[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Installing obfs4 on Raspberry Pi bridge



So far I have been building tor packages myself on the Pi, but your post made me check out out the repositories again.

Unfortunately, it's still a bit of a mess:
- The Tor Project repo has "armhf" builds only for old Tor versions, and I'm not sure if they are even meant for the Pi's processor (I didn't try). - The Raspbian repo has 0.2.5.11 tor package files, but apt only finds 0.2.4.26.
- The Raspbian repo doesn't have a binary obfs4proxy package.

Looks like I will keep building my own packages on the Pi for now, and run obfs3.

Best regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B

On 2015-03-28 23:19, s7r wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

obfs4 will not run on 0.2.4.x , you need at least 0.2.5.x or 0.2.6.x

First, upgrade your Tor.

You can use torproject.org repositories. If you are running wheezy:

1. Add the repository:
# echo "deb http://deb.torproject.org/torproject.org wheezy main" >>
/etc/apt/sources.list

2. Add the signing key:
# gpg --keyserver keys.gnupg.net --recv 886DDD89; gpg --export
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add â

3. Install keyring:
# apt-get update && apt-get -y install deb.torproject.org-keyring

Now upgrade your Tor, an apt-get -y install tor would upgrade to 0.2.5.1
1.

You can install obfs4proxy from deb.torproject.org too:

# echo "deb http://deb.torproject.org/torproject.org obfs4proxy main"
/etc/apt/sources.list
# apt-get update && apt-get -y install obfs4proxy

Now, modify your torrc to enable the obfs4 transport. Make sure you
also add ExtORPort auto in torrc so it will report some useful
statistics. obfs4proxy also supports obfs3, and some users still use
that, so if you can be an obfs3 and obfs4 bridge at the same time
(requires just one more open port) it would be great.

Sample torrc entry for enabling obfs4 and obfs3:
ExtORPort auto
ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs3 [::]:port
ServerTransportListenAddr obfs4 [::]:port

To make the bridge even better, you can bind obfs3 and obfs4 to lower
ports (< 1024), if you have them free, such as obfs3 on 80 and obfs4
on 443 (for example). This will help users behind really restrictive
firewalls who only allow connections on few ports. You can easily do
this with libcap2-bin package:

# apt-get -y install libcap2-bin
# setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy

To make this persistent after a reboot, edit the /etc/rc.local file
and add this line before 'exit 0':
setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy

Hope this helps. If you don't want to use deb.torproject.org,
everything required is also included in raspbian main repo:

http://archive.raspbian.org/raspbian/pool/main/t/tor/
http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/
http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/

If you want to use raspbian repo, simply ignore the lines where you
add deb.torproject.org to your sources.list file and just upgrade,
install the required packages and modify your torrc file.

Thanks for running a bridge.


On 3/28/2015 11:47 PM, jchase wrote:
Hello, I run a bridge on a Raspberry Pi running Debian Wheezy and
tor 0.2.4.26 . I have obfs3 installed and would like to upgrade to
obfs4. So far this has not been possible. If I understand it
correctly, my best bet is to update to tor 0.2.6.x and then
install obfs4. Let me know if I'm wrong. And if I'm right, what is
the easiest way to do that? Thanks, J. Chase
_______________________________________________ tor-relays mailing
list tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVFyjiAAoJEIN/pSyBJlsRd+MH/36/4abGF4/h/4YZuf1TG2sf
0jJLaGt8Tg3c7038+7TbVwj884hvnA/gYaJTr8sPH8+2yuIqyxBfBu5IYNCaTCgT
7beR6KY4tJv1IgoReHUsn/4PLZ6K9vsnFTu08oQwjjolGcdx4BlAbHcsm0pZaGWA
yAZlG1GKHGdn77bRHGi9F1ZKthRbMEQmXNV7abZPAbqjVFrTngOo68lDhIv46orP
YPAhXx1v08cXZjfS0jcuwwaqhJPfxfP3nJSCNcJPG47ng81/eLWr5JgU3neyPhiN
frZa2LCngPEeNlY5bjmaPrm/McmOM2Onrx9rXDEpezrCtAyQeGett2W1u/k+HI8=
=VpQT
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays