Hi everyone,
BridgeDB is running low on obfs4 bridges and often fails to provide users with three bridges per request. Besides, we recently fixed a BridgeDB issue that could get an obfs4 bridge blocked because of its vanilla bridge descriptor: https://bugs.torproject.org/28655
We therefore want to encourage volunteers to set up new obfs4 bridges to help censored users. Over the last few weeks, we have been improving our obfs4 setup guide which walks you through the process: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
The guide provides instructions for Debian, Ubuntu, CentOS, RHEL, OpenSUSE, FreeBSD, and OpenBSD. If you're running into any issues with the guide, please let us know!
Finally, once you set up an obfs4 bridge, make sure that both your ORPort *and* your obfs4 port are reachable. Tor currently only tests the reachability of its ORPort. We set up a service that allows you to test the reachability of your obfs4 port: https://bridges.torproject.org/scan/
Thanks for keeping the Tor network healthy by running relays and bridges!
Thanks, Philipp
On Thu, Jun 20, 2019 at 12:22:29PM -0700, Philipp Winter wrote:
We therefore want to encourage volunteers to set up new obfs4 bridges to help censored users. Over the last few weeks, we have been improving our obfs4 setup guide which walks you through the process: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
We created a docker image for those who prefer containers over manual installation. First, fetch the docker image:
docker pull phwinter/obfs4-bridge:0.1
Now, you have two options to start the container:
1. You can use the following script to run the container: https://dip.torproject.org/anti-censorship/docker-obfs4-bridge/raw/0fa15ff0e2372238679ad52e8d30ccacbcbd893f/deploy-container.sh It automatically finds an OR port and obfs4 port for you.
2. If you would rather provide your own ports, run the following command:
OR_PORT=XXX PT_PORT=YYY EMAIL=admin@example.com; \ docker run -d \ -e "OR_PORT=$OR_PORT" -e "PT_PORT=$PT_PORT" -e "EMAIL=$EMAIL" \ -p "$OR_PORT":"$OR_PORT" -p "$PT_PORT":"$PT_PORT" \ phwinter/obfs4-bridge:0.1
Replace XXX with your OR port, YYY with your obfs4 port, and admin@example.com with your email address. Don't forget the semicolon after the enrivonment variables.
Your container should now be bootstrapping your new obfs4 Tor bridge.
Cheers, Philipp
Looking at the new, improved instructions for Debian/Ubuntu obfs4 bridges, I am confused by the talk about a fixed obfs4 bridge port. The line to do this is commented out. Does that mean it is optional to give obfs4 a fixed port? If it were a random port, however, I'd need a lot of open ports on my firewall...
TIA,
--Torix
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, July 3, 2019 12:00 AM, Philipp Winter phw@torproject.org wrote:
On Thu, Jun 20, 2019 at 12:22:29PM -0700, Philipp Winter wrote:
We therefore want to encourage volunteers to set up new obfs4 bridges to help censored users. Over the last few weeks, we have been improving our obfs4 setup guide which walks you through the process: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4p...
We created a docker image for those who prefer containers over manual installation. First, fetch the docker image:
docker pull phwinter/obfs4-bridge:0.1
Now, you have two options to start the container:
You can use the following script to run the container: https://dip.torproject.org/anti-censorship/docker-obfs4-bridge/raw/0fa15ff0e... It automatically finds an OR port and obfs4 port for you.
If you would rather provide your own ports, run the following command:
OR_PORT=XXX PT_PORT=YYY EMAIL=admin@example.com; \ docker run -d \ -e "OR_PORT=$OR_PORT" -e "PT_PORT=$PT_PORT" -e "EMAIL=$EMAIL" \ -p "$OR_PORT":"$OR_PORT" -p "$PT_PORT":"$PT_PORT" \ phwinter/obfs4-bridge:0.1
Replace XXX with your OR port, YYY with your obfs4 port, and admin@example.com with your email address. Don't forget the semicolon after the enrivonment variables.
Your container should now be bootstrapping your new obfs4 Tor bridge.
Cheers, Philipp
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, Jul 03, 2019 at 02:09:02AM +0000, torix@protonmail.com wrote:
Looking at the new, improved instructions for Debian/Ubuntu obfs4 bridges, I am confused by the talk about a fixed obfs4 bridge port. The line to do this is commented out. Does that mean it is optional to give obfs4 a fixed port? If it were a random port, however, I'd need a lot of open ports on my firewall...
We recommend to not set ServerTransportListenAddr and keep the "ORPort auto" setting, which makes Tor pick a random OR and obfs4 port for you. These random ports persist across restarts, so you only have to forward them once -- at least as long as you keep your data directory. We don't provide a static port in the sample config because we don't want operators to end up with the same port. If that was the case, censors could scan the IPv4 address space for these ports and block all bridges they find that way.
That said, feel free to choose your own obfs4 port. For example, we could use more bridges whose obfs4 port is 443. Just avoid port 9001 as it's commonly associated with Tor and an attractive target for Internet-wide scanning.
I hope this clears things up a bit.
Cheers, Philipp
While resetting my bridge, I discovered that setting OR Port to auto causes the port not to survive restarts. After the OR Port was randomized, I opened it on my router firewall. Then I restarted the tor service using "sudo service tor restart", and while watching logs I noticed the OR Port was now different, meaning I would need to update my firewall again. Seems better to set a single port and leave it at that, doesn't it?
On Wed, Jul 03, 2019 at 03:45:23PM +0000, nottryingtobelame@protonmail.com wrote:
While resetting my bridge, I discovered that setting OR Port to auto causes the port not to survive restarts. After the OR Port was randomized, I opened it on my router firewall. Then I restarted the tor service using "sudo service tor restart", and while watching logs I noticed the OR Port was now different, meaning I would need to update my firewall again.
You are correct, this was a mistake on my part. For what it's worth, I just filed https://bugs.torproject.org/31103 because of this. Thanks for bringing up this issue!
Seems better to set a single port and leave it at that, doesn't it?
I agree, asking operators to choose their own OR and obfs4 port should cause the least surprise. It also serves as a reminder that both ports need to be reachable for obfs4 to work.
I will update the obfs4 setup guide accordingly.
Cheers, Philipp
Greeting everyone,
I've been running a TOR relay for a couple of years and as recently posted, my bandwidth usage has dribbled down to almost nothing. I was going to pull the relay as the ubuntu box is basically doing nothing and not being utilised by TOR.
Then I saw the above email about being a bridge and thought, fine, I'll configure it to be a bridge and help out someone. Tried to do it via the docker/script method, but soon realised that was outside my skill level (hey stop laughing! :P) So I did it via the method here: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4p... Setting ORPort to 443 as suggested. I forwarded that port on the router and then tested it, but it said it was closed. So I thought my router was playing up. I checked a few other ports using online tools and a few of them were closed. I forwarded a new another port to some other software on another machine and that worked?! So I realised the ports are open on the router but closed on the ubuntu machine. I've played around with all the settings, changed by torrc file to a really basic one of:
RunAsDaemon 1
BridgeRelay 1
# Replace "TODO" with a Tor port of your choice. This port must be externally # reachable. Avoid port 9001 because it's commonly associated with Tor and # censors may be scanning the Internet for this port. ORPort 9051
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
# Replace "TODO" with an obfs4 port of your choice. This port must be # externally reachable. Avoid port 9001 because it's commonly associated with # Tor and censors may be scanning the Internet for this port. ServerTransportListenAddr obfs4 0.0.0.0:443
# Local communication port between Tor and obfs4. Always set this to "auto". # "Ext" means "extended", not "external". Don't try to set a specific port # number, nor listen on 0.0.0.0. ExtORPort auto
# Replace "address@email.com" with your email address so we can contact you if # there are problems with your bridge. This is optional but encouraged. ContactInfo blades1000@gmail.com
# Pick a nickname that you like for your bridge. This is optional. Nickname MelbTORbridge
I was able to monitor tor still with NYX, but that seems to have stopped and given me an error of:
Unable to authenticate: socket connection failed ([Errno 104] Connection reset by peer)
I was blowing a gasket yesterday and about to flush the whole machine, but left it for the day and figured I'd ask for help before I scrap it and go back to the original tor relay Torrc file.
Any help would be greatly appreciated.
http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a Virus-free. www.avg.com http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
On Wed, Jul 3, 2019 at 1:01 PM Philipp Winter phw@torproject.org wrote:
On Wed, Jul 03, 2019 at 02:09:02AM +0000, torix@protonmail.com wrote:
Looking at the new, improved instructions for Debian/Ubuntu obfs4 bridges, I am confused by the talk about a fixed obfs4 bridge port. The line to do this is commented out. Does that mean it is optional to give obfs4 a fixed port? If it were a random port, however, I'd need a lot of open ports on my firewall...
We recommend to not set ServerTransportListenAddr and keep the "ORPort auto" setting, which makes Tor pick a random OR and obfs4 port for you. These random ports persist across restarts, so you only have to forward them once -- at least as long as you keep your data directory. We don't provide a static port in the sample config because we don't want operators to end up with the same port. If that was the case, censors could scan the IPv4 address space for these ports and block all bridges they find that way.
That said, feel free to choose your own obfs4 port. For example, we could use more bridges whose obfs4 port is 443. Just avoid port 9001 as it's commonly associated with Tor and an attractive target for Internet-wide scanning.
I hope this clears things up a bit.
Cheers, Philipp _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Jul 18, 2019 at 12:50:34PM +1000, Ben Riley wrote:
Then I saw the above email about being a bridge and thought, fine, I'll configure it to be a bridge and help out someone. Tried to do it via the docker/script method, but soon realised that was outside my skill level (hey stop laughing! :P)
Did you run into any specific issues? If you had troubles following the guide, I'm gonna blame the guide.
Setting ORPort to 443 as suggested. I forwarded that port on the router and then tested it, but it said it was closed. So I thought my router was playing up. I checked a few other ports using online tools and a few of them were closed. I forwarded a new another port to some other software on another machine and that worked?! So I realised the ports are open on the router but closed on the ubuntu machine. I've played around with all the settings, changed by torrc file to a really basic one of:
To run obfs4 on port 443, you will have to run the following command, to allow obfs4proxy to bind to port 443:
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
If you did that already, it would be helpful to see your logs.
Cheers, Philipp
Hi,
Thanks for the reply. Yes, I ran that command way back at the start. I'm assuming I don't have to run it every time the machine reboots or updates? I ran it again this morning and it made no difference.
Ah logs, you say that like I know where those are :P When I run sudo tail /var/log/tor/log - I get nothing. I found the Logs app and run that to get all the system logs - way too much stuff and I couldn't move it to here, so I found this command (Google) cat /var/log/syslog | grep tor -i and got the following (I think I've included 2 set of attempts to boot up):
Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Starting with guard context
"default" Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Signaled readiness to systemd Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bootstrapped 5% (conn): Connecting to a relay Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Server managed proxy encountered a method error. (obfs4 listen tcp 0.0.0.0:443: bind: permission denied) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Managed proxy at '/usr/bin/obfs4proxy' failed the configuration protocol and will be destroyed. Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: tor_assertion_failed_(): Bug: ../src/feature/client/transports.c:1836: managed_proxy_stdout_callback: Assertion mp->conf_state == PT_PROTO_COMPLETED failed; aborting. (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: Assertion mp->conf_state == PT_PROTO_COMPLETED failed in managed_proxy_stdout_callback at ../src/feature/client/transports.c:1836. Stack trace: (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(log_backtrace_impl+0x45) [0x55e1c7174965] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(tor_assertion_failed_+0x94) [0x55e1c716fd24] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(+0xd3f5f) [0x55e1c7045f5f] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(+0x1da363) [0x55e1c714c363] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(+0x1e8f8) [0x7f59876138f8] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(event_base_loop+0x53f) [0x7f598761433f] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(do_main_loop+0xb4) [0x55e1c6fe45e4] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(tor_run_main+0x122d) [0x55e1c6fd18ad] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(tor_main+0x3a) [0x55e1c6fce9ca] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(main+0x19) [0x55e1c6fce559] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7f5985d3cb97] (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: /usr/bin/tor(_start+0x2a) [0x55e1c6fce5aa] (on Tor 0.4.0.5 ) Jul 19 14:32:24 ben-OptiPlex-755 systemd[1]: tor@default.service: Main process exited, code=dumped, status=6/ABRT Jul 19 14:32:24 ben-OptiPlex-755 systemd[1]: tor@default.service: Failed with result 'core-dump'. Jul 19 14:32:24 ben-OptiPlex-755 systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. Jul 19 14:32:24 ben-OptiPlex-755 systemd[1]: tor@default.service: Scheduled restart job, restart counter is at 74. Jul 19 14:32:24 ben-OptiPlex-755 tor[28062]: Jul 19 14:32:24.374 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Jul 19 14:32:24 ben-OptiPlex-755 tor[28062]: Jul 19 14:32:24.374 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 19 14:32:24 ben-OptiPlex-755 tor[28062]: Jul 19 14:32:24.374 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 19 14:32:24 ben-OptiPlex-755 tor[28062]: Jul 19 14:32:24.374 [notice] Read configuration file "/etc/tor/torrc". Jul 19 14:32:24 ben-OptiPlex-755 tor[28062]: Jul 19 14:32:24.379 [notice] Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Jul 19 14:32:24 ben-OptiPlex-755 tor[28062]: Configuration was valid Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.582 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.582 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.582 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.582 [notice] Read configuration file "/etc/tor/torrc". Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.587 [notice] Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.587 [notice] Opening Socks listener on 127.0.0.1:9050 Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.587 [notice] Opened Socks listener on 127.0.0.1:9050 Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.587 [notice] Opening OR listener on 0.0.0.0:9051 Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.588 [notice] Opened OR listener on 0.0.0.0:9051 Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.588 [notice] Opening Extended OR listener on 127.0.0.1:0 Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.588 [notice] Extended OR listener listening on port 33679. Jul 19 14:32:24 ben-OptiPlex-755 tor[28063]: Jul 19 14:32:24.588 [notice] Opened Extended OR listener on 127.0.0.1:33679 Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Read configuration file "/etc/tor/torrc". Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Opening Socks listener on 127.0.0.1:9050 Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Opened Socks listener on 127.0.0.1:9050 Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Opening OR listener on 0.0.0.0:9051 Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Opened OR listener on 0.0.0.0:9051 Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Opening Extended OR listener on 127.0.0.1:0 Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Extended OR listener listening on port 33679. Jul 19 14:32:24 ben-OptiPlex-755 Tor[28063]: Opened Extended OR listener on 127.0.0.1:33679 Jul 19 14:32:25 ben-OptiPlex-755 Tor[28063]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Jul 19 14:32:25 ben-OptiPlex-755 Tor[28063]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Jul 19 14:32:25 ben-OptiPlex-755 Tor[28063]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. Jul 19 14:32:25 ben-OptiPlex-755 Tor[28063]: Your Tor server's identity key fingerprint is 'MelbTORbridge 9F19251CEE17B1E05084898D164F0544CCB095DD' Jul 19 14:32:25 ben-OptiPlex-755 Tor[28063]: Your Tor bridge's hashed identity key fingerprint is 'MelbTORbridge E4AF099DA5946A6D6EA65DC55B517D3F9B12D0ED' Jul 19 14:32:25 ben-OptiPlex-755 Tor[28063]: Bootstrapped 0% (starting): Starting Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Starting with guard context "default" Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Signaled readiness to systemd Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bootstrapped 5% (conn): Connecting to a relay Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Server managed proxy encountered a method error. (obfs4 listen tcp 0.0.0.0:443: bind: permission denied) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Managed proxy at '/usr/bin/obfs4proxy' failed the configuration protocol and will be destroyed. Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: tor_assertion_failed_(): Bug: ../src/feature/client/transports.c:1836: managed_proxy_stdout_callback: Assertion mp->conf_state == PT_PROTO_COMPLETED failed; aborting. (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: Assertion mp->conf_state == PT_PROTO_COMPLETED failed in managed_proxy_stdout_callback at ../src/feature/client/transports.c:1836. Stack trace: (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(log_backtrace_impl+0x45) [0x55812aa84965] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(tor_assertion_failed_+0x94) [0x55812aa7fd24] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(+0xd3f5f) [0x55812a955f5f] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(+0x1da363) [0x55812aa5c363] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(+0x1e8f8) [0x7fefe7a128f8] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(event_base_loop+0x53f) [0x7fefe7a1333f] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(do_main_loop+0xb4) [0x55812a8f45e4] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(tor_run_main+0x122d) [0x55812a8e18ad] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(tor_main+0x3a) [0x55812a8de9ca] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(main+0x19) [0x55812a8de559] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7fefe613bb97] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 