summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorTim Retout <tim@retout.co.uk>2014-04-20 15:37:27 +0100
committerTim Retout <tim@retout.co.uk>2014-04-20 15:37:27 +0100
commit698a7462be62528ec42eeb7dbc779686e698b50e (patch)
tree803a068626375ccd74423f44beacb8a35609992f /README.md
parent3c2edc4a92bd373d384a9c025c193fe3084e9704 (diff)
Add stream isolation, and document Acquire::tor::proxy
Diffstat (limited to 'README.md')
-rw-r--r--README.md22
1 files changed, 22 insertions, 0 deletions
diff --git a/README.md b/README.md
index 1b39ca6..e06b277 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,28 @@ mirror, you can use that:
deb tor://<long string>.onion/debian unstable main
deb-src tor://<long string>.onion/debian unstable main
+## Configuration
+
+Most users should not need to adjust SOCKS settings.
+
+By default, apt-transport-tor uses the following SOCKS proxy setting, which
+matches the default Tor SOCKS port:
+
+ socks5h://apt:apt@localhost:9050
+
+If you want to use a different port, you can edit the Acquire::tor::proxy
+apt preference:
+
+ Acquire::tor::proxy "socks5h://apt:apt@localhost:9050";
+
+Note the use of a username/password to make use of the default
+IsolateSOCKSAuth Tor setting for stream isolation, which requires bug fixes
+from Tor 0.2.4.19 to work well. This means your apt traffic will be sent
+over a different circuit from your regular Tor traffic.
+
+Although "sock5h://" is put explicitly in these examples, at the moment its
+use is hardcoded (to avoid DNS leaks).
+
## Caveats
Downloading your Debian packages over Tor prevents an attacker who is