that doesn't happen first check whether a new 'tor.exe' entry shows up in the Processes list of the Windows Task Manager. Furthermore look whether the paths to Tor and its configuration file are set correctly and whether SOCKS and control port through which Tor tries to communicate are available and not already occupied by another application.

Ctrl_All_Tor_Config

Setting 'Host', the address of the Tor instance, and 'Port', its SOCKS port, at the 'Config' tab is mandatory to allow OmniMix to route external connections with servers on the Internet through Tor's anonymizing SOCKS proxy service. The Tor SOCKS port number of the OmniMix system defaults to 9054, as 9050 and 9150 are usually occupied by a standard Tor installation resp. the Tor Browser. Shut down Tor before changing the port number.

Ctrl_All_Tor_Control

Using the 'Host' location from the 'Config' tab, the 'Port' parameter at the 'Control' tab is required to connect with Tor's control port in order to send commands and retrieve status data, which then are displayed at the 'Tor' list. The Tor control port number of the OmniMix system defaults to 9055, as 9051 and 9151 are usually occupied by a standard Tor installation resp. the Tor Browser. Shut down Tor before changing the port number.

To protect Tor's control port from unauthorized access there are two authentication methods, both supported by OmniMix. Switching between them requires editing the 'torrc' configuration file manually.

If you intend to control Tor from different computers, 'Password' authentication would be the right choice. At the 'ConTor' tab select 'Password' authentication and enter your password, e.g. 'my_password'. Be aware, that leading and trailing spaces are relevant! Then at the command prompt within the Tor directory calculate the hash value for the chosen password with the command

g:\Programs\OmniMix\tor>tor --hash-password my_password
Oct 06 22:36:45.707 [notice] Tor v0.1.1.23. This is experimental software. Do not rely on it for strong anonymity.
16:56DDB73813D8F525606245C49111696B791B87D7DCEFF575083DB78D31

Finally, to enable Tor to check, whether the sent password is correct, add the 'HashedControlPassword' option with the resulting hash code to the 'torrc' file

HashedControlPassword 16:56DDB73813D8F525606245C49111696B791B87D7DCEFF575083DB78D31

The alternative to a constant password would be the 'Cookie' authentication method, where at each launch Tor generates a file named 'control_auth_cookie' anew within its data directory containing 32 random bytes. Those bytes then have to be read by the controller application in order to use them for authentication. That's why apart from the activation of that method by adding

CookieAuthentication 1

to the 'torrc' file, the location of this file has to be set by means of the 'Cookie' file selector.

Cookie authentication, which usually is limited to local controllers, as it requires access to a file in Tor's data folder, is the default method when using the OmniMix system's Tor instance.

There are further torrc parameters relevant for anonymity reasons:

•	MaxCircuitDirtiness	defines for how long (in seconds) Tor continues reusing a circuit for new connections. 'MaxCircuitDirtiness 0' makes Tor set up a new route for every connection request.
•	NewCircuitPeriod	determines how often (in seconds) Tor retries making new circuits if current ones are dirty, which means already used.

At the 'Command' tab you find all instruments to influence a running Tor instance, but for sending commands a connection to the control port of the respective Tor instance has to be established.

Ctrl_All_Tor_Command

At the 'Events' list select the data you want to be logged at the 'Tor' tab. If you're connected press 'Set' to transfer the new settings to Tor. With 'Off' no more data are listed. That's advisable in particular for the period you request certain data from Tor by selecting an item from the dropdown list and pressing the 'Info' button. Otherwise you'd get a mixture of Tor events and the specific data you requested.

Once connected

•	Info	requests the information specified by the pulldown menu adjacent to it.
•	NewNym	initiates the switch to a clean server circuit. This is a secure way to use separate Tor circuits for different jobs that are done one after another.

The available 'Info' data are

•	Version	The version of the server's software, including the name of the software.
•	Config location	The path to Tor's configuration file 'torrc' on your disc.
•	Network Status	A short space-separated listing of all router identities.
•	Known Routers	A detailed listing of all routers known to Tor and their characteristics.
•	IP Address	The best guess at our external IP address.
•	Circuit Status	Information about the circuits built.
•	Stream Status	Information about the stream status.
•	Connection Status	Information about the onion routing connection status.
•	Entry Guards	Listing of the currently chosen entry guards.

A smart way to access the OmniMix system at home from throughout the Internet are Tor Hidden Services. You don't have to know the server's IP address and the communication is completely hidden and end-to-end encrypted, as it never leaves the Tor network.

The 'Hidden' tab allows to attach four local server ports, which don't necessarily have to be offered by OmniMix, to the Tor network, making them available from the Internet.

Ctrl_All_Tor_Hidden

For each of the local services you intend to offer you just have to check the 'Active' box, enter the port number under which it has to be accessed from the Internet at 'Port Ext', the local IP address of your service at 'Address Int' and its local port number at 'Port Int'. To install the Hidden Service Tor finally has to be restarted. It now initializes the Hidden Service by creating an encryption key associated with a random .onion address, the future address of your Hidden Service. These credentials are stored in the files 'hostname' and 'private_key', located in the folder defined in the 'Hidden Svc Dir' field. You may backup them in a safe place.

Ctrl_All_Tor_Data

Instead of reading your Hidden Service's .onion address directly from the 'hostname' file you can also get it from the 'Data' tab. With a click on 'Update' OmniMix not only requests the Hidden Service's address, which you can copy to the clipboard by using the '*' button. It also tries to retrieve Tor's current SOCKS and control port number as well as, if available, the WAN IP address of Tor's host computer. By the way, the latter offers OmniMix a great opportunity to replace external DDNS services, which is explained in the 'TorIP' chapter.

If you want to change the .onion address because you don't like the randomly created term, or you need a new one for a different task, press the '-' button next to the 'HS Address' field and restart Tor. But keep in mind, only backing up the files 'hostname' and 'private_key' from the Hidden Service directory before they are removed with a reset allows you to reactivate the old address some day.