<div dir="ltr"><div>Greeting everyone,</div><div><br></div><div>I've been running a TOR relay for a couple of years and as recently posted, my bandwidth usage has dribbled down to almost nothing.</div><div>I was going to pull the relay as the ubuntu box is basically doing nothing and not being utilised by TOR.</div><div><br></div><div>Then I saw the above email about being a bridge and thought, fine, I'll configure it to be a bridge and help out someone.</div><div>Tried to do it via the docker/script method, but soon realised that was outside my skill level (hey stop laughing! :P)</div><div>So I did it via the method here: <a href="https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy">https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy</a></div><div>Setting ORPort to 443 as suggested.</div><div>I forwarded that port on the router and then tested it, but it said it was closed. So I thought my router was playing up.</div><div>I checked a few other ports using online tools and a few of them were closed.</div><div>I forwarded a new another port to some other software on another machine and that worked?! <br></div><div>So I realised the ports are open on the router but closed on the ubuntu machine.</div><div>I've played around with all the settings, changed by torrc file to a really basic one of:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>RunAsDaemon 1<br>BridgeRelay 1<br><br># Replace "TODO" with a Tor port of your choice. This port must be externally<br># reachable. Avoid port 9001 because it's commonly associated with Tor and<br># censors may be scanning the Internet for this port.<br>ORPort 9051<br><br>ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy<br><br># Replace "TODO" with an obfs4 port of your choice. This port must be<br># externally reachable. Avoid port 9001 because it's commonly associated with<br># Tor and censors may be scanning the Internet for this port.<br>ServerTransportListenAddr obfs4 <a href="http://0.0.0.0:443">0.0.0.0:443</a><br><br># Local communication port between Tor and obfs4. Always set this to "auto".<br># "Ext" means "extended", not "external". Don't try to set a specific port<br># number, nor listen on 0.0.0.0.<br>ExtORPort auto<br><br># Replace "<<a href="mailto:address@email.com">address@email.com</a>>" with your email address so we can contact you if<br># there are problems with your bridge. This is optional but encouraged.<br>ContactInfo <a href="mailto:blades1000@gmail.com">blades1000@gmail.com</a><br><br># Pick a nickname that you like for your bridge. This is optional.<br>Nickname MelbTORbridge</div></blockquote><div><br></div><div>I was able to monitor tor still with NYX, but that seems to have stopped and given me an error of:</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Unable to authenticate: socket connection failed ([Errno 104] Connection reset by peer)<br></div></blockquote><div> <br></div><div>I was blowing a gasket yesterday and about to flush the whole machine, but left it for the day and figured I'd ask for help before I scrap it and go back to the original tor relay Torrc file.</div><div><br></div><div>Any help would be greatly appreciated.</div><div><br></div><div><br></div><div><br></div></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>
<table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:13px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
<td style="width:470px;padding-top:12px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virus-free. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a" target="_blank" style="color:#4453ea">www.avg.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 3, 2019 at 1:01 PM Philipp Winter <<a href="mailto:phw@torproject.org">phw@torproject.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, Jul 03, 2019 at 02:09:02AM +0000, <a href="mailto:torix@protonmail.com" target="_blank">torix@protonmail.com</a> wrote:<br>
> Looking at the new, improved instructions for Debian/Ubuntu obfs4<br>
> bridges, I am confused by the talk about a fixed obfs4 bridge port.<br>
> The line to do this is commented out. Does that mean it is optional<br>
> to give obfs4 a fixed port? If it were a random port, however, I'd<br>
> need a lot of open ports on my firewall...<br>
<br>
We recommend to not set ServerTransportListenAddr and keep the "ORPort<br>
auto" setting, which makes Tor pick a random OR and obfs4 port for you.<br>
These random ports persist across restarts, so you only have to forward<br>
them once -- at least as long as you keep your data directory. We don't<br>
provide a static port in the sample config because we don't want<br>
operators to end up with the same port. If that was the case, censors<br>
could scan the IPv4 address space for these ports and block all bridges<br>
they find that way.<br>
<br>
That said, feel free to choose your own obfs4 port. For example, we<br>
could use more bridges whose obfs4 port is 443. Just avoid port 9001 as<br>
it's commonly associated with Tor and an attractive target for<br>
Internet-wide scanning.<br>
<br>
I hope this clears things up a bit.<br>
<br>
Cheers,<br>
Philipp<br>
_______________________________________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org" target="_blank">tor-relays@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>
</blockquote></div>