[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!
From: lists@xxxxxxxxxxxxxxx
Date: Sun, 30 Jul 2023 23:30:26 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 30 Jul 2023 17:30:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=for-privacy.net; s=easymail; t=1690752634; bh=3bhOf0dMJX2/FxDRIaBMLsAFZ7Yl8NWbo3A/rb14Tv4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=F0ebznEshdoZ6d2pAZnmRIJvwUYAesAKDOCp198HXgLhFCjuPLYVDyEK0s8DHtrt1 PY2KWuJy6NGuE0sfbfjQFcPSKH4CTQEQZ/ZcU3ovopE1BxhBfQtohef5is2OowxJ1x VmO9ppkUKUmlDfoMYx7a4JV3xChKkPjpqf1xen45XRIpRYy8IDMM4ccQQUcgucRByp K4o8yZBcNKTKKNsCxPRiHbfWg8bmOf1kixrg0Cx1qi712FCBoN3MwiQSApXnxAJc47 YIWObZIY2i3LcnAPpKVpxjfOXpXawvLzUfT7KRbD3fB5ZhhIoyVynuh/6uoDIrTZik L3CvdO46dvXfQ==
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=for-privacy.net; s=easymail; t=1690752633; bh=3bhOf0dMJX2/FxDRIaBMLsAFZ7Yl8NWbo3A/rb14Tv4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=JYy0Q/9LYh8OBHGSLUfqim/7S//UNI0fPgSKzs6HF6UW90g9CX2hgmQGn3RyXVWVR Ft9NsTYs8kIRTkdKtXWt3K9Hn9BAt0Ym3QatvXY5ExmeCDKQFCu2j6ncf+5Jfkp7DA /Z3cSYb+MaJgkKARRSymFp8QqOwxrsxUKuSYmt+S8cheoECz10BzurKyKj/hNSkxYc 1+VxG06OlkoJoFRb9EeZqe7m8f/tC9juNu4/7KtyrYmYO2skYi2vQzfHtHcMY0fSkj dkJovq0U3ozx8mMcLMFuC9GTn2rHX4JXFzmUKQaeSTwgGtrHOJODOwRATJVVGdT51J ljl0oq/EnliFw==
In-reply-to: <ZLqtR6a3SlCnC+2a@localhost>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <ZBtWEbfRWMFfTAoV@localhost> <ZCudmjpG3yQq8s2P@localhost> <ZLqtR6a3SlCnC+2a@localhost>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Freitag, 21. Juli 2023 18:07:35 CEST gus wrote:

> New update: In the last few weeks, internal political conflicts and
> other events[1] in Turkmenistan have led to another wave of censorship
> on Tor and anti-censorship tools. Tor bridges have been one of the few
> free alternatives for people in Turkmenistan to connect with the world
> and access the open Internet.
> 

I stopped snowflake and now a bridge is running on my dynIP.

> 
> ## torrc example
> 
> BridgeRelay 1
> ORPort 127.0.0.1:auto
> AssumeReachable 1
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ServerTransportListenAddr obfs4 0.0.0.0:8080
> ExtORPort auto
> Nickname helptm
> ContactInfo <please-add-your-email-here>
> Log notice file /var/log/tor/notices.log
> # If you set BridgeDistribution none, please remember to email
> # your bridge line to us: frontdesk@xxxxxxxxxxxxxx
> BridgeDistribution none

But I have that in the log :-(
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv4 ORPort address 127.0.0.1 does not match the descriptor address  203.0.113.18. If you have a static public IPv4 address, use 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'.
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv6 ORPort address ::1 does not match the descriptor address 2001:db8:1234:1:bbbb:eeee:eeee:ffff. If you have a static public IPv4 address, use 'Address <IPv6>' and 'OutboundBindAddress <IPv6>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'.

I don't know if I should ignore that or better configure it that way:
ORPort 127.0.0.1:8443 NoListen
ORPort 8443 NoAdvertise
ORPort [::1]:8443 NoListen
ORPort 8443 NoAdvertise

I'm aware of
https://gitlab.torproject.org/tpo/core/tor/-/issues/40208
I hope to get it done with scipting on my Mikrotik, or switch to ipv4 only.

frontdesk@xxxxxxxxxxxxxx has no PGP key, can I send you or meskio the bridgeline?

Bridgeline must be:
Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=abra+kadabra iat-mode=0
But DynIP changes every few days. Do you also give the bridge users myrouter.example.net?

Because of your post in the forum:
https://forum.torproject.org/t/orport-127-0-0-1-auto/8470
should we do this with all running bridges, or only the hidden ones?

-- 
Ciao Marco!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!
  - From: Gary C. New via tor-relays

References:
- Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!
  - From: gus

Prev by Author: Re: [tor-relays] Wrong "first seen" flag for bridges at metrics.torproject.org
Next by Author: [tor-relays] Final Call: Last Opportunity to Participate in the Tor Update Survey - Closes Tomorrow!
Previous by thread: Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!
Next by thread: Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!
Index(es):
- Author
- Thread