[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] issue with setting up a private bridge

To: Hamid Safe <hsafe@xxxxxxxxxx>, tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] issue with setting up a private bridge
From: Dmitrii Tcvetkov <demfloro@xxxxxxxxxxx>
Date: Sun, 4 Feb 2018 13:15:27 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 04 Feb 2018 05:18:29 -0500
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=demfloro.ru ; s=main; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=v2hicSFE6RVyVUlvgAdxTqokVa9S8R4X0O2E6kHXNt8=; b=mSueGA/U8ao5QjVvtZrRXMNAcu w6vqA6JaseDCEP3Tp0ZNp0LjoOSblrIetDkv6l+ObqP/YwJXEzdWWgynwh7QsqQWvQpaoSQq92/NQ HlqV2MVwV9tBoZaeLnrHXsklV08ZLHe8NWoktZGm8NU+qxW1zrIenyrtGbbB5lyGRgLiXHxMyTpIu tUcf39LEsk2qtV4XoE1BCyFUMEY4myxyXF8VfizQ5bG7oxvQIME7I4eZXghj4spWBP4OB3FNkyeOq Xx+8boGUlPURxPtPeCBjf2Er8MNgKtQMTtyOT2FVM+rpqFlgdzlEVNzAoXdmJfBIq68alFqhUlJmT 3M/Ei6Ew==;
In-reply-to: <85cfa54e-f6ae-2ebe-8808-2d060b87fc78@devopt.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <641e42eb-a883-ee80-2159-ddc92cffb8a7@devopt.net> <85cfa54e-f6ae-2ebe-8808-2d060b87fc78@devopt.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, 4 Feb 2018 09:56:18 +0330
Hamid Safe <hsafe@xxxxxxxxxx> wrote:

> Hello tor-relays team,
> > 
> > I am facing issue trying to set up a private obfs4proxy+tor relay
> > bridge(centos 7 server) on a vps outside Iran and using the same
> > methodology obfs4+tor client (Arch linux) inside Iran.DPI blocks tor
> > networks and vpn connections are no allowed. Please note that the set up
> > basically needed to access pretty much anything serious in a production env
> > for accessing the sites that will otherwise be blocked in Iran i.e
> > hub.docker.com + my personal use, hence can't really use the tor-browser.
> > 
> > I have successfully followed yawning angel's github to compile and set up
> > the obfs4proxy and also the tor in both ends. Tor service is running , and
> > I attach along this email the config I used both in client and server end.
> > I suspect that there is a key hash issue and the mechanism to obfuscate the
> > traffic that fails and particularly a directory that does not exist in my
> > server which is in a lot of howtos referred to
> > as: /pt_state/obfs4_bridgeline.txt 

Hello,

Absence of pt_state directory in DataDirectory is odd. You can't use obfs4
without information from obfs4_bridgeline.txt.

I suggest to change line
ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy 
to
ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed
in server's torrc.

Also you need to connect not to the ORPort itself but to the transport port, so
server config should have line:
ServerTransportListenAddr <ip_address>:<port>

And then in your client torrc you specify bridge like:
Bridge obfs4 <ip_address>:<port> <fingerprint> cert=<line from obfs4_bridgeline.txt> iat-mode=0

If it still doesn't work you can add line
ServerTransportOptions obfs4 iat-mode=1
to bridge's torrc and also change iat-mode=1 in clients bridge line, so like this:
Bridge obfs4 ip_address:port <fingerprint> cert=<line from obfs4_bridgeline.txt> iat-mode=1

iat-mode allows to enable additional obfuscation, it works only for sending traffic, so for 
2-way obfuscation needs to be enabled on both ends.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] issue with setting up a private bridge
  - From: Hamid Safe

Prev by Author: Re: [tor-relays] Exits lost their function
Next by Author: Re: [tor-relays] Publishing bridge contact information
Previous by thread: [tor-relays] issue with setting up a private bridge
Next by thread: [tor-relays] atlas.torproject.org: missing updated information for relays
Index(es):
- Author
- Thread