commit 084ee9038ce3272e1d5355e1396b780b2eb46d6a Author: gus gus@torproject.org Date: Thu Jul 4 18:34:58 2019 -0400
Import obfs4 bridge deployment guide to lektor --- .../centos-rhel-opensuse/contents.lr | 2 +- .../bridge-deployment-guide/contents.lr | 8 ++- .../debian-ubuntu/contents.lr | 2 +- .../bridge-deployment-guide/freebsd/contents.lr | 2 +- .../bridge-deployment-guide/openbsd/contents.lr | 67 ++++++++++++++++++++++ 5 files changed, 76 insertions(+), 5 deletions(-)
diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr index 22d0f46..5849e5a 100644 --- a/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr +++ b/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr @@ -96,6 +96,6 @@ key: --- color: primary --- -subtitle: How to deploy obfs4proxy on CentOS / RHEL +subtitle: How to deploy obfs4proxy Bridge on CentOS / RHEL / OpenSUSE --- _template: layout.html diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr index b542590..c83b3e6 100644 --- a/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr +++ b/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr @@ -2,18 +2,22 @@ _model: page --- title:
- Bridge deployment + Bridge --- body:
This guide will help you run an obfs4 bridge to help censored users connect to the Tor network. The requirements are 1) 24/7 Internet connectivity and 2) the ability to expose TCP ports to the Internet (make sure that NAT doesn't get in the way). + +Note: If you're running platforms that are not listed on this page, you should probably [compile obfs4 from source](https://gitlab.com/yawning/obfs4#installation). --- html: two-columns-page.html --- -key: 1 +key: 2 --- section: Bridge operations --- section_id: bridge-operations --- subtitle: Run an obfs4 bridge to help censored users connect to the Tor network +--- +_slug: {{bridge}} diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr index 6bb7b79..8900995 100644 --- a/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr +++ b/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr @@ -77,4 +77,4 @@ key: 1 --- html: two-columns-page.html --- -subtitle: Follow the steps below to deploy obfs4proxy on Debian / Ubuntu +subtitle: How to deploy an obfs4proxy Bridge on Debian / Ubuntu diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr index e14737e..01adcd2 100644 --- a/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr +++ b/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr @@ -95,4 +95,4 @@ FreeBSDlatest: { ```
--- -subtitle: Follow the steps below to deploy obfs4proxy on FreeBSD +subtitle: How to deploy obfs4proxy Bridge on FreeBSD diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr index 24f1601..ae682d9 100644 --- a/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr +++ b/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr @@ -5,3 +5,70 @@ title: OpenBSD html: two-columns-page.html --- key: 4 +--- +body: + +# 1. Install packages +``` +pkg_add tor obfs4proxy +``` + +# 2. Edit your Tor config file + +Usually located at `/etc/tor/torrc`, add the following lines: + +``` +#Bridge config +RunAsDaemon 1 +ORPort auto +BridgeRelay 1 +ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy +# For a fixed obfs4 port (e.g. 34176), uncomment the following line. +#ServerTransportListenAddr obfs4 0.0.0.0:34176 +# Local communication port between Tor and obfs4. Always set this to "auto". "Ext" means +# "extended", not "external". Don't try to set a specific port number, nor listen on 0.0.0.0. +ExtORPort auto + +# Contact information that allows us to get in touch with you in case of +# critical updates or problems with your bridge. This is optional, so you +# don't have to provide an email address if you don't want to. +ContactInfo address@email.com +# Pick a nickname that you like for your bridge. +Nickname PickANickname + +Log notice file /var/log/tor/notices.log + +User _tor +``` + +Don't forget to change the ContactInfo and Nickname options. + +Note that both Tor's OR port and its obfs4 port must be reachable. If your bridge is behind a firewall or NAT, make sure to open both ports. + +# 3. Start the tor daemon and make sure it starts at boot: + +``` +rcctl enable tor +rcctl start tor +``` +# 4. Monitor your logs + +To confirm your bridge is running with no issues, you should see something like this (`/var/log/tor/notices.log`): + +``` +[notice] Your Tor server's identity key fingerprint is '<NICKNAME> <FINGERPRINT>' +[notice] Your Tor bridge's hashed identity key fingerprint is '<NICKNAME> <HASHED FINGERPRINT>' +[notice] Registered server transport 'obfs4' at '[::]:46396' +[notice] Tor has successfully opened a circuit. Looks like client functionality is working. +[notice] Bootstrapped 100%: Done +[notice] Now checking whether ORPort <redacted>:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) +[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. +``` + +Remember to open the random port associated with your bridge. You can find it in your tor log; in the above example it is 46396. To use a fixed port, uncomment the [ServerTransportListenAddr](https://www.torproject.org/docs/tor-manual.html.en#ServerTransportListenAddr) option in your torrc. You can use [our reachability test](https://bridges.torproject.org/scan/) to see if your obfs4 port is reachable from the Internet. +--- +subtitle: How to deploy obfs4proxy Bridge on OpenBSD +--- +section: Bridge +--- +section_id: bridge