Quoth Steve Snyder swsnyder@snydernet.net, on 2013-04-16 15:53:14 -0400:
obfs3 won't build/run on RHEL6/CentOS6 due to the Python 2.7.x (plus many, many subpackages) requirement. Replacing the installed Python v2.6.x will break your system. Installing to an alternate location (download, ./configure, make altinstall) and editing /usr/bin/obfsproxy isn't enough as the subpackages are all still installed beneath /usr/lib/python2.6/.
Indeed.
I tend to run my server-y machines on CentOS 6 at the moment, and I was going to try to spin up an obfs3 proxy on one of them, but the Python 2.7 dependency steamrolls that plan. Curiously, if it needed Python 3, I would be more amenable to it, both since the major version change means upstreams are likely to make sure parallel installation works, and because I'm interested in increased Python 3 adoption anyway.
I am not really inclined to do any of:
- try to have both a distribution and an out-of-distribution Python 2 installed in parallel;
- bypass declared installation requirements, use 2.6.6, and blindly hope that it won't result in some awful subtle bug;
- allocate additional money and tracking resources to fooling around with Amazon (eating my free usage quota and then likely causing me to drop the bridge after a year anyway, which is exactly what you _didn't_ want) when I have perfectly good spare computing power already;
- try to figure out how to retrieve the "Tor Cloud" image and/or convert it into something I can use outside of Amazon's service.
I also ran into the following:
- I'd like to examine the obfsproxy source code out of curiosity to see how it's likely to interact with my other network services. The only thing that looks like a source link on [1] points me to installation instructions of the form "now, here's how to vomit all the files somewhere on your system using pip, which you already have because you're about to install it on this very machine, right?". Where's the beef^Wtarball? Hell if I know without spending a lot of energy on it.
[1] https://www.torproject.org//projects/obfsproxy.html.en
- What's the way to make this play nicely if all the "common" encrypted-connection ports (particularly 443/tcp) are already bound to their "usual" services on this IP address? Does that exist? What requirements are there for what the service "looks like" to the outside for the obfs3 usage to actually be effective? I can't easily tell.
For me, this is "oh, well", but if you want more deployed obfuscated bridges, there might be other people running into the same things.
---> Drake Wilson