On Mittwoch, 8. November 2023 17:42:46 CET s7r wrote: > 2. It was recommended on the mail list that obfs4 bridges should not > open their ORPorts publicly to prevent scanning the entire 1-65536 port > range and determine it's a Tor bridge. OK. Not recommended, but rather a request to try it out. Some info in the old thread https://lists.torproject.org/pipermail/tor-relays/2023-August/021259.html Relevant tiket from meskio: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129 > But if you try: > > ORPort 127.0.0.1:auto > ORPort [::1]:auto > AssumeReachable 1 # needed to skip ORPort reachability test > > Tor will start but it will constantly complain in the log with: > > [warn] The IPv4 ORPort address 127.0.0.1 does not match the descriptor > address REAL_IPv4_ADDRESS. If you have a static public IPv4 address, use > 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. If you are behind a > NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort > <InternalPort> NoAdvertise'. > > [warn] The IPv6 ORPort address ::1 does not match the descriptor address > REAL_IPv6_ADDRESS. If you have a static public IPv4 address, use > 'Address <IPv6>' and 'OutboundBindAddress <IPv6>'. If you are behind a > NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort > <InternalPort> NoAdvertise'. Yes you can ignore the logs. Not exposing OrPort for bridges is still experimental feature. I've gradually reconfigured _all_ bridges over the last 2 months: The number of connections/users has stayed pretty much the same. Bridges with setting "BridgeDistribution any" the distribution method has not changed. OrPort must forwarded or should not firewalled otherwise the status will be dysfunctional on https://bridges.torproject.org/status > So what is the best way to for an user to open both IPv4 and IPv6 > pluggable transport ports? The ServerTransportListenAddr line is dual stack friendly. ServerTransportListenAddr obfs4 [::]:8443 -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays