[tor-relays] Call for setting up new obfs4 bridges

Ben Riley blades1000 at gmail.com
Thu Jul 18 02:50:34 UTC 2019 

Greeting everyone,

I've been running a TOR relay for a couple of years and as recently posted,
my bandwidth usage has dribbled down to almost nothing.
I was going to pull the relay as the ubuntu box is basically doing nothing
and not being utilised by TOR.

Then I saw the above email about being a bridge and thought, fine, I'll
configure it to be a bridge and help out someone.
Tried to do it via the docker/script method, but soon realised that was
outside my skill level (hey stop laughing! :P)
So I did it via the method here:
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
Setting ORPort to 443 as suggested.
I forwarded that port on the router and then tested it, but it said it was
closed. So I thought my router was playing up.
I checked a few other ports using online tools and a few of them were
closed.
I forwarded a new another port to some other software on another machine
and that worked?!
So I realised the ports are open on the router but closed on the ubuntu
machine.
I've played around with all the settings, changed by torrc file to a really
basic one of:

RunAsDaemon 1
> BridgeRelay 1
>
> # Replace "TODO" with a Tor port of your choice.  This port must be
> externally
> # reachable.  Avoid port 9001 because it's commonly associated with Tor and
> # censors may be scanning the Internet for this port.
> ORPort 9051
>
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
>
> # Replace "TODO" with an obfs4 port of your choice.  This port must be
> # externally reachable.  Avoid port 9001 because it's commonly associated
> with
> # Tor and censors may be scanning the Internet for this port.
> ServerTransportListenAddr obfs4 0.0.0.0:443
>
> # Local communication port between Tor and obfs4.  Always set this to
> "auto".
> # "Ext" means "extended", not "external".  Don't try to set a specific port
> # number, nor listen on 0.0.0.0.
> ExtORPort auto
>
> # Replace "<address at email.com>" with your email address so we can contact
> you if
> # there are problems with your bridge.  This is optional but encouraged.
> ContactInfo blades1000 at gmail.com
>
> # Pick a nickname that you like for your bridge.  This is optional.
> Nickname MelbTORbridge
>

I was able to monitor tor still with NYX, but that seems to have stopped
and given me an error of:

> Unable to authenticate: socket connection failed ([Errno 104] Connection
> reset by peer)
>

I was blowing a gasket yesterday and about to flush the whole machine, but
left it for the day and figured I'd ask for help before I scrap it and go
back to the original tor relay Torrc file.

Any help would be greatly appreciated.




<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Wed, Jul 3, 2019 at 1:01 PM Philipp Winter <phw at torproject.org> wrote:

> On Wed, Jul 03, 2019 at 02:09:02AM +0000, torix at protonmail.com wrote:
> > Looking at the new, improved instructions for Debian/Ubuntu obfs4
> > bridges, I am confused by the talk about a fixed obfs4 bridge port.
> > The line to do this is commented out.  Does that mean it is optional
> > to give obfs4 a fixed port?  If it were a random port, however, I'd
> > need a lot of open ports on my firewall...
>
> We recommend to not set ServerTransportListenAddr and keep the "ORPort
> auto" setting, which makes Tor pick a random OR and obfs4 port for you.
> These random ports persist across restarts, so you only have to forward
> them once -- at least as long as you keep your data directory.  We don't
> provide a static port in the sample config because we don't want
> operators to end up with the same port.  If that was the case, censors
> could scan the IPv4 address space for these ports and block all bridges
> they find that way.
>
> That said, feel free to choose your own obfs4 port.  For example, we
> could use more bridges whose obfs4 port is 443.  Just avoid port 9001 as
> it's commonly associated with Tor and an attractive target for
> Internet-wide scanning.
>
> I hope this clears things up a bit.
>
> Cheers,
> Philipp
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20190718/c64cc216/attachment.html>

More information about the tor-relays mailing list