> Date: Sun, 24 May 2015 08:47:20 +1000 > From: Zenaan Harkness <zen@xxxxxxxxxxxx> > >> 3. Disable the polipo proxy on the Tor relay in your network, you do >> not need that. Run a bridge instead of a relay. Make it a non public >> bride (PublishServerDescriptor 0) and run Tor Browser on all the >> computers in your network with UseBridges 1 and define the ip:port of >> your bridge and connect it directly, no proxy setting. This way other >> 'strangers' won't be able to use your bridge and you will also not >> need the Guard flag or uptime and bandwidth requirements. > > That last bit (UseBridges 1, configure bridge IP), looks like it does > the job needed here, no new Tor config options required. There are 3 different ways to set up your local bridge, each with their own pros and cons: 1. Configure a private bridge * Only your clients use this bridge * No cover traffic 2. Configure a bridge distributed by BridgeDB * Your clients and other clients may use your bridge as the first hop * BridgeDB doesn't distribute all bridges straight away, so you may or may not get cover traffic * You can't separately rate limit external and local traffic at the bridge itself - RelayBandwidthRate includes all bridge traffic 3. Configure the server as a relay, but configure the clients to connect to it as a bridge * If you configure a client with a mandatory guard relay using EntryNodes and StrictNodes, the relay must have and maintain the guard flag. But configuring clients with a relay server in a "bridge" config line avoids the need for a guard flag. * Your clients use this bridge, as do other clients as at least a middle hop, and a guard or exit hop depending on flags * You get the most cover traffic this way * You can't separately rate limit external and local traffic at the bridge itself - RelayBandwidthRate includes all relay and bridge traffic * This mode of operation is less common, and may reveal some bugs in Tor. In my experience it has worked fine for months with 0.2.5 - 0.2.7-alpha, but please report any issues on https://trac.torproject.org/projects/tor/ticket/1776 * As a precaution, if you ever reconfigure a relay Tor node as a bridge Tor node, please delete the keys so it appears as a new bridge in BridgeDB. teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays