IPFS daemon behind (corporate) firewall

[pyhedgehog]

I'm not sure that this is not implemented already, in this case this should be seen as request for documentation. :-)

I want to run ipfs node (at least to cache accessed entries) on computer in LAN that has no direct access to internet (no inbound connections at all, outbound connection only via restrictive proxy - ports 80 and 443 only). I have several options to connect outside available:

1. Mentioned restrictive http proxy.
2. Tor (socks and privoxy).
3. Socks via ssh tunnel to home computer (via tor).

How should I configure ipfs to work in such environment?

[RichardLitt]

Hi @pyhedgehog, thanks! This is a good question. It may belong in ipfs/faq or in ipfs/support. Could you reopen it there?

[pyhedgehog]

There are already exists ipfs-inactive/support#32 and ipfs-inactive/faq#185
But first of them stay unanswered for almost half a year!
So once again - my question if it's supported at all?

[RichardLitt]

I pinged some people on IRC. Let's get an answer for you sooner. Thanks.

[RichardLitt]

@pyhedgehog There's been some response over on ipfs-inactive/support#32. For now, I would direct you there. We're also trying out ipfs.trydiscourse.com - this would be a great place to put your question, actually, as a lot of the devs are looking at it at the moment.

For now, closing this issue. Thanks.

[pyhedgehog]

@RichardLitt, there are not meaningful response in ipfs-inactive/support#32.

1. "ipfs does not use http"? http proxy has CONNECT method.
2. What about socks configuration? How it should be done? What will be correct format in place of /ipv4/127.0.0.1/tcp/9050/socks/longandunmemorizablename.onion/QmNODEID?
3. What about tor bootstrap?

[RichardLitt]

@pyhedgehog I hear you. Thanks for posting those questions there; I hope we're able to answer those for you (I would, of course, if I knew the answers. I don't.)

Either way, though, this repository is not the right place to ask these questions.

[pyhedgehog]

I've copied questions to support repository.

[GitDoggo]

Why is this issue closed? Do we have a way to go around proxys?
If I follow the links it's "Issue moved to [there]" > "Issue moved to [there]" > This page which gives no additionnal information.

Is the answer basically "it doesn't interfere with proxy"? Because it's what I managed to understand from the issues, but it's not true.

[Stebalien]

@GitDoggo we've moved support questions/discussions to the forums. However, it looks like this was also a feature request (socks proxy support).

I've filed an issue (libp2p/go-libp2p#286). For now, the only solution is to handle this outside of ipfs. There are VPN-like tools that will tunnel all OS traffic through a socks proxy (e.g., https://code.google.com/archive/p/badvpn/wikis/tun2socks.wiki). However, I can't find any good, mature ones (although they must exist somewhere).

[GitDoggo]

@Stebalien Thanks for your answer.
But sadly, VPN-like tools are blocked by my company proxy (Anonymizing Utilities), I could be in big trouble for using them, and I assume it's the same for most companies.

[Stebalien]

This would be a "vpn-like" tool that would route all traffic through the corporate (socks) proxy so I doubt they'd have an issue with it. Basically, instead of configuring each application to use the proxy independently, you'd configure the the OS itself to use the proxy.