[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Obfsproxy: Multiple ServerTransportListenAddr lines & obfs4



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi

Thanks for running a bridge.

If you want to bind the same pluggable transport protocol to ipv4 and
ipv6 (2 IP:port) I recommend one line for each pluggable transport, as
follows:

ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
ServerTransportListenAddr obfs2 [::]:42862
ServerTransportListenAddr obfs3 [::]:49991

This [::] will open ports on both ipv4 and ipv6 (all interfaces if you
have multiple - like more IP addresses), if you have a dual stack server.

I recommend you not to use obfs2, since it's too old. Better make an
obfs3 and obfs4 bridge. For this, you can install the obfs4proxy
package from torproject.org deb:

echo "deb http://deb.torproject.org/torproject.org obfs4proxy main" >>
/etc/apt/sources.list

apt-get update && apt-get -y install obfs4proxy

Substitute in your torrc /usr/bin/obfsproxy with /usr/bin/obfs4proxy

Note this obfs4proxy is able to do both obfs3 and obfs4 pluggable
transport, so you don't need the old python based obfsproxy package.
This one is written in Golang. It cannot do obfs3.

Tip: obfs4proxy package makes it easier for you to run pluggable
transports on low (usually reserved) ports, like 80, 443 for our good
fellows behind firewalls which allow only few ports. For this you can
install libcap2-bin package form apt-get and use that.


On 3/1/2015 10:43 PM, MegaBrutal wrote:
> Could someone please help me with this?
> 
> 
> 2015-02-19 20:39 GMT+01:00 MegaBrutal <megabrutal@xxxxxxxxx>:
> 
>> Hi,
>> 
>> I want Obfsproxy to listen on both IPv4 and IPv6 interfaces by
>> using the following lines in torrc:
>> 
>> ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy
>> managed ServerTransportListenAddr obfs2 0.0.0.0:42862 
>> ServerTransportListenAddr obfs3 0.0.0.0:49991 
>> ServerTransportListenAddr obfs2 [2001:xxxx::63:7572:6c79]:42862 
>> ServerTransportListenAddr obfs3 [2001:xxxx::63:7572:6c79]:49991
>> 
>> I noticed, only the first line gets interpreted for each
>> Obfsproxy protocol. I can force to listen only on IPv6 by
>> commenting out the lines for IPv4, but I'd prefer to have a
>> dual-stack bridge.
>> 
>> I don't remember having this behaviour the first time I installed
>> an Obfsproxy bridge. If I remember correctly, it worked
>> previously, but meanwhile it is broken.
>> 
>> Anyway, I just noticed, there is a new protocol, obfs4, but I
>> don't know anything about it. Should I adopt this new protocol?
>> If so, how can I do that? Is it already available in the DEB
>> repository at http://deb.torproject.org/torproject.org? What is
>> the minimal Ubuntu release for which it is available?
>> 
>> 
>> Regards, MegaBrutal
>> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJU84mLAAoJEIN/pSyBJlsRkZ8IAKdw8+Qaof242AZlRiorm+XT
i2PIIkxkRA/hx34+ARbxZAvi9Ad7Gc/RHZvnmVwjNtylCFcyArt0pMUmLCcifUR/
WjCsvBf8Wg/xOHmtaU8sd/YwcfL5oB2tItrv2/1iX/kxOGF5qh+W1JptWvJC0VZL
B703MC7Y7f+yadjmhmzNJtYoQKrykeNenhrOSvDvjlcAGh/sZ1n8aJdVhIwx9swR
z+ftGEXUNac5btVfg/qjFWhmjMYQJzPhSv7Z0H3B4M5N6NL+9UauEenu3HhONHAQ
90iO1CLZLr8ZBZlgAtAudNNhqQt+/N62jG8RyvkIO35MUwm1VGPzc+KZUGdHshQ=
=4leb
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk