[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] obfsproxy on CentOS 6 (help Iran)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] obfsproxy on CentOS 6 (help Iran)
From: Ondrej Mikle <ondrej.mikle@xxxxxxxxx>
Date: Sun, 12 Feb 2012 03:31:56 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 11 Feb 2012 21:32:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=u9rUqnx9rdx0RVEg4AkX9Eu+bHSC1def9UO+isthrOc=; b=OtUPPbG8NKrWPq4lPs000ciusHLwE2wYZ/U1eekE5Q+MGQBBk6OURUyEbniGUKs1I8 agWIrCYpEczXjSSJHjq7lGOHXI+mYI4MXc9bUplXbtFfHb3CWkIQeUIUjCBvV9pmEQrO Cad0/CxgmneZ/tyabJojnph9RlNUJK5Gd/HZA=
In-reply-to: <CALPLAPtZYYaWKRKdLNzaWE+oM4xWiKabwOsk-sxKeLJ9CeECnw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4F36AB5F.9030706@xxxxxxxxx> <CALPLAPtZYYaWKRKdLNzaWE+oM4xWiKabwOsk-sxKeLJ9CeECnw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120129 Thunderbird/10.0

On 02/12/2012 12:40 AM, Softail wrote:
> The attached script will configure a fresh 256MB CentOS 6.0 virtual machine
> on Rackspace as an obfsproxy bridge. You have to say yes several times and
> it takes awhile but it will eventually reboot as an obfsproxy bridge. I
> know it gives an error at the end but it does work.
> 
> You will have to winkle out the IP address and obfsproxy port
> 
> grep ORPort /var/log/tor/tor.log
> grep obfs /var/log/tor/tor.log
> 
> and send them to tor-assistants@xxxxxxxxxxxxxx

It's also possible to run obfsproxy with "stable" Tor, one just needs to execute
it manually, like mentioned here:
https://trac.torproject.org/projects/tor/ticket/5009#comment:17

Also, you can avoid LD_LIBRARY_PATH hack by using ldconfig (I'll write whole
howto for installing into /opt):

tar xzf libevent-2.0.16-stable.tar.gz
cd libevent-2.0.16-stable
./configure --prefix=/opt/libevent --with-pic --enable-openssl
make
make install #(as root)

#Create a file /etc/ld.so.conf.d/libevent2.conf containing following line:
/opt/libevent/lib/
#Then, as root, run:
ldconfig

cd /some/directory/to/put/obfsproxy/source/in
git clone https://git.torproject.org/obfsproxy.git
cd obfsproxy
export libevent_CFLAGS=-I/opt/libevent/include
export libevent_LIBS="-L/opt/libevent/lib -levent"
./autogen.sh && ./configure --prefix=/opt/obfsproxy && make
make install #(as root)

#One way to run it without screen in background, assuming 9001 is your
#ORPort and you want obfsproxy to listen on port 2345:

(/opt/obfsproxy/bin/obfsproxy obfs2 --dest=127.0.0.1:9001 server 0.0.0.0:2345 \
  </dev/null >>obfsproxy.log 2>&1 & echo $! > obfsproxy.pid)

Checking that your obfsproxy works (on other computer on another network, in
obfsproxy directory; you'll need to install "socat", run each command in
separate terminal; replace _ip_address_of_your_bridge_ with IP of your bridge):

./obfsproxy obfs2 socks 127.0.0.1:50000 #no idea how to use just the client mode
socat -d -d TCP4-LISTEN:5353,bind=localhost,reuseaddr,fork \
 SOCKS4A:localhost:_ip_address_of_your_bridge_:2345,socksport=50000

#In another terminal, check that the fingerprints match
openssl s_client -connect localhost:5353 </dev/null 2>/dev/null | openssl \
 x509 -noout -fingerprint
openssl s_client -connect _ip_address_of_your_bridge_:2345 </dev/null \
 2>/dev/null | openssl x509 -noout -fingerprint

The line printed by the "openssl" commands should be identical.

Ondrej
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] obfsproxy on CentOS 6 (help Iran)
  - From: Roger Dingledine
- Re: [tor-talk] obfsproxy on CentOS 6 (help Iran)
  - From: Softail

References:
- [tor-talk] obfsproxy on CentOS 6 (help Iran)
  - From: Softail
- Re: [tor-talk] obfsproxy on CentOS 6 (help Iran)
  - From: Softail

Prev by Author: Re: [tor-talk] How to use Tor Browser without TBB Bundle?
Next by Author: Re: [tor-talk] Hidden service security w. Apache/Win32
Previous by thread: Re: [tor-talk] obfsproxy on CentOS 6 (help Iran)
Next by thread: Re: [tor-talk] obfsproxy on CentOS 6 (help Iran)
Index(es):
- Author
- Thread