[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] obfs4 bridge current setup is not entirely clear
- To: s7r <s7r@xxxxxxxxxx>, tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] obfs4 bridge current setup is not entirely clear
- From: meskio <meskio@xxxxxxxxxxxxxx>
- Date: Mon, 13 Nov 2023 11:17:54 +0100
- Autocrypt: : addr=meskio@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata=xsFNBFHuRRoBEACywyeZyD1W2IGdToB6U7nbr2s3Iva7xiCukUH4i9C4nx8hxXeSlVPar6fMZbIA0co8Ruah3cxc2ZGx+U85OaiOkerovibaZwDgB3LQlSUsDYj2X+tKU2u46S62FlWBwgIW/A99W2xYIhMVFG+JMZFzPuLz/rSPJOzwpXvA8BIFKVHMtg7GyG1I8rjwUImFkjPOWWiTg4VdXFuILQ71rxLYfNXtOrBd/o5do7EAn3/RAzMvvcso7WGCRtgjtv7XCCE9pNYNKNnRlC28pe7K3zj3wgV1vWV4CXZoUUyNsmj7fM4XyoMoKx6omRT2oQw8dCYljLqROptvQDQGfKxntKSZyWmONv9LHIwTCTTSQtNR3wzcjKyjn5EQqsW8mpXwYxkhqCWA2ahx7k+uik6TjHSUW1PJJ1C+dIBFZo0bEV9HvoSPIUCculy3IKTV+97DS2a98ylunGYe94yTSr48MQZ7za9haXtatUbWybFTG2mi46PFPIcbSweYtZbDg6vFkwjJO1EQvCu4FFJtFzdFkQ3uW6PYVtg3t9BSUjkrLhQFmkEoN1SxOrY2vZfusbSIlVE3KLEsKx3FUXjOODA2xtAGpcbXFvlLBrHYAcyK+YSehJ9p4dW3WY4UVUdHn6Jt8pUaOVSIeqBhcJfgI3r67NQyzQYoKGzLgFI2BfNt4lFXYwARAQABzSRSdWJlbiBQb2xsYW4gPG1lc2tpb0B0b3Jwcm9qZWN0Lm9yZz7CwZQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQHlI/6ZBYKQlvNJ+rHMrHRwo9OLwUCZBRPbAUJFAc9ywAKCRDHMrHRwo9OL+hVD/0eiPQKAUb7Glu6FzKy70DucFf1w1zoP1hzfyjpkRhTJxQnUVECa616bn QsyE+qLOmeOcPBJPi5OpOHk55Bg/x1be9PijqOH6bkU4dOaNWeZkJufR1wS0xeCEar09Q6fpf7p5ckPLHjnTNp9ctZQYaOq/ru5vaOnmrbahVIjUsbqgr9W815ksKZurPtBeSsuMe4YaLPD+M8d0NTSomQ+7pndhKCPTrB6vM4rH/isbyIXeSWFLRZpwpvKVP+wM3IzNQvLqKe0ErcXBajXGVuYHidqVvtT20X99jt9w0+W94C3fGiTogOqdoGz7qsHWTRxWzf0Hp9YCmBVnTUepdOr6qnC6Fw7FWRZtce0amcx028aC9HKOU20s5rUy4il/NKO79gFVjvgi4rTGj8r8phd/RNl+Lbuf+A/q5udkJLdSXvKIArX7BpGFJPOrzZt+HHVffURHUngn78rLaAjpxNdOam/Mevl9bPAv6GV5Ve9UbCOpKXHM+zDmmfqls46D2jjllQKvo70zMHKyc6CUpJkNlAuYgbLdWiD+r77ZSqIAWkwacNzbXgTHfSjHsrUrwBv1LegObqlIIYnLaPrqq0ldaDgWC3KFkoxdrXQ4R6jnKQ+je3aly1YlY28o/jjCyEHXllXWnHt3H15/4RUx/6/KyeYgiJ775D/8NlYlpyfpdMfM7BTQRYW41XARAAoKxj7hf5PTZTA9GuZo2br3xqJGptysjJ6KbfMR1qanH5atKKBSEgKUCpBb4ojZYofGZpqwf4eBKqoarP8hx39y6kcnHZoHPPPuibjs4/JjpTqIz3pS7dmvK8nfGY8EE7FUNkLxJHenJ14gXB2QHdV22vkZhIUGT4l20IP8sg5pHVwiRaVT9Fc80YkDa+rpNWl35hquuLXPnCfcFYdjcF4srOlpLfajes4zHfHZAQ5VJbEY0e7AL/R+XF+7E0aZxiJvZCyHWZvyPSui/x5dOho3+1KrP9tj2679MUK8PKYsyH76Z9/urIzzXPXqnZvR99q/HGFAFMfJ7CZG8/r1siAU3G4ZpvNfcJFJT 7rzhuvky+yE+1h+gzFRGUHyiH9FHyecv4eA09ZkgXIkMpLjWKQ632xr668LOYeX6JXQs+oNZq2kyL9nDVBFGhuTl07ZpvRX1+oOUmkGLe1UEZtN9CztTxJ8UN4q8GPBzcNsfYl7q8Kiu4flacb63En7zxUx/jNJcbyA7cal1VJlVvGcBtPR2xkTrK+Hs1rhKok70ix7j4c3Uwj7TljFdl5nlz6shoa4aOiTQPLGGVIwfpkgWflvS7mckKsuAyRP56I5ynyncZ+d3cGGiYZPpxaASn5GUIwwNVjttv7apOa1dR2P+UHhivMvx8Jk7leSpx/UDKrUkAEQEAAcLDrAQYAQgAIAIbAhYhBAeUj/pkFgpCW80n6scysdHCj04vBQJgZEb4AkDBdCAEGQEIAB0WIQSzszp/9mlfNcwBBH5SuPWsl6LahgUCWFuNVwAKCRBSuPWsl6LahjCmD/9/5tOaeGgLhpYVB9bwTPlpmdOCpGS/5OB0fBYoKCl1VWl6TAdqOs5UJVSMvU8eCkXzPln7/OmRXlWMRLosdjCG2Nv7/kCoZw0WbLgJFBDVwZ7FfyDQnlKSkULfbfTJadSKSkUbWhtQOUBzVPTN0M97WNGXKdMV4vU3NGRPJvfpRMOcjMEiPDU5+WEm9lFv736ahGFa7IIlpjo2Mziw6D0tF9vIETuhUElJes76fikO7pIqAnHvX0pDqsGvAX+61vRQjQ7wwv567Qj8Kl0lW6XODsEsKz2b6ipwisbm4wh56Vj2nHGTypKZxFg0ZBU62Hmlh16HLsPqtHTxBZ+VSvGuZyhjrrwjPLhul7vgZ4XXu6NR3Jn6Kni9IZxk2FquPx1R+GCb/00dZamMs9G4P1NFkPo7wMPRl6uHOqj0gRmF5cqHUBD7dGXS7Cl/5HyRD1WJGO3E+gC8ZTTyeUb50InDktAc64Jx/Tf1xbXR2at8v9yD0wS/JO6GpBUJyVWA0e8xrMlEcU96Bgah77bawamD ymr9kJKo/+H/+NZkm68squrVyF3WcBWRZa0NPZwqAF2DYrq3dLLC2gu8rD0l2XCMP9dTtGUnMXlpnT4aXLYqmz+QAK519zSS9TNktJQyRi4ZoxEOhCRHpHYheBOf5S8sr8vcleedeyFnt/WJ410SfQkQxzKx0cKPTi/RLQ/9FG0wGxb3qnSAdkrXaGFE7tVvSWbKM4mrBUqL7IzFgLtO+B8vHa/G/gERb48bSMmBqOyAhS9QWBsOvfUcK3auZbWX+z2cAMr2V6rOrSeerlK092Yl+UgNay82iwKZvTJwzMNN24TPfP/IweRpxZcpwkjV8sjyxfQoOgFJDpqB38rvwQunf6pwC2J3pj10fQtsOOVNGIMn8S9CWCdkC4pquFOTgtmqBfF0uX4hMDshpifFpq05GK3WZDYXLMa1D7bW5hSFD7WwSrgKlG7Hm/ypP45mSif1cZQHRFZze6kKEvh6rl933UGV5daI5phhHsPDDgXLmTjUJ6AA9QcMmMgnqmoGYS6orHgmdWTaKLaYiQwpNN+1LxR8Nk5tyuiQ2XlnyLT4ozEGdxqxVkNbc5dTxBFtONDgwXc3IVU9k1AywKQgncJGltHL30rNGi5ECjo/KvXNs1U8OwiE7up+/z0Y+rInM0dNGicEiC6jnlPHP62mxsBJHfoScrDs2zG+WA4kobd3AX5LpShGnya1LrA/43R7Oex1PhaV+EM9giLUYCnYk1kcUdSpF1dKLEQT6SbE86SHNceVkXg29ZvfhVjhnP0h+NzGa3BQDu7OSO7u2W5yN8ommUlToe52ot4nZI8oWKN8WgrJD8xEDCiZAiCXRilXygwMcr1isfS8rHZb73vOwU0EWFuNLwEQAMV+8pJArzRhrgIB7IVOz/rBkfu7xE4ZB0EfxuRnhYqyPyIcGMqcdiVRZuuBmeBzbDVctNXmHF5spWJImUtJTJNmvhWrJrRrwXobQrZHVqkSb/n4r9hCfSohDEvqFdFfjk+bj kRuJyGYIxEe5wrTEVk5AletiNO5bwnOM7bdwKkY11F2QmOBWkKCfUZ+PMkdgNyoi5WcHHjWDj87lpAY1gHT4dQbW5GKgGgae3mBYj81mGCFpYxn+6XGMeQC7avCk0hsdv7m2dL20dBuDI0bnAk72r2GMn/3JF382DZIMu/QyRXWSOg2u+75HLf56QUaSpxbZwY/0E0U9FNkqtFnGIdlz8dVMhwJjFXDUk7KZMGWeTqzio15LS7yJAnE1m3FLJYZ7RESYgqWJQ0etp04KF+vctb5ZTV3Q5lK80djikIApxzlaNs88eStn2yK6TLvym75NxciiDJUKO9QFpsBEv3EHXaYMk+4ayMvkGQ7uVfFuK3SbtOEJIby+UmPzuLLsIcxfu6G+AP7E0+uWSdq/B4YpSzQzsOh7V9c1YE//kLFd7m+/U0mOJc/t3kBiE+PrhQz58EMUdAkG2PXDj7cHn06kYqN5wVGYQ1pKpnjXtQs+CNYkEPxgNhfq1no4dzqKx34R8NotMQAK1uJKB9CV244Sc/64jSqD7wvgRKZHpTJABEBAAHCwXYEGAEIACACGwwWIQQHlI/6ZBYKQlvNJ+rHMrHRwo9OLwUCYGRG+AAKCRDHMrHRwo9OL934D/92AibUGikLao4XDBcvl6w4VBIPNgmaXGPJcwlMdB0JJCRwIoYoMqfjHbw5xeJI8ASBxRM3dkzr3oEXyFYsrbyGiRxBDQJ/3YBwZqVcIirGAqHUdP4sqxyJfjwMYSN54kKkmv1wOAmC59S28U+LhpTkUf3ZaTrUPq07hgFkrzbp3pSnj1/8fcW8BfByV6nuXFGuRfqND5gC1OvFELLP2DnSerroGMnpxjTN/KRzGhMxSeqg9WMK0rDseLmcZomtkKbmQZlDkdZxBOif9ilDvwQf6HJ3H7vLb9LFtL3XQ1OQeEejHtw1lsOqfBk+Ba8LTTh/HN2Vwd1P2l3TmWZBuurr6j0Cxx7Tp9R/uj1wz//sou /9DkN/YZlk0AYh6xn+oSOqRTPlwhNAVeq1nsw/GRoT/jAuocj8JqgQGQNjbeZxS+x1jMbVDSiwmluNWJdljoY95ufRhBBykVWLjoNVDJa8+ac0GGU7HKkBHjXzTYn4XLf1PNy2i9in2NAUsP69knHTA/rLASiUkfKHrPvK9sZB4EjV0C7EiGkYXD+DbGTH91SVUF/p2JwaM7UGAou/EZzVt6XgQw+Af9ru/coJXpKvnYaBWgLCkRF45AdbspwottaxPuP6JagLG6Erp9c3V6u6ETv2bI7OVnSy8d7Eb/K8t782/V0TIuO5ad4Q+/6myg== '
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Mon, 13 Nov 2023 05:18:28 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=torproject.org; s=2022-eugeni; t=1699870699; bh=KV8wo37Ix79Ek7GkYzKXR9G5pD/qltfBbazdDf0O6PA=; h=In-Reply-To:References:To:From:Date:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To:From; b=fCXup1mKNmdcVsVdUUWx6CvGOtSYVidW3VpyiN65QLXf4x3x0lbO6Q965lxEW4Dpv XI3nxp9o4swYDMm7LaxxWhsuFOiMw4BOREreVQruqMCkYdasJ6+oTwsrRqelbdeBB3 JMcLvmrLLc6Ni7fCdjCtqy0jTz2RJ7Q34Z7i9q0GxQWh+AGpLtqrTwxOeKQYf43wGX 1wjHWm36XKYDB2SROL+WFFfr2tZWM7R4VG/p9ql4n/8yeTjYTMekghm/1X+CbLN/9P stJ2nkrMiPusX2equUiWzmzEiJARoWJB67gSCvAI3eaq1BPbgjAtSVafmF/l1xTXC/ YRW34wQYCOvFg==
- In-reply-to: <3e55579b-f7d7-4376-ae22-8fa15a3e3bf4@sky-ip.org>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <3e55579b-f7d7-4376-ae22-8fa15a3e3bf4@sky-ip.org>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Quoting s7r (2023-11-08 17:42:46)
> 1. The page at
