💾 Archived View for perso.pw › blog › articles › openbsd-privacy-friendly-mirror.gmi captured on 2024-05-26 at 14:30:32. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-06-16)

-=-=-=-=-=-=-

OpenBSD mirror over Tor / I2P

• Author: Solène
• Date: 25 May 2024
• Tags: privacy openbsd tor i2p

Comment on Mastodon

Introduction

For an upcoming privacy related article about OpenBSD I needed to setup an access to an OpenBSD mirror both from a Tor hidden service and I2P.

The server does not contain any data, it only act as a proxy fetch files from a random existing OpenBSD mirror, so it does not waste bandwidth mirroring everything, the server does not have the storage required anyway. There is a little cache to keep most requested files locally.

Wikipedia page about I2P protocol

Wikipedia page about Tor

It is only useful if you can not reach OpenBSD mirrors, or if you really need to hide your network activity. Tor or I2P will be much slower than connecting to a mirror using HTTP(s).

However, as they exist now, let me explain how to start using them.

Tor

Using a client with tor proxy enabled, you can reach the following address to download installers or sets.

OpenBSD onion mirror over Tor

If you want to install or update your packages from tor, you can use the onion address in `/etc/installurl`. However, it will not work for sysupgrade and syspatch, and you need to export the variable `FETCH_CMD="/usr/local/bin/curl -L -s -q -N -x socks5h://127.0.0.1:9050"` in your environment to make `pkg_*` programs able to use the mirror.

To make sysupgrade or syspatch able to use the onion address, you need to have the program `torsocks` installed, and patch the script to use torsocks:

• `sed -i 's,ftp -N,/usr/local/bin/torsocks &,' /usr/sbin/sysupgrade` for sysupgrade
• `sed -i 's,ftp -N,/usr/local/bin/torsocks &,' /usr/sbin/syspatch` for syspatch

These patches will have to be reapplied after each sysupgrade run.

I2P

If you have a client with i2p proxy enabled, you can reach the following address to download installers or sets.

OpenBSD mirror address over I2P

If you want to install or update your packages from i2p, install i2pd with `pkg_add i2pd`, edit the file `/etc/i2pd/i2pd.conf` to set `notransit = true` except if you want to act as an i2p relay (high cpu/bandwidth consumption).

Replace the file `/etc/i2pd/tunnels.conf` by the following content (or adapt your current tunnels.conf if you configured it earlier):

[MIRROR]
type = client
address = 127.0.0.1
port = 8080
destination = 2st32tfsqjnvnmnmy3e5o5y5hphtgt4b2letuebyv75ohn2w5umq.b32.i2p
destinationport = 8081
keys = mirror.dat

Now, enable and start i2pd with `rcctl enable i2pd && rcctl start i2pd`.

After a few minutes to let i2pd establish tunnels, you should be able to browse the mirror over i2p using the address `http://127.0.0.1:8080/`. You can configure the port 8080 to another you prefer by modifying the file `tunnels.conf`.

You can use the address `http://127.0.0.1:8080/pub/OpenBSD/` in `/etc/installurl` to automatically use the I2P mirror for installing/updating packages, or keeping your system up to date with syspatch/sysupgrade.

Conclusion

There were no method to download OpenBSD files over Tor and I2P for people really needing it, it is now a thing.

If you encounter issues with the service, please let me know.