[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!



On Freitag, 21. Juli 2023 18:07:35 CEST gus wrote:

> New update: In the last few weeks, internal political conflicts and
> other events[1] in Turkmenistan have led to another wave of censorship
> on Tor and anti-censorship tools. Tor bridges have been one of the few
> free alternatives for people in Turkmenistan to connect with the world
> and access the open Internet.
> 

I stopped snowflake and now a bridge is running on my dynIP.

> 
> ## torrc example
> 
> BridgeRelay 1
> ORPort 127.0.0.1:auto
> AssumeReachable 1
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ServerTransportListenAddr obfs4 0.0.0.0:8080
> ExtORPort auto
> Nickname helptm
> ContactInfo <please-add-your-email-here>
> Log notice file /var/log/tor/notices.log
> # If you set BridgeDistribution none, please remember to email
> # your bridge line to us: frontdesk@xxxxxxxxxxxxxx
> BridgeDistribution none

But I have that in the log :-(
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv4 ORPort address 127.0.0.1 does not match the descriptor address  203.0.113.18. If you have a static public IPv4 address, use 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'.
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv6 ORPort address ::1 does not match the descriptor address 2001:db8:1234:1:bbbb:eeee:eeee:ffff. If you have a static public IPv4 address, use 'Address <IPv6>' and 'OutboundBindAddress <IPv6>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'.

I don't know if I should ignore that or better configure it that way:
ORPort 127.0.0.1:8443 NoListen
ORPort 8443 NoAdvertise
ORPort [::1]:8443 NoListen
ORPort 8443 NoAdvertise

I'm aware of
https://gitlab.torproject.org/tpo/core/tor/-/issues/40208
I hope to get it done with scipting on my Mikrotik, or switch to ipv4 only.

frontdesk@xxxxxxxxxxxxxx has no PGP key, can I send you or meskio the bridgeline?

Bridgeline must be:
Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=abra+kadabra iat-mode=0
But DynIP changes every few days. Do you also give the bridge users myrouter.example.net?

Because of your post in the forum:
https://forum.torproject.org/t/orport-127-0-0-1-auto/8470
should we do this with all running bridges, or only the hidden ones?

-- 
Ciao Marco!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays