[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] bridge not accessible through obfs4 port



 
Today I actually tried to connect to it and it is possible to connect to the
bridge using the ORport.
But when I tried to start tor browser with this setting to use obfs4:

obfs4 12.345.67.89:1111 (only with the right numbers)
 

it got stuck at "establishing an encrypted network connection".
I checked on canyouseeme.org and both the vanilla ORport and the obfs4 port
seem to be accessible from outside.

The obfs4 protocol needs to have not just the IP and port, but also
the shared secret.

For example, a valid obfs4 bridge line looks like:

obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0

The other parameters are needed because the client needs to prove
knowledge of the shared secret before the bridge will admit to being a
bridge.

That's because one of the steps in the arms race has been "active probing"
by China, where they use DPI to notice connections that might be obfs4,
and then do their own follow-up connection speaking the obfs4 protocol,
and if it talks obfs4 back, they know they can block it:
https://www.freehaven.net/anonbib/#foci12-winter
 
My router is set to allow TCP and UDP on the port for obfs4.

obfs4 only needs TCP.
 
 
Thanks for your replies! :)
 
Seems like I followed the instructions on https://www.torproject.org/docs/bridges.html.en and replaced obfs3 with obfs4 without thinking xD.
 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays