[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] obfs4 bridge current setup is not entirely clear
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] obfs4 bridge current setup is not entirely clear
- From: s7r <s7r@xxxxxxxxxx>
- Date: Wed, 8 Nov 2023 21:35:56 +0200
- Autocrypt: addr=s7r@xxxxxxxxxx; keydata= xsBNBE9BogQBCADazBiEe0PGTgeUJ/JU4BDvdE2ZFD+MUOgf3+n78F6mXTxcLgyiE/3E4rA5 Sy3NzVRjqjzyn/MyDJDbsRpSKT6uVT5thYNyfDNBNqYmqdVS8Gu+H90z78x1WJ+DxVawk4IM mi8jmKcwlz7hOGROsR0+NyWjyghlzNHVgiJkWIvp5AVDg4F6o2oCH/vBbgomu3Ho5r7fiRZg I0uxsMLIkRI8bwB3SlVi3n4a94ZI2R9rXD9KNWzW4OT5LnICW1d/cuktwVBQRxGE6KFtVDzI chjuDWFaT9p6qROqoBRbsGF/mLg/sb26dwRxb7CnxfCWJn10ZGWo8jG6MM/QKEcxSj0JABEB AAHNNHM3ckBza3ktaXAub3JnIChBbm9ueW1pdHkgbWF0dGVycyEpIDxzN3JAc2t5LWlwLm9y Zz7CwHgEEwECACIFAk9BogQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIN/pSyB JlsRbkQH/jfe6F9nbwwFBo2DuNJ+Ci2IpZEco1P6rWh2l3AzG0vOD82nYJ5uFIw+0v615tW8 WWNfeIsrbCRnmOAx8NGkGsk/j+SRJb41pQ79tyxdBg7txcbT9bAdcaImYoBBp+1bnyrAaROB 1wDq0jKX09ofKrrAUWOlddASpIBG5uKMLhHe1X14lmvgGHWDPHKrw4yzBN/nNfXYr+Ayjt9s NM6JETHIgqO6uvchiT20v2/SzD3FlysROkPeoFjGWUwAqH2r7RQyDLF6EoqkrcuwvjFXiOFE nFdNRbHQsKYXPhbk2JUiFQQcdLtJg6iaoRBnhATl4V6soP2EHYn3K1bz+eYL+ATOwE0ET0Gi BAEIAMO7MGEfdMn72SQAK0m5rcEPj3mtSRRokMHl3YBNjFbj3O4QAwjpKBJ7RuPdF9B9IDAP a7mc+f33mpIgRnxKDwkjswPk74mMQRxe2wgv4AQ7yBICYYK99e6RYP0LC1PDIGXFPLjs0Teu QAxASFvNycC5JSfQUsAI3OTQjaGUaiUfavmJYkn9B6C2ktQgvM7qbxJvLP5X02tgp4G4gNiu 8ZA3aOUdX+8EQwERJZ8CuA/R6/2M2nEO3YRCsxaYSzob7nicjfoPvyvSYu3zXRFj+3uvDOK6 AGNILmftVUoRQ6/WsNaAQX42cDfSNYQ8uZ/zgTGatO3ArNb1uqWbMdbUA5sAEQEAAcLAXwQY AQIACQUCT0GiBAIbDAAKCRCDf6UsgSZbEZjSB/41TviTCxdiS4PLSDrQ3GOmQPpWZRk/O1tv 3y6T9p0XuC/oq6kKfToKuV2/Ok+589rtmrXhjzdk2otDKCRGejJFpVoU/vfR+jokArzpwyPa TWDAhMGmf5wmEAojsiOc9Zgj/CuS5nd/eLFi4QGtbLoDLrTrQSXB4qR0zJFoQfykVaERT2dm UV/D22opJc8jo3UBOBckgGi9jBi/2OvwEiFcZSl1u9Qi4+gbINOObQF5a0h9ReZCT1BUs5FV DSXBBYZTJJ2flnZH69Mb+9KxRMyqjhRzyGDUfY73SYlCpKX9buWMl0CCsDx+GrRVSxvQnA8b aSq1wlfKsJBimGtSAqf8
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Wed, 08 Nov 2023 14:36:17 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1699472160; bh=SoRnywO3rxB3No/KmQM1xmXO0fMRn/9Kk7nhNsMhcmA=; h=Date:Subject:To:References:From:In-Reply-To; b=AFkdzi0dQz+xE7/vav1dKlmYuqCKxIyyHyh0HacfMg0BBlOkd93/H7jYqaBJfWL30 3aOfKQprd8hf2A/8xdoVjzuQ52OzMi7wcB8g7IANAsOwQgszycaRcGn6E9cpcwihi2 Qu/JPMyRyjV53JRVEWmlyNzalF2opY/3nuPs/HwY=
- In-reply-to: <8315449.T7Z3S40VBb@t520>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <3e55579b-f7d7-4376-ae22-8fa15a3e3bf4@sky-ip.org> <8315449.T7Z3S40VBb@t520>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla Thunderbird
boldsuck wrote:
Not recommended, but rather a request to try it out.
So I tried, and besides the log messages that I have a descriptor
mismatch I also get the status of my bridge as not running when ORPort
is not exposed. The minute I switched ORPort to `localhost` the BridgeDB
reported the bridge as not running, regardless it was actually running
with the pluggable transport port open.
Some info in the old thread
https://lists.torproject.org/pipermail/tor-relays/2023-August/021259.html
Relevant tiket from meskio:
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129
Thank you, yes.
But unfortunately I think we are going to need a proposal for this, to
document various use cases and maybe clone the code that does the ORPort
reachability check to do pluggable transport port reachability test,
then build descriptor and then publish, but this needs ORPort like
behavior like NoListen, etc.
[warn] The IPv6 ORPort address ::1 does not match the descriptor address
REAL_IPv6_ADDRESS. If you have a static public IPv4 address, use
'Address <IPv6>' and 'OutboundBindAddress <IPv6>'. If you are behind a
NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort
<InternalPort> NoAdvertise'.
Yes you can ignore the logs. Not exposing OrPort for bridges is still
experimental feature.
I've gradually reconfigured _all_ bridges over the last 2 months:
The number of connections/users has stayed pretty much the same.
Bridges with setting "BridgeDistribution any" the distribution method has not
changed.
OrPort must forwarded or should not firewalled otherwise the status will be
dysfunctional on https://bridges.torproject.org/status
I don't care to use BridgeDistribution param, I let BridgeDB decide this
randomly but configured without public open ORPort I don't get the
running flag, I get that bridge is down, while it's not actually.
So what is the best way to for an user to open both IPv4 and IPv6
pluggable transport ports?
The ServerTransportListenAddr line is dual stack friendly.
ServerTransportListenAddr obfs4 [::]:8443
So I saw yes, I was able to use [::]:80 to bind to all interfaces in
dual stack mode but I am not sure the clients are served both the IPv6
line and the IPv4 line, I think it's just one of them and I was curious
which one and what logic is applied to determine it.
This means that currently one cannot setup a dual stack pluggable
transport bridge, it must be either IPv4 either IPv6, right?
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays