[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Protecting the bridge port from active probes
Dmitrii Tcvetkov wrote:
> On Thu, 28 Mar 2019 17:08:38 +0000
> Marek Szuba <scriptkiddie@xxxxx> wrote:
>
> > Anyway, here is my logic. In order to operate properly, my bridge must
> > have its ORPort reachable from the Internet.
>
> I might be wrong, but I got impression that if bridge is using
> pluggable transports (obfs3, obfs4, meek, snowflake, etc) then ORPort is
> only useful for bridge authority and users which want to use the bridge
> without pluggable transports. Communication between pluggable transport
> and Tor process is going via ExtORPort which isn't public by default
> (binds to localhost). Clients connect to pluggable transport port and
> their traffic is obufscated by the transport.
>
> Since your bridge is private then bridge authority is none of your
> concerns. In that case you need ORPort reachable only if you have
> bridge clients which use bridge without pluggable transports.
This works for me:
AssumeReachable 1
PublishServerDescriptor 0
ORPort PUBLIC-IP:2345 NoListen
ORPort 127.0.0.1:2345 NoAdvertise
ExtORPort 127.0.0.1:3456 # you can try auto
ServerTransportListenAddr obfs4 PUBLIC-IP:4567
ServerTransportPlugin obfs4 exec /path/to/obfs4proxy
--
Alex
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays