Tom Ritter transcribed 2.8K bytes:
> Earlier this month I set up an obfs3/obfs4 bridge that (as far as I
> can tell) has never been used. Is this normal? My bridge is at
> https://atlas.torproject.org/#details/C184F644B9D39B26647779282003ACAF59E8028A
>
Your bridge is in BridgeDB, and it's allocated to the HTTPS Distributor, so it
should be distributed. There are just a couple slights issue (as far as I can
tell):
* Your Bridge doesn't have the Stable flag. [0] BridgeDB tries really hard to
make sure that, in a given response to a client:
1) At least one Bridge has the Stable flag, and
2) At least one Bridge is listening on 443.
* Neither the obfs3 nor obfs4 interfaces are listening on IPv6; they're both
only on IPv4. (I think that's what you wanted, but it's a known bug [1] and
just FYI.) As you likely already know, it's not currently possible to run
two obfs3 simultaneously â one IPv4 and one IPv6 â and the same goes for
obfs4 and every other PT. Internally, tor currently only has one slot for
an "obfs3". [2] Similarly, Stem uses a Python dictionary where the keys are
the pluggable transport methodnames.
> During this exercise I ran across a few pain points for setting up a
> bridge. Maybe I completely ignored some existing resource for this,
> but the bottom of https://www.torproject.org/docs/bridges is out of
> date, BridgeDB doesn't have a link anywhere, and trac's search isn't
> that good but I couldn't find anything on that either.
>
> 1) Setup
> I followed https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/README.md
> to set up the obfs3/obfs4
> As good as this is, it would be great if it included a minimal and
> complete torrc for an obfs4 bridge, and perhaps also for an
> obfs3/obfs4 bridge and an IPv6 setup. My torrc is
>
> SocksPort 0
> ControlPort 9051
> HashedControlPassword ...
> CookieAuthentication 1
> ORPort 9001
> ORPort [<public ipv6 addr>]:9001
> BridgeRelay 1
> ExtORPort auto
> ServerTransportPlugin obfs3,obfs4 exec /usr/local/bin/obfs4proxy
> ServerTransportListenAddr obfs3 [::]:80
> ServerTransportListenAddr obfs4 [::]:443
>
> 2) Testing
> How do I (easily) confirm my bridge is correctly configured?
> Especially if I don't have an IPv6 connection for TBB?
>
> netstat seems to say that things are good. The tcp6 connections on 80
> and 443 also apply to ipv4 though; right?
Somehow, possibly due to one of the above-mentioned bugs, your tor and
BridgeDB both seem to think that you're *only* listening on IPv4â so I'm a bit
confused by what netstat is telling youâ
> $ netstat -lpn
> tcp 0 0 127.0.0.1:9051 0.0.0.0:*
> LISTEN 479/tor
> tcp 0 0 0.0.0.0:9001 0.0.0.0:*
> LISTEN 479/tor
> tcp 0 0 127.0.0.1:55346 0.0.0.0:*
> LISTEN 479/tor
> tcp6 0 0 :::443 :::*
> LISTEN 480/obfs4proxy
> tcp6 0 0 <public ipv6 addr> :::* LISTEN
> 479/tor
> tcp6 0 0 :::80 :::*
> LISTEN 480/obfs4proxy
>
> I can put my bridge line into TBB and try and use it for obfs4; seems
> to work. But actually finding that bridge line wasn't straightforward
> (cat /var/lib/tor/pt_state/obfs4_bridgeline.txt and then edit the
> fields, right?) And it doesn't help for obfs3.
Would it be easier, perhaps, if obfs4proxy were to also put your obfs3 (and/or
scramblesuit) bridge lines into that file? (I thought it already did this,
but I must be wrong.)
You had to edit it?
> Some external validation would be nice.
>
> 3) Usage
> Can do I figure out if my bridge is being used? I've identified the following:
>
> $ cat /var/lib/tor/stats/bridge-stats
> bridge-stats-end 2015-05-31 18:58:43 (86400 s)
> bridge-ips
> bridge-ip-versions v4=0,v6=0
> bridge-ip-transports
>
> $ zgrep unique /var/log/tor/*
> (a bunch of lines of "0 unique clients")
>
> Atlas graphs, showing virtually no traffic
>
>
>
>
> I feel like #2 might be addressed by Weather (if it was working), but
> all of these might be a good subject for a wiki page on how to run a
> bridge, if my understanding of everything is correct.
I agree that all of the FAQ-ish questions you've just mentioned should be
somewhere, easily accessible, on the website. I've created ticket #16261 for
updating the "Running a Bridge" portion of the bridges.html page, [3] but I'm
totally open to suggestions if people think the documentation should go into
the FAQ page, or on a wiki page (or link to a wiki page, so that it's easier
for community members to contribute tips and ideas), or somewhere else.
[0]: https://globe.torproject.org/#/bridge/C184F644B9D39B26647779282003ACAF59E8028A
[1]: https://trac.torproject.org/projects/tor/ticket/12138
[2]: https://trac.torproject.org/projects/tor/ticket/11211
[3]: https://trac.torproject.org/projects/tor/ticket/16261
Thanks for running an obfs4 bridge!
--
ââ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays