Hi,
Form the instructions to install obsf4: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4p...
--- ``` ExtORPort auto ```
[...]
``` [notice] Registered server transport 'obfs4' at '[::]:46396' ```
Remember the random port associated to your bridge needs to be open for incoming connections. You can find it from the logs: it's 46396 in this example. ---
I can assume that using `ExtORPort auto` would mean that potentially any time Tor is restarted or reload a new port will be picked.
Furthermore, in this thread[1] it is said: --- [...] ExtORPort tells tor to open a local-only (bound to localhost) socket for getting information from / communicating with obfsproxy ---
So, if I want to be sure to know in advance which firewall port I should let open it is better that I choose a fixed port. Also, that port needs only to accept connections from localhost, i.e. the loopback interface? The only port that needs to be reachable from anywhere is the ORPort?
Also, in this answer on Tor Stack Exchange[2] it is said that is possible to run both obfs3 and obfs4 from the same bridge. Is this useful/recommended? Also, in the answer: --- I had to make port forwards for the given obfs ports in iptables (easy with gufw) as well as in my hardware (internet-)firewall to make things work. So I am not so sure that the ExORPort is for local connections only as mentioned by Rodger (please let me know if I am wrong here). ---
Thanks in advance (I am sorry for the flood of stupid question, but I prefer to ask a stupid question that having things not work and not understanding why...)
C
[1]: https://lists.torproject.org/pipermail/tor-relays/2014-February/003909.html [2]: https://tor.stackexchange.com/a/6735
On 2018-07-23 16:03, Cristian Consonni wrote:
[notice] Registered server transport 'obfs4' at '[::]:46396'Remember the random port associated to your bridge needs to be open for incoming connections. You can find it from the logs: it's 46396 in this example.
I can assume that using `ExtORPort auto` would mean that potentially any time Tor is restarted or reload a new port will be picked.
I think the documentation is a bit confusing here. The pluggable transport is picking a random port because the example doesn't configure "ServerTransportListenAddr".
For example, to make obfs4 use port 8000 every time, add this to your torrc: ServerTransportListenAddr obfs4 0.0.0.0:8000
[...] ExtORPort tells tor to open a local-only (bound to localhost) socket for getting information from / communicating with obfsproxy
So, if I want to be sure to know in advance which firewall port I should let open it is better that I choose a fixed port. Also, that port needs only to accept connections from localhost, i.e. the loopback interface? The only port that needs to be reachable from anywhere is the ORPort?
The ExtORPort is only used for communication between Tor and the pluggable transport. The value "auto" should be ok and you usually don't need to do any firewall configuration.
Whatever fixed port you pick for "ServerTransportListenAddr" above needs to be open in your firewall, though.
Also, in this answer on Tor Stack Exchange[2] it is said that is possible to run both obfs3 and obfs4 from the same bridge. Is this useful/recommended? Also, in the answer:
The last time I asked this question, my understanding was that you should not run them on the same bridge.
Thanks in advance (I am sorry for the flood of stupid question, but I prefer to ask a stupid question that having things not work and not understanding why...)
C
Don't worry, I also feel that pluggable transports are the "fun" part of configuring Tor. :)
Kind regards, Alexander
Hi,
On 23/07/2018 23:36, Alexander Dietrich wrote:
Whatever fixed port you pick for "ServerTransportListenAddr" above needs to be open in your firewall, though.
[...]
The last time I asked this question, my understanding was that you should not run them on the same bridge.
On 2018-07-23 16:03, Cristian Consonni wrote:
Thanks in advance (I am sorry for the flood of stupid question, but I prefer to ask a stupid question that having things not work and not understanding why...)
On 23/07/2018 23:36, Alexander Dietrich wrote:
Don't worry, I also feel that pluggable transports are the "fun" part of configuring Tor. :)
Thanks for your help, I have set up a the bridge.
From the log it looks like it is working:
--- Jul 24 17:44:27 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. ---
but for the moment I'm not seeing much traffic (this is from nyx): --- 10:35:25 [NOTICE] Heartbeat: In the last 6 hours, I have seen 0 unique clients. 10:35:25 [NOTICE] Heartbeat: Tor's uptime is 16:50 hours, with 4 circuits open. I've sent 2.68 MB and received 25.50 MB. ---
I suppose this is normal, but I was also wondering how much time (days?) it would need to have some traffic, I have set this up at home and I would like to be able to tweak the bandwidth settings so that the bridge can use as much bandwidth as it is available and without causing issues for my normal use.
C
On 25 Jul 2018, at 23:57, Cristian Consonni cristian@balist.es wrote:
for the moment I'm not seeing much traffic (this is from nyx):
10:35:25 [NOTICE] Heartbeat: In the last 6 hours, I have seen 0 unique clients. 10:35:25 [NOTICE] Heartbeat: Tor's uptime is 16:50 hours, with 4 circuits open. I've sent 2.68 MB and received 25.50 MB.
I suppose this is normal, but I was also wondering how much time (days?) it would need to have some traffic, I have set this up at home and I would like to be able to tweak the bandwidth settings so that the bridge can use as much bandwidth as it is available and without causing issues for my normal use.
Users are allocated bridges at random, so it’s hard to say. Some bridges are kept in a reserve pool, and get no traffic.
If you have multiple IP addresses, you can run multiple bridges on the same connection.
T
Hi,
On 26/07/2018 00:24, teor wrote:
If you have multiple IP addresses, you can run multiple bridges on the same connection.
I don't, in fact I am using a small (fanless) machine from my home connection.
I was thinking if I could test the relay by configuring my Tor browser to use my bridge.
When I go to the BridgeDB and I ask for bridges I get results in the following form: ``` <pt_type> <ip_address>:<port> <relay_fingerprint> cert=<some_string> iat-mode=<some_number> ``` (where <pt_type> is the name of the pluggable transport protocol, say obfs4)
so I am assuming that to test my bridge it is not sufficient to know which pluggable transport is running, the IP address and the port. I need the cert string and the iat-mode number.
So, how can I found those values? And, most importantly, is this a sensible test to perform?
C
On 2018-07-31 16:27, Cristian Consonni wrote:
so I am assuming that to test my bridge it is not sufficient to know which pluggable transport is running, the IP address and the port. I need the cert string and the iat-mode number.
So, how can I found those values? And, most importantly, is this a sensible test to perform?
You need to find the file obfs4_bridgeline.txt on your relay (probably in /var/lib/tor/pt_state). It contains the bridge line minus IP address, port and fingerprint. Fill these in and you should be able to test your bridge.
I would test to make sure the relay is configured correctly.
Kind regards, Alexander
Hi,
On 31/07/2018 21:49, Alexander Dietrich wrote:
On 2018-07-31 16:27, Cristian Consonni wrote:
so I am assuming that to test my bridge it is not sufficient to know which pluggable transport is running, the IP address and the port. I need the cert string and the iat-mode number.
So, how can I found those values? And, most importantly, is this a sensible test to perform?
You need to find the file obfs4_bridgeline.txt on your relay (probably in /var/lib/tor/pt_state). It contains the bridge line minus IP address, port and fingerprint. Fill these in and you should be able to test your bridge.
Thanks, it seems to be working.
I would test to make sure the relay is configured correctly.
One question, I can make the ORPort and obfs4 PT port listen on port 80 or 443, which I assume are less filtered by company firewalls.
Would it be better to set `ServerTransportListenAddr` to 80?
C
Hi,
On 01/08/2018 15:24, Cristian Consonni wrote:
One question, I can make the ORPort and obfs4 PT port listen on port 80 or 443, which I assume are less filtered by company firewalls.
In the end I set up the obfs4 PT to listen on port 443 and ORport on port 80. These two tickets may be of help: * https://trac.torproject.org/projects/tor/ticket/18356 * https://trac.torproject.org/projects/tor/ticket/7875
C
tor-relays@lists.torproject.org
-
Alexander Dietrich -
Cristian Consonni -
teor