> https://community.torproject.org/relay/setup/bridge/debian-ubuntu/ needs a
> small revision.
Feel free to send a merge request to improve it:
https://gitlab.torproject.org/tpo/web/community/-/blob/main/content/relay/setup/bridge/debian-ubuntu/contents.lr?ref_type=heads
> 2. It was recommended on the mail list that obfs4 bridges should not open
> their ORPorts publicly to prevent scanning the entire 1-65536 port range and
> determine it's a Tor bridge. OK.
>
> But if you try:
>
> ORPort 127.0.0.1:auto
> ORPort [::1]:auto
> AssumeReachable 1 # needed to skip ORPort reachability test
>
> Tor will start but it will constantly complain in the log with:
>
> [warn] The IPv4 ORPort address 127.0.0.1 does not match the descriptor
> address REAL_IPv4_ADDRESS. If you have a static public IPv4 address, use
> 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. If you are behind a
> NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort
> <InternalPort> NoAdvertise'.
>
> [warn] The IPv6 ORPort address ::1 does not match the descriptor address
> REAL_IPv6_ADDRESS. If you have a static public IPv4 address, use
> 'Address <IPv6>' and 'OutboundBindAddress <IPv6>'. If you are behind a
> NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort
> <InternalPort> NoAdvertise'.
>
> I guess it's OK to continue to run it even with this as I do understand
> the log messages and it's the desired effect, but isn't it confusing for
> less experienced users? They might think something is wrong when it is not.
We are still working on supporting no publishing the ORPort. Is not bad to do
it, but there are some quircks that we need to fix.
> 3. ServerTransportListenAddr can be used just once and it's difficult for
> dual-stack which is now the vast majority.
>
> It's known for many years that each pluggable transport supports just
> one ServerTransportListenAddr line, the second one is simply ignored.
> Tickets for this exist.
>
> So what is the best way to for an user to open both IPv4 and IPv6
> pluggable transport ports?
This is not currently supported, but there is some work done in that direction:
https://gitlab.torproject.org/tpo/core/tor/-/issues/40885
.
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays