Dmitrii Tcvetkov wrote:
On Thu, 28 Mar 2019 17:08:38 +0000 Marek Szuba scriptkiddie@wp.pl wrote:
Anyway, here is my logic. In order to operate properly, my bridge must have its ORPort reachable from the Internet.
I might be wrong, but I got impression that if bridge is using pluggable transports (obfs3, obfs4, meek, snowflake, etc) then ORPort is only useful for bridge authority and users which want to use the bridge without pluggable transports. Communication between pluggable transport and Tor process is going via ExtORPort which isn't public by default (binds to localhost). Clients connect to pluggable transport port and their traffic is obufscated by the transport.
Since your bridge is private then bridge authority is none of your concerns. In that case you need ORPort reachable only if you have bridge clients which use bridge without pluggable transports.
This works for me:
AssumeReachable 1 PublishServerDescriptor 0 ORPort PUBLIC-IP:2345 NoListen ORPort 127.0.0.1:2345 NoAdvertise ExtORPort 127.0.0.1:3456 # you can try auto ServerTransportListenAddr obfs4 PUBLIC-IP:4567 ServerTransportPlugin obfs4 exec /path/to/obfs4proxy