[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Call for obfs4 bridges, and a brief discussion of obfs4proxy.



On Sat, 11 Oct 2014 18:17:34 +0200
Oliver Baumann <baumanno@xxxxxxxxxxxxxx> wrote:
> I fought long and hard with this and found out something. 
> Not being able to connect via obfs4 using the info from
> bridgeline.txt, I conducted some experiments using info from IRC and
> obfs4_state.json.

Oh dear.  I am so sorry about that.

> For me to be able to connect to my obfs4-RPi-bridge, I need a
> bridgeline like this:
> 
> bridge obfs4 <IP>:<PORT> $fp $cert $public-key $node-id $iat-mode
> 
> ... where $public-key and $node-id can be taken from the state.json
> and PORT is (obviously?) the obfs4-port, not the ORPort (this was not
> quite so obvious to me).
> 
> This bridgeline-format worked for at least one other person having
> difficulties connecting to their obfs4-bridge, so it might be worth
> adding a hint somewhere.

That's the old bridge line format (changed between 0.0.2 and 0.0.3)[0].
The difference in the formats is the "node-id" and "public-key"
parameters were replaced with "cert" (and base64 encoded) to be more
compact (so either "cert" or "node-id" + "public-key")[1].

This issue will solve itself eventually, because I will nuke the
snapshots once the browser people merge my branch (and master already
points to a version that honors the "cert" parameter), but till then:

 Bridge obfs4 ip:port fingerprint public-key=<public key>
   node-id=<node-id> iat-mode=<iat-mode>

Is what people should be using to test things.  On new snapshots (or
fingers crossed official Tor Browser builds with obfs4 support), what
is in the text file will be correct (though the older format is
naturally also supported).

Sorry for the confusion,

-- 
Yawning Angel

[0]:https://gitweb.torproject.org/pluggable-transports/obfs4.git/commit/6cd81ec42f203585c59e610dc16728cb0a5d1455

[1]: "cert" is b64(node-id | public-key), with the trailing "="s
removed.  A trivial $languageOfChoice script can convert between the
two, though as you noted, pulling the parameters out of the JSON file
in the meantime isn't too difficult.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays