All: What is the status of Bug #7349 - Obfsbridges should be able to "disable" their ORPort? https://bugs.torproject.org/tpo/core/tor/7349 I recently setup a loadbalanced OBFS4 bridge and would prefer not to expose the ORPort to the World. I've noticed that some of the tasks to make this possible have been implemented, but it isn't clear whether everything needed is in place as I receive a bridge/relay down status on metrics.torproject.org when the ORPort isn't exposed to the World. Thank you for your assistance. Respectfully,
Gary— This Message Originated by the Sun. iBigBlue 63W Solar Array (~12 Hour Charge) + 2 x Charmast 26800mAh Power Banks = iPhone XS Max 512GB (~2 Weeks Charged)
Quoting Gary C. New via tor-relays (2022-12-10 04:20:48)
What is the status of Bug #7349 - Obfsbridges should be able to "disable" their ORPort? https://bugs.torproject.org/tpo/core/tor/7349 I recently setup a loadbalanced OBFS4 bridge and would prefer not to expose the ORPort to the World. I've noticed that some of the tasks to make this possible have been implemented, but it isn't clear whether everything needed is in place as I receive a bridge/relay down status on metrics.torproject.org when the ORPort isn't exposed to the World.
We do still need the ORPort reachable. The bridge authority does use that port to check if the bridge is running (marking the 'running' flag to it). We are still using that flag to decide what bridges are distributed, we'll like to revisit that in the future. But for now, please expose the ORPort to the world.
On Friday, December 16, 2022, 8:07:46 AM PST, meskio meskio@torproject.org wrote:
Quoting Gary C. New via tor-relays (2022-12-10 04:20:48)
What is the status of Bug #7349 - Obfsbridges should be able to "disable" their ORPort? https://bugs.torproject.org/tpo/core/tor/7349 I recently setup a loadbalanced OBFS4 bridge and would prefer not to expose the ORPort to the World. I've noticed that some of the tasks to make this possible have been implemented, but it isn't clear whether everything needed is in place as I receive a bridge/relay down status on metrics.torproject.org when the ORPort isn't exposed to the World.
We do still need the ORPort reachable. The bridge authority does use that port to check if the bridge is running (marking the 'running' flag to it). We are still using that flag to decide what bridges are distributed, we'll like to revisit that in the future. But for now, please expose the ORPort to the world.
meskio, Presently, it sounds like security through obscurity (hide the Tor listener on a publicly-facing port, not within nmap's default top-1000 most scanned ports, and among a number of publicly-facing, non-Tor ports with a touch of Snort or Suricata IPS is the best solution for now)? Hopefully, it won't take another 10 years to implement this security request and improve Tor Bridge survival rates. I appreciate the status update of Bug #7349.
BTW... My bridge has been running for about a week. I am able to successfully connect to it manually. When should I expect to see stats for my bridge? Currently, I continue to receive the message "no resources for the given id." Thank you for your assistance. Respectfully,
Gary— This Message Originated by the Sun. iBigBlue 63W Solar Array (~12 Hour Charge) + 2 x Charmast 26800mAh Power Banks = iPhone XS Max 512GB (~2 Weeks Charged)
tor-relays@lists.torproject.org