On Freitag, 21. Juli 2023 18:07:35 CEST gus wrote: > New update: In the last few weeks, internal political conflicts and > other events[1] in Turkmenistan have led to another wave of censorship > on Tor and anti-censorship tools. Tor bridges have been one of the few > free alternatives for people in Turkmenistan to connect with the world > and access the open Internet. > I stopped snowflake and now a bridge is running on my dynIP. > > ## torrc example > > BridgeRelay 1 > ORPort 127.0.0.1:auto > AssumeReachable 1 > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs4 0.0.0.0:8080 > ExtORPort auto > Nickname helptm > ContactInfo <please-add-your-email-here> > Log notice file /var/log/tor/notices.log > # If you set BridgeDistribution none, please remember to email > # your bridge line to us: frontdesk@xxxxxxxxxxxxxx > BridgeDistribution none But I have that in the log :-( Jul 30 16:48:29 t520 Tor-01[93466]: The IPv4 ORPort address 127.0.0.1 does not match the descriptor address 203.0.113.18. If you have a static public IPv4 address, use 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'. Jul 30 16:48:29 t520 Tor-01[93466]: The IPv6 ORPort address ::1 does not match the descriptor address 2001:db8:1234:1:bbbb:eeee:eeee:ffff. If you have a static public IPv4 address, use 'Address <IPv6>' and 'OutboundBindAddress <IPv6>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'. I don't know if I should ignore that or better configure it that way: ORPort 127.0.0.1:8443 NoListen ORPort 8443 NoAdvertise ORPort [::1]:8443 NoListen ORPort 8443 NoAdvertise I'm aware of https://gitlab.torproject.org/tpo/core/tor/-/issues/40208 I hope to get it done with scipting on my Mikrotik, or switch to ipv4 only. frontdesk@xxxxxxxxxxxxxx has no PGP key, can I send you or meskio the bridgeline? Bridgeline must be: Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=abra+kadabra iat-mode=0 But DynIP changes every few days. Do you also give the bridge users myrouter.example.net? Because of your post in the forum: https://forum.torproject.org/t/orport-127-0-0-1-auto/8470 should we do this with all running bridges, or only the hidden ones? -- Ciao Marco!
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays