Hey again all, got another one for you. When we've started adding bridges to the network, they send a warning "Publishing server descriptor to directory authorities of type 'Bridge', but no authorities of that type listed!"
Not sure how to have a directory authority as a bridge type given that if you set BridgeRelay 1 on an authority it drops the DirPort and just becomes a bridge relay.
How does one list an authority as a bridge type?
Nicholas R. Parker Rochester Institute of Technology 5thYear, BS/MS Computing Security
On 11 May 2016, at 12:38, Nicholas R. Parker (RIT Student) nrp7859@rit.edu wrote:
Hey again all, got another one for you. When we've started adding bridges to the network, they send a warning "Publishing server descriptor to directory authorities of type 'Bridge', but no authorities of that type listed!"
Not sure how to have a directory authority as a bridge type given that if you set BridgeRelay 1 on an authority it drops the DirPort and just becomes a bridge relay.
How does one list an authority as a bridge type?
Have you read the entries about bridge authorities in the tor manual page? https://www.torproject.org/docs/tor-manual.html.en
GENERAL OPTIONS
AlternateBridgeAuthority [nickname] [flags] address:port fingerprint These options behave as DirAuthority, but they replace fewer of the default directory authorities. Using AlternateDirAuthority replaces the default Tor directory authorities, but leaves the default bridge authorities in place. Similarly, AlternateBridgeAuthority replaces the default bridge authority, but leaves the directory authorities alone.
DIRECTORY AUTHORITY SERVER OPTIONS
BridgeAuthoritativeDir 0|1 When this option is set in addition to AuthoritativeDirectory, Tor accepts and serves server descriptors, but it caches and serves the main networkstatus documents rather than generating its own. (Default: 0)
SERVER OPTIONS
BridgeRelay 0|1 Sets the relay to act as a "bridge" with respect to relaying connections from bridge users to the Tor network. It mainly causes Tor to publish a server descriptor to the bridge database, rather than to the public directory authorities.
CLIENT OPTIONS
Bridge [transport] IP:ORPort [fingerprint] When set along with UseBridges, instructs Tor to use the relay at "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint" is provided (using the same format as for DirAuthority), we will verify that the relay running at that location has the right fingerprint. We also use fingerprint to look up the bridge descriptor at the bridge authority, if it's provided and if UpdateBridgesFromAuthority is set too.
If "transport" is provided, and matches to a ClientTransportPlugin line, we use that pluggable transports proxy to transfer data to the bridge.
UseBridges 0|1 When set, Tor will fetch descriptors for each bridge listed in the "Bridge" config lines, and use these relays as both entry guards and directory guards. (Default: 0)
If you need more detail, I'd encourage you to read the other tor manual entires about Bridges, or feel free to ask questions about particular entries.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
On 11 May 2016, at 12:49, Tim Wilson-Brown - teor teor2345@gmail.com wrote:
On 11 May 2016, at 12:38, Nicholas R. Parker (RIT Student) nrp7859@rit.edu wrote:
Hey again all, got another one for you. When we've started adding bridges to the network, they send a warning "Publishing server descriptor to directory authorities of type 'Bridge', but no authorities of that type listed!"
Not sure how to have a directory authority as a bridge type given that if you set BridgeRelay 1 on an authority it drops the DirPort and just becomes a bridge relay.
How does one list an authority as a bridge type?
Have you read the entries about bridge authorities in the tor manual page? https://www.torproject.org/docs/tor-manual.html.en
GENERAL OPTIONS
AlternateBridgeAuthority [nickname] [flags] address:port fingerprint These options behave as DirAuthority, but they replace fewer of the default directory authorities. Using AlternateDirAuthority replaces the default Tor directory authorities, but leaves the default bridge authorities in place. Similarly, AlternateBridgeAuthority replaces the default bridge authority, but leaves the directory authorities alone.
Hmm, and you might want this one with the bridge flag:
DirAuthority [nickname] [flags] address:port fingerprint Use a nonstandard authoritative directory server at the provided address and port, with the specified key fingerprint. This option can be repeated many times, for multiple authoritative directory servers. Flags are separated by spaces, and determine what kind of an authority this directory is. By default, an authority is not authoritative for any directory style or version unless an appropriate flag is given. Tor will use this authority as a bridge authoritative directory if the "bridge" flag is set. If a flag "orport=port" is given, Tor will use the given port when opening encrypted tunnels to the dirserver. If a flag "weight=num" is given, then the directory server is chosen randomly with probability proportional to that weight (default 1.0). Lastly, if a flag "v3ident=fp" is given, the dirserver is a v3 directory authority whose v3 long-term signing key has the fingerprint fp.
If no DirAuthority line is given, Tor will use the default directory authorities. NOTE: this option is intended for setting up a private Tor network with its own directory authorities. If you use it, you will be distinguishable from other users, because you won't believe the same authorities they do.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
-
Nicholas R. Parker (RIT Student) -
Tim Wilson-Brown - teor