Tor[28063]: Bug: /usr/bin/tor(_start+0x2a) [0x55812a8de5aa] (on Tor 0.4.0.5 ) Jul 19 14:32:36 ben-OptiPlex-755 systemd[1]: tor@default.service: Main process exited, code=dumped, status=6/ABRT Jul 19 14:32:36 ben-OptiPlex-755 systemd[1]: tor@default.service: Failed with result 'core-dump'. Jul 19 14:32:37 ben-OptiPlex-755 systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. Jul 19 14:32:37 ben-OptiPlex-755 systemd[1]: tor@default.service: Scheduled restart job, restart counter is at 75. Jul 19 14:32:37 ben-OptiPlex-755 tor[28091]: Jul 19 14:32:37.395 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Jul 19 14:32:37 ben-OptiPlex-755 tor[28091]: Jul 19 14:32:37.395 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 19 14:32:37 ben-OptiPlex-755 tor[28091]: Jul 19 14:32:37.395 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 19 14:32:37 ben-OptiPlex-755 tor[28091]: Jul 19 14:32:37.395 [notice] Read configuration file "/etc/tor/torrc". Jul 19 14:32:37 ben-OptiPlex-755 tor[28091]: Jul 19 14:32:37.399 [notice] Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Jul 19 14:32:37 ben-OptiPlex-755 tor[28091]: Configuration was valid Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.590 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.590 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.590 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.590 [notice] Read configuration file "/etc/tor/torrc". Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Opening Socks listener on 127.0.0.1:9050 Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Opened Socks listener on 127.0.0.1:9050 Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Opening OR listener on 0.0.0.0:9051 Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Opened OR listener on 0.0.0.0:9051 Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Opening Extended OR listener on 127.0.0.1:0 Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Extended OR listener listening on port 38435. Jul 19 14:32:37 ben-OptiPlex-755 tor[28092]: Jul 19 14:32:37.595 [notice] Opened Extended OR listener on 127.0.0.1:38435 Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Read configuration file "/etc/tor/torrc". Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Opening Socks listener on 127.0.0.1:9050 Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Opened Socks listener on 127.0.0.1:9050 Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Opening OR listener on 0.0.0.0:9051 Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Opened OR listener on 0.0.0.0:9051 Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Opening Extended OR listener on 127.0.0.1:0 Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Extended OR listener listening on port 38435. Jul 19 14:32:37 ben-OptiPlex-755 Tor[28092]: Opened Extended OR listener on 127.0.0.1:38435 Jul 19 14:32:38 ben-OptiPlex-755 Tor[28092]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Jul 19 14:32:38 ben-OptiPlex-755 Tor[28092]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Jul 19 14:32:38 ben-OptiPlex-755 Tor[28092]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. Jul 19 14:32:38 ben-OptiPlex-755 Tor[28092]: Your Tor server's identity key fingerprint is 'MelbTORbridge 9F19251CEE17B1E05084898D164F0544CCB095DD' Jul 19 14:32:38 ben-OptiPlex-755 Tor[28092]: Your Tor bridge's hashed identity key fingerprint is 'MelbTORbridge E4AF099DA5946A6D6EA65DC55B517D3F9B12D0ED' Jul 19 14:32:38 ben-OptiPlex-755 Tor[28092]: Bootstrapped 0% (starting): Starting
On Fri, Jul 19, 2019 at 1:12 AM Philipp Winter phw@torproject.org wrote:
On Thu, Jul 18, 2019 at 12:50:34PM +1000, Ben Riley wrote:
Then I saw the above email about being a bridge and thought, fine, I'll configure it to be a bridge and help out someone. Tried to do it via the docker/script method, but soon realised that was outside my skill level (hey stop laughing! :P)
Did you run into any specific issues? If you had troubles following the guide, I'm gonna blame the guide.
Setting ORPort to 443 as suggested. I forwarded that port on the router and then tested it, but it said it was closed. So I thought my router was playing up. I checked a few other ports using online tools and a few of them were closed. I forwarded a new another port to some other software on another machine and that worked?! So I realised the ports are open on the router but closed on the ubuntu machine. I've played around with all the settings, changed by torrc file to a really basic one of:
To run obfs4 on port 443, you will have to run the following command, to allow obfs4proxy to bind to port 443:
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
If you did that already, it would be helpful to see your logs.
Cheers, Philipp _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On July 19, 2019 at 6:36 AM Ben Riley blades1000@gmail.com wrote:
Hi,
Thanks for the reply. Yes, I ran that command way back at the start. I'm assuming I don't have to run it every time the machine reboots or updates? I ran it again this morning and it made no difference.
Ah logs, you say that like I know where those are :P When I run sudo tail /var/log/tor/log - I get nothing. I found the Logs app and run that to get all the system logs - way too much stuff and I couldn't move it to here, so I found this command (Google) cat /var/log/syslog | grep tor -i and got the following (I think I've included 2 set of attempts to boot up):
Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Starting with guard context
"default" Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Signaled readiness to systemd Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bootstrapped 5% (conn): Connecting to a relay Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Server managed proxy encountered a method error. (obfs4 listen tcp 0.0.0.0:443: bind: permission denied)
I ran (and keep running) into the same problem (but on Debian), even after the fix suggested below. Could you please try an unused port above 1024, like 8531? That resolved this issue for me.
hope this helps and kind regards.
Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Managed proxy at '/usr/bin/obfs4proxy' failed the configuration protocol and will be destroyed. Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: tor_assertion_failed_(): Bug: ../src/feature/client/transports.c:1836: managed_proxy_stdout_callback: Assertion mp->conf_state == PT_PROTO_COMPLETED failed; aborting. (on Tor 0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: Assertion mp->conf_state == PT_PROTO_COMPLETED failed in managed_proxy_stdout_callback at ../src/feature/client/transports.c:1836. Stack trace: (on Tor 0.4.0.5 )
(removed rest of log)
On Fri, Jul 19, 2019 at 1:12 AM Philipp Winter phw@torproject.org wrote:
On Thu, Jul 18, 2019 at 12:50:34PM +1000, Ben Riley wrote:
Then I saw the above email about being a bridge and thought, fine, I'll configure it to be a bridge and help out someone. Tried to do it via the docker/script method, but soon realised that was outside my skill level (hey stop laughing! :P)
Did you run into any specific issues? If you had troubles following the guide, I'm gonna blame the guide.
Setting ORPort to 443 as suggested. I forwarded that port on the router and then tested it, but it said it was closed. So I thought my router was playing up. I checked a few other ports using online tools and a few of them were closed. I forwarded a new another port to some other software on another machine and that worked?! So I realised the ports are open on the router but closed on the ubuntu machine. I've played around with all the settings, changed by torrc file to a really basic one of:
To run obfs4 on port 443, you will have to run the following command, to allow obfs4proxy to bind to port 443:
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
If you did that already, it would be helpful to see your logs.
Cheers, Philipp _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
i wanted to run my bridge on 443 too but i had the same problem on Raspbian Buster with Tor 0.4.0.5 I asked Google but choosing a port above 1024 was the only thing that made it working for me.
Am Fr., 19. Juli 2019 um 11:52 Uhr schrieb dmz21@ziggo.nl:
On July 19, 2019 at 6:36 AM Ben Riley blades1000@gmail.com wrote:
Hi,
Thanks for the reply. Yes, I ran that command way back at the start. I'm assuming I don't have to run it every time the machine reboots or
updates?
I ran it again this morning and it made no difference.
Ah logs, you say that like I know where those are :P When I run sudo tail /var/log/tor/log - I get nothing. I found the Logs app and run that to get all the system logs - way too
much
stuff and I couldn't move it to here, so I found this command (Google)
cat
/var/log/syslog | grep tor -i and got the following (I think I've
included
2 set of attempts to boot up):
Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Starting with guard context
"default" Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Signaled readiness to
systemd
Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bootstrapped 5% (conn): Connecting to a relay Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Server managed proxy encountered a method error. (obfs4 listen tcp 0.0.0.0:443: bind: permission denied)
I ran (and keep running) into the same problem (but on Debian), even after the fix suggested below. Could you please try an unused port above 1024, like 8531? That resolved this issue for me.
hope this helps and kind regards.
Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Managed proxy at '/usr/bin/obfs4proxy' failed the configuration protocol and will be destroyed. Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: tor_assertion_failed_():
Bug:
../src/feature/client/transports.c:1836: managed_proxy_stdout_callback: Assertion mp->conf_state == PT_PROTO_COMPLETED failed; aborting. (on
Tor
0.4.0.5 ) Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: Assertion
mp->conf_state
== PT_PROTO_COMPLETED failed in managed_proxy_stdout_callback at ../src/feature/client/transports.c:1836. Stack trace: (on Tor 0.4.0.5 )
(removed rest of log)
On Fri, Jul 19, 2019 at 1:12 AM Philipp Winter phw@torproject.org
wrote:
On Thu, Jul 18, 2019 at 12:50:34PM +1000, Ben Riley wrote:
Then I saw the above email about being a bridge and thought, fine,
I'll
configure it to be a bridge and help out someone. Tried to do it via the docker/script method, but soon realised that
was
outside my skill level (hey stop laughing! :P)
Did you run into any specific issues? If you had troubles following
the
guide, I'm gonna blame the guide.
Setting ORPort to 443 as suggested. I forwarded that port on the router and then tested it, but it said it was closed. So I thought my router was playing up. I checked a few other ports using online
tools
and a few of them were closed. I forwarded a new another port to
some
other software on another machine and that worked?! So I realised
the
ports are open on the router but closed on the ubuntu machine. I've played around with all the settings, changed by torrc file to a
really
basic one of:
To run obfs4 on port 443, you will have to run the following command,
to
allow obfs4proxy to bind to port 443:
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
If you did that already, it would be helpful to see your logs.
Cheers, Philipp _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, Jul 19, 2019 at 10:36:07AM +0200, dmz21@ziggo.nl wrote:
I ran (and keep running) into the same problem (but on Debian), even after the fix suggested below.
If you are running tor over systemd, you will also need to set NoNewPrivileges=no in /lib/systemd/system/tor@default.service and /lib/systemd/system/tor@.service and then run systemctl daemon-reload. This issue was first documented in https://bugs.torproject.org/18356.
If you are not running tor over systemd, setcap should suffice. I just tested it on Debian 10 and I managed to set up an obfs4 bridge on port 123.
Cheers, Philipp
Just how much traffic can one expect when running a bridge? Is it comparable to being an entry/middle node?
On Friday, July 12, 2019 1:28 PM, Peter Ludikovsky peter@ludikovsky.name wrote:
Just how much traffic can one expect when running a bridge? Is it comparable to being an entry/middle node?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I was about to ask the same question. I have been running an obfs4 bridge for several weeks, and the bandwidth it uses is still around 50KB/s, although the maximum rates are set much higher than that (2.5MB/s, with a burst of 5MB/s). My other middle relay works totally fine at about 8MB/s.
Is this normal?
Thanks in advance
In my experience the amount of monthly traffic is greatly variable. It can range from nothing (a few megabytes, for housekeeping) to multiple terrabytes. My understanding is that this is due to which of several "bins" the bridge is placed in by the bridge authority.
On 7/12/19 12:41 PM, j4c4l4 wrote:
On Friday, July 12, 2019 1:28 PM, Peter Ludikovsky peter@ludikovsky.name wrote:
Just how much traffic can one expect when running a bridge? Is it comparable to being an entry/middle node?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I was about to ask the same question. I have been running an obfs4 bridge for several weeks, and the bandwidth it uses is still around 50KB/s, although the maximum rates are set much higher than that (2.5MB/s, with a burst of 5MB/s). My other middle relay works totally fine at about 8MB/s.
Is this normal?
Thanks in advance
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, Jul 12, 2019 at 04:41:25PM +0000, j4c4l4 wrote:
I was about to ask the same question. I have been running an obfs4 bridge for several weeks, and the bandwidth it uses is still around 50KB/s, although the maximum rates are set much higher than that (2.5MB/s, with a burst of 5MB/s). My other middle relay works totally fine at about 8MB/s.
Is this normal?
It does take time for your bridge to see users because these users first need to get your bridge from BridgeDB. Your bridge's distribution mechanism also affects how quickly you see traffic: If your bridge ended up in the email bucket, it may not see users as quickly as a bridge in the moat bucket.
Cheers, Philipp
tor-relays@lists.torproject.org
-
Ben Riley -
dmz21@ziggo.nl -
j4c4l4 -
Michael Gerstacker -
nottryingtobelame@protonmail.com -
Peter Ludikovsky -
Philipp Winter -
Steve Snyder -
torix@protonmail.com