Skip to content

Security tips

Tor

Force Tor routing on monero traffic from RetoSwap:

Syncing your monero wallet is using clearnet by default (transactions are broadcasted over Tor). If you want to do it over Tor to keep your complete haveno/monero traffic private: Edit your haveno.properties file located at {haveno-reto-path}/haveno.properties and add
--useTorForXmr=ON in a new line (--useTorForXmr=AFTER_SYNC is the default arg) This setting is also in the GUI in the tab Settings -> NETWORK INFO.

Use RetoSwap with Tor running as a system process in background

Be sure to use in your tor configuration file:

PidFile {haveno-reto-path}/xmr_mainnet/tor/pid # Only on Linux
DataDirectory {haveno-reto-path}/xmr_mainnet/tor/
GeoIPFile {haveno-reto-path}/xmr_mainnet/tor/geoip
GeoIPv6File {haveno-reto-path}/xmr_mainnet/tor/geoip6
CookieAuthFile {haveno-reto-path}/xmr_mainnet/tor/.tor/control_auth_cookie
RunAsDaemon 1
AvoidDiskWrites 1
CookieAuthentication 1
ControlPort 9051
SOCKSPort 9050

And in your haveno.properties file:

torControlUseSafeCookieAuth 1
useTorForXmr=ON
torControlCookieFile={haveno-reto-path}/xmr_mainnet/tor/.tor/control_auth_cookie
torControlPort=9051
socks5ProxyXmrAddress=127.0.0.1:9050

Now you can start Tor in first and then RetoSwap, the client will securely control Tor for all it's needs.

Install and use RetoSwap on TailsOS

$ curl -fsSLO https://github.com/retoaccess1/haveno-reto/raw/master/scripts/install_tails/haveno-install.sh && bash haveno-install.sh https://github.com/retoaccess1/haveno-reto/releases/download/v(last-version)/haveno-linux-deb.zip <DAA24D878B8D36C90120A897CA02DAC12DAE2D0F>

To update your TailsOS Retoswap client, just run again this command and be sure you put the last version link.

Monero wallet

You can set a wallet password for protecting access of your funds Image

Monero node

Use a custom node on RetoSwap

Add in your haveno.properties file:

xmrNode=http://{IPv4/6, DNS, Tor hidden-service}:18081
If your node haves RPC authentication, add:
xmrNodeUsername={username}
xmrNodePassword={password}
If the connection to the monero node is LAN based or inside a virtual/private network, make sure to add:
useTorForXmr=OFF
If the monero node is a Tor hidden-service:
useTorForXmr=ON

Run a monero node using Tor

Tor config

Edit your existing Tor config and add:

SocksPort 9052 OnionTrafficOnly IsolateDestAddr
HiddenServiceDir {/path/to/hidden-service}
HiddenServicePort 18083 127.0.0.1:18083
HiddenServicePort 18081 127.0.0.1:18081
HiddenServiceEnableIntroDoSDefense 1
HiddenServiceEnableIntroDoSRatePerSec 10
HiddenServiceEnableIntroDoSBurstPerSec 20
HiddenServicePoWDefensesEnabled 1
HiddenServicePoWQueueRate 5
HiddenServicePoWQueueBurst 10
HiddenServiceMaxStreams 1000
HiddenServiceMaxStreamsCloseCircuit 1
Start and stop Tor, now your hidden-service will be available at /path/to/hidden-service/hostname (it's a text-file)

Monero node config

Get the last monero-cli version and in bitmonero.conf add:

rpc-bind-ip=127.0.0.1
rpc-bind-port=18081
rpc-login=username:password
anonymous-inbound="yourhiddenservice.onion":18083,127.0.0.1:18083,25
tx-proxy=tor,127.0.0.1:9052,10
Now your monero node will be accessible from the Tor network for your wallet at: yourhiddenservice.onion:18081