Hi,
So yes I had obfs4 installed. I accidentally set it to the same port as tor without relazing, silly me. Here is my new torrc:
Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8081 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
I am wanting to limit to 50GB per month to avoid being overcharged. Would this do that? Thanks. --Keifer
On Thu, Feb 23, 2023 at 4:43 AM gus gus@torproject.org wrote:
Hi Keifer,
You can't use the same port.
Here is a simple example:
BridgeRelay 1 ORPort 56331 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:53333 ExtORPort auto ContactInfo keiferdodderblyyatgmaildoddercom Log notice file /var/log/tor/notices.log BridgeDistribution email Nickname gbridge AccountingStart day 12:00 AccountingMax 50 GB
Example: Let's say you want to allow 50 GB of traffic every day in each direction and the accounting should reset at noon each day:
For more details about AccountinMax, see this Support doc: https://support.torproject.org/relay-operators/limit-total-bandwidth/
Did you also install obfs4proxy package? Because on Metrics it says that your bridge don't have any 'transport protocol'.
cheers, Gus
On Tue, Feb 21, 2023 at 08:23:44AM -0800, Keifer Bly wrote:
Ok, changed to port 8080 and upped my allowed traffic a bit:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Yes, I have limited bandwidth I can give so as to avoid being massively charged for traffic. Perhaps there is a way to set tor to only allow traffic with a small connection? Thanks.
--Keifer
On Tue, Feb 21, 2023 at 1:29 AM trinity pointard <
trinity.pointard@gmail.com>
wrote:
And the reason why it's on port 443 is so as to be on a port that's
not
likely blocked by network administrators.
That might be useful for the ORPort of a relay, and for the obfs4 port of a bridge, but not for the ORPort of a bridge. Clients are not supposed to connect to it. The only reason it's exposed is because the bridge authority still requires it to verify the bridge is reachable. See https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. You are better of using 443 for the ServerTransportListenAddr, and some high port for ORPort.
On Tue, 21 Feb 2023 at 03:05, Keifer Bly keifer.bly@gmail.com wrote:
Well,
So I just changed my torrc to this:
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Trying to avoid being charged a huge amount for traffic as these VPS
providers can be ridiculous when it comes to that, which is why it was
set
to so little. Ran killall -HUP tor to reload it and see that happens
in the
next day or so. And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators. Thank you.
--Keifer
On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
trinity.pointard@gmail.com> wrote:
Hi,
Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy.
At
5GB per month, you'd be providing a steady 16kbps over the month,
or a
single mbps for little over 11 hours. That's very little, if you
can't
have more bandwidth (by using a provider with no bandwidth
accounting,
or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism.
Are you sure your bridge is reachable? Bridgestrap reports suggest
it
isn't.
As the bridge operator, you should know its bridge line. Can you
test
it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism.
It might also explain why it would be considered blocked in Russia:
if
it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port
that's
less likely to be scanned.
Regards, trinity-1686a
On Mon, 20 Feb 2023 at 21:29, Keifer Bly keifer.bly@gmail.com
wrote:
Where in the torrc file would I set it to any? I am looking for a
way
to run a bridge without being charged a huge amount of money for it,
and I
was curious how it would have been detected by Russia if noone had
used the
bridge there? Thanks.
--Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote: > > On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: > > Ok. Here is the torrc file: > > > > GNU nano 3.2 /etc/tor/torrc > > > > > > Nickname gbridge > > ORPort 443 > > SocksPort 0 > > BridgeRelay 1 > > PublishServerDescriptor bridge > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > ExtOrPort auto > > Log notice file /var/log/tor/notices.log > > ExitPolicy reject *:* > > AccountingMax 5 GB > > ContactInfo keiferdodderblyyatgmaildoddercom > > > > > > Where in this torrc file is that configured? > Then set it to 'any' and wait 24-48 hours to see what happens.
Maybe
there was
> an error in the db. > > If your bridge is still not distributed, it could be due to the
outdated
> obfs4proxy or because of 'AccountingMax 5 GB'. > Sorry but, 5 GB is a 'fart in the wind' the accounting period
would
only be a
> few hours a month. It's not even worth distributing them because
it
would only
> frustrate the users. > > > And how would it be blocked in > > Russia already if it hasn't even been used? > Why should this new feature of the bridgedb, more precisely the
rdsys backend,
> have anything to do with whether someone uses a bridge? This is a
bridgedb
> distribution method introduced by meskio. > > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you
freedom!_______________________________________________
> tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- The Tor Project Community Team Lead _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays