My bridge styxVortex is up and running. I know this because the Nyx monitor shows activity. However, a search of metrics.torproject.org shows it down. It has been in this state for at least a month. Do you have any suggestions of what could be the possible cause of this?
I am using pfblockerng on my network, but the machine that is running Tor bridge is not filtered by it. I do have a couple of TOR feed enabled in pfblockerng but only incoming traffic is filtered.
I have no idea how the bridge stats are passed to metrics.torproject.org so it is very challenging for me to tamp down on the cause. Any suggestion, at this point, will be helpful.
Sent with [Proton Mail](https://proton.me/) secure email.
Hi,
There are some issues[1][2] with the status indicator on Metrics for bridges.
That said, I tested your bridge with bridgestrap[3], and it tells me:
Bridge ED3B1CBDEFAB89B6546B77984076969DDD19DDB7 advertises:
* obfs4: dysfunctional Error: timed out waiting for bridge descriptor Last tested: 2023-09-05 16:00:16.040172317 +0000 UTC (15h18m32.726072356s ago)
Have you tried to connect to your own bridge and see if it works? Here is how you build your obfs4 bridge line (note: it's your bridge fingerprint and not your hashed bridge fingerprint): https://community.torproject.org/relay/setup/bridge/post-install/
Which obfs4 port are you using? Can you check if it's externally reachable? Here is how you can test it: https://bridges.torproject.org/scan/
cheers, Gus
[1] https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/112 [2] Blocking ORPort https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129 [3] https://bridges.torproject.org/status?id=ED3B1CBDEFAB89B6546B77984076969DDD1...
On Wed, Sep 06, 2023 at 02:27:07AM +0000, BridgeOverStyx via tor-relays wrote:
My bridge styxVortex is up and running. I know this because the Nyx monitor shows activity. However, a search of metrics.torproject.org shows it down. It has been in this state for at least a month. Do you have any suggestions of what could be the possible cause of this?
I am using pfblockerng on my network, but the machine that is running Tor bridge is not filtered by it. I do have a couple of TOR feed enabled in pfblockerng but only incoming traffic is filtered.
I have no idea how the bridge stats are passed to metrics.torproject.org so it is very challenging for me to tamp down on the cause. Any suggestion, at this point, will be helpful.
Sent with [Proton Mail](https://proton.me/) secure email.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
On 06.09.23 09:25, gus wrote:
Have you tried to connect to your own bridge and see if it works? Here is how you build your obfs4 bridge line (note: it's your bridge fingerprint and not your hashed bridge fingerprint): https://community.torproject.org/relay/setup/bridge/post-install/
there seems to be a mismatch between the description linked above and the Tor browser UI to manually add a Tor bridge: If one starts the Tor browser, click on "Configure Tor connections" and then on "Add a Bridge Manually" (seems to be the only possibility to test your own Bridge directly in the Tor browser), there is only the option to provide the bridge's IP address and the obfs4 port, but not, as mentioned in the description linked above the fingerprint and the obfs4 certificate. When I try to add the fingerprint and the obfs4 certificate of my bridges, no connection is established.
So, where is the advantage on additionally providing the fingerprint and the obfs4 certificate when connecting to Tor (I can imagine that it has something to do with authenticity)? And how can one do that using the Tor software respectively the Tor browser bundle?
Kind regards telekobold
Hi,
On Wed, Sep 06, 2023 at 09:11:02PM +0200, telekobold wrote:
Hi,
On 06.09.23 09:25, gus wrote:
Have you tried to connect to your own bridge and see if it works? Here is how you build your obfs4 bridge line (note: it's your bridge fingerprint and not your hashed bridge fingerprint): https://community.torproject.org/relay/setup/bridge/post-install/
there seems to be a mismatch between the description linked above and the Tor browser UI to manually add a Tor bridge: If one starts the Tor browser, click on "Configure Tor connections" and then on "Add a Bridge Manually" (seems to be the only possibility to test your own Bridge directly in the Tor browser), there is only the option to provide the bridge's IP address and the obfs4 port, but not, as mentioned in the description linked above the fingerprint and the obfs4 certificate. When I try to add the fingerprint and the obfs4 certificate of my bridges, no connection is established.
Yes, there is a mismatch in Tor Browser UI. See these tickets:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40552
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41913
So, where is the advantage on additionally providing the fingerprint and the obfs4 certificate when connecting to Tor (I can imagine that it has something to do with authenticity)? And how can one do that using the Tor software respectively the Tor browser bundle?
If you add just IP:ORPort (**ORPort** and not the OBFS4 Port) you have a "vanilla" Tor bridge: a bridge that doesn't obfuscate your Tor traffic. So it may not work in countries/ISPs doing DPI. To use your own obfs4 bridge, you need to build the "complete bridge line"[1].
cheers, Gus [1] https://gitlab.torproject.org/tpo/web/manual/-/issues/130
Hi gus,
On 06.09.23 21:27, gus wrote:
If you add just IP:ORPort (**ORPort** and not the OBFS4 Port) you have a "vanilla" Tor bridge: a bridge that doesn't obfuscate your Tor traffic. So it may not work in countries/ISPs doing DPI. To use your own obfs4 bridge, you need to build the "complete bridge line"[1].
cheers, Gus [1] https://gitlab.torproject.org/tpo/web/manual/-/issues/130
thank you for the clarification! To be honest, I indeed confused "ORPort" and "obfs4port" for a moment.
Kind regards telekobold
What is the "complete" bridge line?
Sent from Proton Mail mobile
-------- Original Message -------- On Sep 7, 2023, 6:28 AM, telekobold wrote:
Hi gus, On 06.09.23 21:27, gus wrote: > If you add just IP:ORPort (**ORPort** and not the OBFS4 Port) you have a > "vanilla" Tor bridge: a bridge that doesn't obfuscate your Tor traffic. > So it may not work in countries/ISPs doing DPI. > To use your own obfs4 bridge, you need to build the "complete bridge line"[1]. > > cheers, > Gus > [1] https://gitlab.torproject.org/tpo/web/manual/-/issues/130 thank you for the clarification! To be honest, I indeed confused "ORPort" and "obfs4port" for a moment. Kind regards telekobold _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 07.09.23 12:43, Anonforpeace via tor-relays wrote:
What is the "complete" bridge line?
Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=<CERTIFICATE> iat-mode=0
where PORT is the obfs4 port, not the ORPort. (When using IPv6, <IP ADDRESS> must be in []).
See also https://community.torproject.org/relay/setup/bridge/post-install/
Ok good I have those in my bridge.
Sent from Proton Mail mobile
-------- Original Message -------- On Sep 7, 2023, 9:22 AM, telekobold wrote:
On 07.09.23 12:43, Anonforpeace via tor-relays wrote: > What is the "complete" bridge line? Bridge obfs4 : cert= iat-mode=0 where PORT is the obfs4 port, not the ORPort. (When using IPv6, must be in []). See also https://community.torproject.org/relay/setup/bridge/post-install/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
So you don't have to dig through the logs: (as root or sudo) ~# cat /var/lib/tor/pt_state/obfs4_bridgeline.txt ~# cat /var/lib/tor/fingerprint
or with multiple instances: ~# cat /var/lib/tor-instances/NN/pt_state/obfs4_bridgeline.txt
So you don't have to dig through the logs: (as root or sudo) ~# cat /var/lib/tor/pt_state/obfs4_bridgeline.txt ~# cat /var/lib/tor/fingerprint
or with multiple instances: ~# cat /var/lib/tor-instances/NN/pt_state/obfs4_bridgeline.txt
Or when running obfs4 in docker: docker exec `docker ps -aqf "name=obfs4"` get-bridge-line
tor-relays@lists.torproject.org
-
Anonforpeace -
BridgeOverStyx -
gus -
lists@for-privacy.net -
mailinglistreader@riseup.net -
telekobold