[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor

Nathan Freitas <nathan@xxxxxxxxxxx> writes:

> On May 3, 2014 6:10:58 AM EDT, George Kadianakis <desnacked@xxxxxxxxxx> wrote:
>>Nathan Freitas <nathan@xxxxxxxxxxx> writes:
>>> Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's help.
>>Great news! Thanks!
>>BTW, how are obfs3 bridges supposed to be used?
> This is the string I use for scramblesuit, copied directly from the bridges.tp.o page:
> scramblesuit xxx.xxx.xxx.xxx:xxxxx fingerprintxxx password=sharedsecretxxx
>>I installed Orbot-v14.0.0-ALPHA-2a.apk and checked the Preferences
>>menu. There used to be an option called 'Obfuscated Bridges' that it's
>>not there anymore. I assumed that I just have to specify a bridge, and
>>then prefix it with the transport name, like you do in the torrc.
> Yes.
>>So I clicked on 'Bridges' and then inserted 'obfs3 <ip>:<port>' (with
>>my own <ip> and <port>) and started up Orbot. Unfortunately, I think
>>that it didn't work very well. In the logs I got:
>>Adding bridge: obfs3 <ip>:<port>
> Hmm.... Add a fingerprint perhaps?

Hm, I just tried that bridge again (without adding a fingerprint), and
now I'm getting the usual PT error:
"We were supposed to connect to bridge '<ip>:<port>' using pluggable
transport 'obfs3', but we can't find a pluggable transport proxy
supporting 'obfs2'. ..."

I'm not sure why I'm getting this today instead of the error I was
getting yesterday [0]. I don't remember rebooting or changing

In any case, this new message usually means that obfsproxy crashed
early: before being configured to be a Pluggable Transport. The same
should be true for obfsclient too. Could it be a permission issue?

For example, have you asked obfsclient to log to somewhere? Does it
have permission to do so? (I vaguely remember Yawning telling me that
obfsclient logs by default in the PT state directory, which is inside
the DataDirectory of Tor).

Is there a way to dump the torrc that Orbot is using, to see if it's
well formatted? That would help in debugging.

>>Setting conf: SOCKSPort=
>>WARN: Controller gave us config lines that didn't validate: If you
>>setUseBridges, you must specify at least one bridge.
>>Starting polipo process
>>and then Orbot bootstrapped directly, without using my bridge :/
> Yes... Bridges are applied via the control port, and Tor will still bootstrap if the config settings fail. Maybe we should not do that on further thought.

Yeah, that might be a bad idea for some threat models.
Making the current behavior an option might make sense for some other
threat models.

>>I'm not sure exactly why my bridge was not set in Tor. Maybe I'm not
>>supposed to specify my obfsbridge using the 'Bridges' dialog?
> Will do more testing with obfs3.
>>PS: I think the move from the 'Obfuscated Bridges' box is a good
>>    idea. IIRC, the 'Obfuscated Bridges' box assumed that the bridge
>>    is obfs2, without even mentioning it to the user, which is not
>>    good now that we have more pluggable transport around.
> Yes this is a better design. We will be working on more ways to simplify bridge setup including qrcode scanning, NFC tapping and more.

Very very nice :)
Looking forward to this!

[0]: WARN: Controller gave us config lines that didn't validate: If you setUseBridges, you must specify at least one bridge.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to