Ladies and gentlemen, hello. I come from China, a country that is heavily censored on the internet. Yes, you read that right - this terribly oppressive country. I help those around me maintain internet freedom. Due to the various restrictions imposed by the Great Firewall (GFW), there are very few secure protocols available for us to use. Therefore, we use Tor.
My solution is as follows: I purchased a VPS in Switzerland and another in Canada. I connect to the Canadian VPS using the WireGuard protocol and deploy Tor on the Canadian VPS. My friends connect to my network in China and their traffic is directed to Tor as an exit node. However, I don’t trust the Canadian network, so I use the Swiss WireGuard as an inbound proxy for the Canadian Tor.
Now, here’s the problem: The Canadian VPS has a Debian 11 system whose default user is root. Should I create a regular user for Tor? And secondly, and most importantly, I’m not sure if my /etc/tor/torrc configuration file is secure and reasonable. This is because it concerns the safety of my friends’ lives (freedom of speech is a crime here and can land you in jail. Perhaps this is the most ridiculous age and country in human history). Therefore, I am seeking help from the community and hoping that the community management and developers can provide me with the maximum help and support. Thank you, God bless us all. Amen.
This is my configuration and I can’t be sure if it guarantees security and privacy, please review it.
SocksPort 10.9.6.1:19990 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19991 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19992 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19993 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19994 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19995 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19996 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19997 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19998 IsolateDestAddr IsolateDestPort
SocksPort 10.9.6.1:19999 IsolateDestAddr IsolateDestPort
SOCKSPolicy accept 10.9.6.0/29
SOCKSPolicy reject *
Log notice file /var/log/tor/notices.log