-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 18/03/2014 7:59 PM, James Valleroy wrote:
Do you see any vulnerabilities, attacks, or risks with the current configuration, and are there any changes that you would recommend?
[1] https://wiki.debian.org/FreedomBox [2] https://www.torproject.org/docs/bridges#RunningABridge
If you're going to be running these as bridges, it seems to make sense to include obfsproxy support, probably with obfs3 and scramblesuit [0] enabled right off the bat.
Note that scramblesuit requires tor 0.2.5.1 or higher [1], and obfsproxy should be at 0.2.7 or higher [3].
Lines to add to the torrc: 1. ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed ([0]) 2. ServerTransportListenAddr obfs3 0.0.0.0:<port number> (if you want to preset your obfs3 port, will be random otherwise) ([3]) 3. ServerTransportListenAddr scramblesuit 0.0.0.0:<port number> (if you want to preset your scramblesuit port, will be random otherwise) ([3]) 4. ExtORPort auto (used internally between tor and obfsproxy, does not need to be forwarded externally, so auto should be fine) ([4])
If I'm giving bad advice, somebody please speak up to correct me!
-Lance
[0] https://lists.torproject.org/pipermail/tor-relays/2014-February/003886.html [1] https://lists.torproject.org/pipermail/tor-relays/2014-February/003898.html [2] https://lists.torproject.org/pipermail/tor-relays/2014-March/004074.html [3] https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en [4] https://lists.torproject.org/pipermail/tor-relays/2014-February/003962.html