[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] snowflake vs bridges (vs node)

To: Fran via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] snowflake vs bridges (vs node)
From: Fran via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 7 Feb 2022 19:50:34 +0100
Cc: Fran <fatal@xxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Feb 2022 02:15:13 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1644259839; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LgbfOff15NNUr0u4N/1tIxuO768UEHiPZlvxTcvO1fo=; b=Od+gjwC8ivMN0G7WFhsiBSR1GqJ3/zUdi93ROjL/+p1nTVOt5fCdnRLrEnxjESpeZpx3LR SFSz49uw8QvxAgkrSi0X7uGLh+7qAHMACtuKhhGOf0yi6XwmE3cxA+vbc+m7E7xZ1olBTm +XlNgBoIrwqWherVr4dyKPkQf4WtSkvMvPac84arQ50tjglb3tZaCa/gdl6MbxCFK9cV6O mOHqYNVg2yXFD/izUS8zINNmMWBGqcCqIfYAZ+3LKlOBYbBVd5X2X4rfuJbXPTrhB5L0eA chMjeK3PMdKNefIuyxnLILtPKCTme3p+vZtk1YK2xtzXy8dqvubAfw+L+cXg8w==
In-reply-to: <164422874500.3613.8530450570435738393@localhost>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <3771794c-56f8-572f-661a-080449e30d6a@mailbox.org> <Yf1MzQnZDkQx24bx@localhost> <b10c47ad-465a-fbfc-fb6a-2cc03fb2ecd1@mailbox.org> <164422874500.3613.8530450570435738393@localhost>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Thanks meskio, this helped a lot to clarify things.

So I thought of trying to run a bride and a snowflakeproxy on one VMwith individual IP addressing in v4 and v6 for each by adding secondaryaddresses to to the WAN interface. But after compiling the go binary Ifail to find out how to tell snowflake which IP to bind to/use.


For the bridge this can be achieved with:

Address  <IPv4>
Address  <IPv6>
OutboundBindAddress <IPv4>
OutboundBindAddress <IPv6>

(and maybe to be save also set OutboundBindAddressPT,OutboundBindAddressExit and OutboundBindAddressOR)


But for snowflake I'm missing the options:

Usage of ./proxy:
  -broker string
    	broker URL (default "https://snowflake-broker.torproject.net/";)
  -capacity uint
    	maximum concurrent clients
  -keep-local-addresses
    	keep local LAN address ICE candidates
  -log string
    	log filename
  -nat-retest-interval duration

the time interval in second before NAT type is retested, 0sdisables retest. Valid time units are "s", "m", "h". (default 24h0m0s)

  -relay string
    	websocket relay URL (default "wss://snowflake.bamsoftware.com/")
  -stun string
    	broker URL (default "stun:stun.stunprotocol.org:3478")
  -summary-interval duration

the time interval to output summary, 0s disables retest. Validtime units are "s", "m", "h". (default 1h0m0s)

  -unsafe-logging
    	prevent logs from being scrubbed
  -verbose
    	increase log verbosity

Could be solved with VRFs/namespaces but would involve bridging,veths...too snowflaky for me (same goes for containers).


So I guess I'll just keep the bridges and make then relays one day.

Thanks for all who helped!

best
fran


On 2/7/22 11:12, meskio wrote

Yes, there are many differencies. snowflake does make the traffic look like
webrtc (like a video conference) and obfs4 makes the traffic look like random
noise. Also the clients use different mechanisms to discover the relays.

If you run both in the same IP address and the censor has a way to discover one
but not the other both of them will be blocked at once. So you are making it
easier for the censor to discover them and block them. That is why we don't want
people to run both in the same IP address.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] snowflake vs bridges (vs node)
  - From: meskio

References:
- [tor-relays] snowflake vs bridges (vs node)
  - From: Fran via tor-relays
- Re: [tor-relays] snowflake vs bridges (vs node)
  - From: gus
- Re: [tor-relays] snowflake vs bridges (vs node)
  - From: Fran via tor-relays

Prev by Author: [tor-relays] snowflake vs bridges (vs node)
Next by Author: Re: [tor-relays] snowflake vs bridges (vs node)
Previous by thread: Re: [tor-relays] snowflake vs bridges (vs node)
Next by thread: Re: [tor-relays] snowflake vs bridges (vs node)
Index(es):
- Author
- Thread