Tom Ritter transcribed 2.8K bytes: > Earlier this month I set up an obfs3/obfs4 bridge that (as far as I > can tell) has never been used. Is this normal? My bridge is at > https://atlas.torproject.org/#details/C184F644B9D39B26647779282003ACAF59E8028A > Your bridge is in BridgeDB, and it's allocated to the HTTPS Distributor, so it should be distributed. There are just a couple slights issue (as far as I can tell): * Your Bridge doesn't have the Stable flag. [0] BridgeDB tries really hard to make sure that, in a given response to a client: 1) At least one Bridge has the Stable flag, and 2) At least one Bridge is listening on 443. * Neither the obfs3 nor obfs4 interfaces are listening on IPv6; they're both only on IPv4. (I think that's what you wanted, but it's a known bug [1] and just FYI.) As you likely already know, it's not currently possible to run two obfs3 simultaneously â one IPv4 and one IPv6 â and the same goes for obfs4 and every other PT. Internally, tor currently only has one slot for an "obfs3". [2] Similarly, Stem uses a Python dictionary where the keys are the pluggable transport methodnames. > During this exercise I ran across a few pain points for setting up a > bridge. Maybe I completely ignored some existing resource for this, > but the bottom of https://www.torproject.org/docs/bridges is out of > date, BridgeDB doesn't have a link anywhere, and trac's search isn't > that good but I couldn't find anything on that either. > > 1) Setup > I followed https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/README.md > to set up the obfs3/obfs4 > As good as this is, it would be great if it included a minimal and > complete torrc for an obfs4 bridge, and perhaps also for an > obfs3/obfs4 bridge and an IPv6 setup. My torrc is > > SocksPort 0 > ControlPort 9051 > HashedControlPassword ... > CookieAuthentication 1 > ORPort 9001 > ORPort [<public ipv6 addr>]:9001 > BridgeRelay 1 > ExtORPort auto > ServerTransportPlugin obfs3,obfs4 exec /usr/local/bin/obfs4proxy > ServerTransportListenAddr obfs3 [::]:80 > ServerTransportListenAddr obfs4 [::]:443 > > 2) Testing > How do I (easily) confirm my bridge is correctly configured? > Especially if I don't have an IPv6 connection for TBB? > > netstat seems to say that things are good. The tcp6 connections on 80 > and 443 also apply to ipv4 though; right? Somehow, possibly due to one of the above-mentioned bugs, your tor and BridgeDB both seem to think that you're *only* listening on IPv4â so I'm a bit confused by what netstat is telling youâ > $ netstat -lpn > tcp 0 0 127.0.0.1:9051 0.0.0.0:* > LISTEN 479/tor > tcp 0 0 0.0.0.0:9001 0.0.0.0:* > LISTEN 479/tor > tcp 0 0 127.0.0.1:55346 0.0.0.0:* > LISTEN 479/tor > tcp6 0 0 :::443 :::* > LISTEN 480/obfs4proxy > tcp6 0 0 <public ipv6 addr> :::* LISTEN > 479/tor > tcp6 0 0 :::80 :::* > LISTEN 480/obfs4proxy > > I can put my bridge line into TBB and try and use it for obfs4; seems > to work. But actually finding that bridge line wasn't straightforward > (cat /var/lib/tor/pt_state/obfs4_bridgeline.txt and then edit the > fields, right?) And it doesn't help for obfs3. Would it be easier, perhaps, if obfs4proxy were to also put your obfs3 (and/or scramblesuit) bridge lines into that file? (I thought it already did this, but I must be wrong.) You had to edit it? > Some external validation would be nice. > > 3) Usage > Can do I figure out if my bridge is being used? I've identified the following: > > $ cat /var/lib/tor/stats/bridge-stats > bridge-stats-end 2015-05-31 18:58:43 (86400 s) > bridge-ips > bridge-ip-versions v4=0,v6=0 > bridge-ip-transports > > $ zgrep unique /var/log/tor/* > (a bunch of lines of "0 unique clients") > > Atlas graphs, showing virtually no traffic > > > > > I feel like #2 might be addressed by Weather (if it was working), but > all of these might be a good subject for a wiki page on how to run a > bridge, if my understanding of everything is correct. I agree that all of the FAQ-ish questions you've just mentioned should be somewhere, easily accessible, on the website. I've created ticket #16261 for updating the "Running a Bridge" portion of the bridges.html page, [3] but I'm totally open to suggestions if people think the documentation should go into the FAQ page, or on a wiki page (or link to a wiki page, so that it's easier for community members to contribute tips and ideas), or somewhere else. [0]: https://globe.torproject.org/#/bridge/C184F644B9D39B26647779282003ACAF59E8028A [1]: https://trac.torproject.org/projects/tor/ticket/12138 [2]: https://trac.torproject.org/projects/tor/ticket/11211 [3]: https://trac.torproject.org/projects/tor/ticket/16261 Thanks for running an obfs4 bridge! -- ââ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays