Thanks for your answer. Your instructions were good and explicit, but you hit on two of the problems I run into. I installed tor 0.2.5.11-1 from torproject.org and got two error messages that I couldn't solve. I would have to go back and re-install 0.2.5.11-1 to tell you what they were. In any case they weren't configuration problems. I had pretty much the same problem months ago when I installed a tor 0.2.5.x on Pi. Which leads me to want to use a raspbian repo. only I am unable to get /etc/apt/sources.list to recognize http://archive.raspbian.org/raspbian/pool/main/t/tor/ (or variations thereof) as a repository. And in my main raspian repo tor doesn't go any higher than 0.2.4.26 . So simply updating tor does not work. How do I add http://archive.raspbian.org/raspbian/pool/main/t/tor/ http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/ as one or more alternative repositories or force an install? Thanks, J. Chase
tor-relays-request@lists.torproject.org:
Message: 4 Date: Sun, 29 Mar 2015 00:19:14 +0200 From: s7r s7r@sky-ip.org To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Installing obfs4 on Raspberry Pi bridge Message-ID: 551728E2.4030705@sky-ip.org Content-Type: text/plain; charset=windows-1252
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
obfs4 will not run on 0.2.4.x , you need at least 0.2.5.x or 0.2.6.x
First, upgrade your Tor.
You can use torproject.org repositories. If you are running wheezy:
- Add the repository:
# echo "deb http://deb.torproject.org/torproject.org wheezy main" >> /etc/apt/sources.list
- Add the signing key:
# gpg --keyserver keys.gnupg.net --recv 886DDD89; gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add ?
- Install keyring:
# apt-get update && apt-get -y install deb.torproject.org-keyring
Now upgrade your Tor, an apt-get -y install tor would upgrade to 0.2.5.1
You can install obfs4proxy from deb.torproject.org too:
# echo "deb http://deb.torproject.org/torproject.org obfs4proxy main"
/etc/apt/sources.list
# apt-get update && apt-get -y install obfs4proxy
Now, modify your torrc to enable the obfs4 transport. Make sure you also add ExtORPort auto in torrc so it will report some useful statistics. obfs4proxy also supports obfs3, and some users still use that, so if you can be an obfs3 and obfs4 bridge at the same time (requires just one more open port) it would be great.
Sample torrc entry for enabling obfs4 and obfs3: ExtORPort auto ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs3 [::]:port ServerTransportListenAddr obfs4 [::]:port
To make the bridge even better, you can bind obfs3 and obfs4 to lower ports (< 1024), if you have them free, such as obfs3 on 80 and obfs4 on 443 (for example). This will help users behind really restrictive firewalls who only allow connections on few ports. You can easily do this with libcap2-bin package:
# apt-get -y install libcap2-bin # setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
To make this persistent after a reboot, edit the /etc/rc.local file and add this line before 'exit 0': setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
Hope this helps. If you don't want to use deb.torproject.org, everything required is also included in raspbian main repo:
http://archive.raspbian.org/raspbian/pool/main/t/tor/ http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/
If you want to use raspbian repo, simply ignore the lines where you add deb.torproject.org to your sources.list file and just upgrade, install the required packages and modify your torrc file.
Thanks for running a bridge.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
J - those links are for reference only. They cannot be added in sources.list file because they are not valid repository strings.
Here is what I've learned so far. If you are on Raspberry Pi B/B+ (ARMv6 CPU) you will not be fully compatible with armhf architecture from Debian Wheezy / Raspbian Wheezy because that requires at least ARMv7 CPU. Raspberry Pi 2 has an ARMv7 CPU quad core @ 900 Mhz which should be fully compatible with armhf. For previous Raspberry models, some armhf packages for wheezy might work, some not.
True, by default from Raspbian repo, apt-get will install Tor 0.2.4.26.
I was able to manually get the .deb of Tor 0.2.5.11 and install it, and it works good, no errors:
# cd ~/ && wget http://archive.raspbian.org/raspbian/pool/main/t/tor/tor_0.2.5.11-1_armh f.deb # sudo dpkg -i tor_0.2.5.11-1_armhf.deb
- -press N to keep your current torrc file when prompted-
The obfs4proxy package in Raspbian main repo is borken. I could not install it, there is no .deb there.
We currently do not have armhf or armel packages for obfs4proxy in deb.torproject.org, but Yawning (CC'ed) will let us know when he has time how we can build obfs4proxy from git on Raspbian.
On 3/29/2015 10:31 PM, jchase wrote:
Thanks for your answer. Your instructions were good and explicit, but you hit on two of the problems I run into. I installed tor 0.2.5.11-1 from torproject.org and got two error messages that I couldn't solve. I would have to go back and re-install 0.2.5.11-1 to tell you what they were. In any case they weren't configuration problems. I had pretty much the same problem months ago when I installed a tor 0.2.5.x on Pi. Which leads me to want to use a raspbian repo. only I am unable to get /etc/apt/sources.list to recognize http://archive.raspbian.org/raspbian/pool/main/t/tor/ (or variations thereof) as a repository. And in my main raspian repo tor doesn't go any higher than 0.2.4.26 . So simply updating tor does not work. How do I add http://archive.raspbian.org/raspbian/pool/main/t/tor/ http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/ as one or more alternative repositories or force an install? Thanks, J. Chase
tor-relays-request@lists.torproject.org:
Message: 4 Date: Sun, 29 Mar 2015 00:19:14 +0200 From: s7r s7r@sky-ip.org To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Installing obfs4 on Raspberry Pi bridge Message-ID: 551728E2.4030705@sky-ip.org Content-Type: text/plain; charset=windows-1252
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
obfs4 will not run on 0.2.4.x , you need at least 0.2.5.x or 0.2.6.x
First, upgrade your Tor.
You can use torproject.org repositories. If you are running wheezy:
- Add the repository: # echo "deb
http://deb.torproject.org/torproject.org wheezy main" >> /etc/apt/sources.list
- Add the signing key: # gpg --keyserver keys.gnupg.net --recv
886DDD89; gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add ?
- Install keyring: # apt-get update && apt-get -y install
deb.torproject.org-keyring
Now upgrade your Tor, an apt-get -y install tor would upgrade to 0.2.5.1 1.
You can install obfs4proxy from deb.torproject.org too:
# echo "deb http://deb.torproject.org/torproject.org obfs4proxy main"
/etc/apt/sources.list
# apt-get update && apt-get -y install obfs4proxy
Now, modify your torrc to enable the obfs4 transport. Make sure you also add ExtORPort auto in torrc so it will report some useful statistics. obfs4proxy also supports obfs3, and some users still use that, so if you can be an obfs3 and obfs4 bridge at the same time (requires just one more open port) it would be great.
Sample torrc entry for enabling obfs4 and obfs3: ExtORPort auto ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs3 [::]:port ServerTransportListenAddr obfs4 [::]:port
To make the bridge even better, you can bind obfs3 and obfs4 to lower ports (< 1024), if you have them free, such as obfs3 on 80 and obfs4 on 443 (for example). This will help users behind really restrictive firewalls who only allow connections on few ports. You can easily do this with libcap2-bin package:
# apt-get -y install libcap2-bin # setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
To make this persistent after a reboot, edit the /etc/rc.local file and add this line before 'exit 0': setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
Hope this helps. If you don't want to use deb.torproject.org, everything required is also included in raspbian main repo:
http://archive.raspbian.org/raspbian/pool/main/t/tor/ http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/
If you want to use raspbian repo, simply ignore the lines where you add deb.torproject.org to your sources.list file and just upgrade, install the required packages and modify your torrc file.
Thanks for running a bridge.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, 30 Mar 2015 01:02:25 +0300 s7r s7r@sky-ip.org wrote:
We currently do not have armhf or armel packages for obfs4proxy in deb.torproject.org, but Yawning (CC'ed) will let us know when he has time how we can build obfs4proxy from git on Raspbian.
Hmm, wonder why there aren't new packages. IIRC there were issues with building the debian ones on their arm build environment a while ago due to some of the unit tests taking too long and timing out, but I though I worked around that. If it's the same issue, maybe I should skip some of the time consuming tests entirely on ARM....
Assuming you can get a go compiler on the board the normal manual build instructions should work
$ go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy $ sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin
But naturally you lose the benefits of package management.
Regards,
After months of trying to figure out where the bottleneck in my relay is (I'm on gigabit down/up connection, but relay won't push more than 10mbps), I was poking through my NVG589 router's NAT Table and noticed
Total sessions available 2560 Total sessions in use 2048
Followed by a table containing almost entirely tor connections.
As far as I know, there is no way to increase the total sessions available. AT&T will not allow me to purchase my own router, so it looks like my only hope is to wait for AT&T to push out the NVG599 (which I was told was coming a month ago.)
Do any current relay operators have an NVG599? If so, could you check and see if it has a similarly low limit on total sessions (Diagnostics -> NAT Table in the NVG589). I've tried searching for this spec but it doesn't appear to even be in the user manual.
tor-relays@lists.torproject.org
-
James Murphy -
jchase -
s7r -
Yawning Angel