Author: arma Date: 2012-11-09 20:28:18 +0000 (Fri, 09 Nov 2012) New Revision: 25866
Modified: website/trunk/projects/en/obfsproxy-debian-instructions.wml Log: make the obfsproxy bridge debian instructions more likely to work
Modified: website/trunk/projects/en/obfsproxy-debian-instructions.wml =================================================================== --- website/trunk/projects/en/obfsproxy-debian-instructions.wml 2012-11-06 22:40:33 UTC (rev 25865) +++ website/trunk/projects/en/obfsproxy-debian-instructions.wml 2012-11-09 20:28:18 UTC (rev 25866) @@ -2,7 +2,7 @@ # Revision: $Revision$ # Translation-Priority: 4-optional
-#include "head.wmi" TITLE="obfsproxy: Installation instructions" CHARSET="UTF-8" +#include "head.wmi" TITLE="obfsproxy: Setting up an Obfsproxy Bridge on Debian/Ubuntu" CHARSET="UTF-8"
<div id="content" class="clearfix"> <div id="breadcrumbs"> @@ -14,65 +14,55 @@
<!-- PUT CONTENT AFTER THIS TAG -->
- <h1 id="instructions">Obfsproxy Bridge Instructions on Debian/Ubuntu</h1> + <h1 id="instructions">Setting up an Obfsproxy Bridge on Debian/Ubuntu</h1>
<img src="$(IMGROOT)/obfsproxy_diagram.png" alt="obfsproxy diagram"></a>
<p> - This guide will help you setup an obfuscated bridge on a Debian/Ubuntu system. + This guide will help you set up an obfuscated bridge on a Debian/Ubuntu system. </p>
- <h3>Step 0: Add Tor repositories to APT</h3> + <h3>Step 0: Move to the development version of Tor</h3> <br>
<p> - You need - to <a href="https://www.torproject.org/docs/debian#development">install - the experimental official Tor Project APT repositories</a>, - because a fresh version of Tor (0.2.4.x) is required (Older - versions of Tor don't report their bridge addresses to BridgeDB). + Add the <a href="<page docs/debian>#development">development Tor + APT repository</a> and run the specified commands to install tor + and deb.torproject.org-keyring. You need Tor 0.2.4.x Tor because + it knows how to automatically report your obfsproxy address to <a + href="https://bridges.torproject.org/?transport=obfs2%22%3EBridgeDB</a>. </p>
- <h3>Step 1: Install Tor and obfsproxy</h3> + <h3>Step 1: Install obfsproxy</h3> <br>
- <p> - Now install tor and obfsproxy: - </p> - <pre style="margin: 1.5em 0 1.5em 2em"> -# apt-get update -# apt-get install obfsproxy tor +# apt-get install obfsproxy </pre>
<p> - Note that obfsproxy requires - libevent2 and your distribution (e.g. Debian stable) might not - have it in its repos. You can - <a href="https://trac.torproject.org/projects/tor/ticket/5009#comment:9">try - our experimental backport libevent2 debs</a>, - or <a href="https://trac.torproject.org/projects/tor/ticket/5009#comment:17">build - libevent2 from source</a>. + Obfsproxy requires libevent2. If your distribution (e.g. Debian + squeeze) doesn't include it, you can get it from the <a + href="http://packages.debian.org/search?keywords=libevent-2.0-5%22%3Ebackports</a> + repository. </p>
- <h3>Step 2: Set up Tor</h3> + <h3>Step 2: Configure Tor</h3> <br>
<p> - You will need an appropriate - Tor <a href="<page docs/faq>#torrc">configuration file</a> - (usually at <i>/etc/tor/torrc</i>): + Edit your <i>/etc/tor/torrc</i> to add: </p>
<pre style="margin: 1.5em 0 1.5em 2em"> SocksPort 0 -ORPort auto +ORPort 443 # or some other port if you already run a webserver/skype BridgeRelay 1 Exitpolicy reject *:*
-## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like. +## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like Nickname CHANGEME_1 -## CHANGEME_2 -> If you want others to be able to contact you uncomment this line and put your GPG fingerprint for example. +## CHANGEME_2 -> provide some email address so we can contact you if there's a problem #ContactInfo CHANGEME_2
ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed @@ -82,11 +72,12 @@ Don't forget to edit the <i>CHANGEME</i> fields! </p>
- <h3>Step 3: Launch Tor and verify that it works</h3> + <h3>Step 3: Launch Tor and verify that it bootstraps</h3> <br>
<p> - Restart Tor for the the new configuration file to be in effect: + Restart Tor to use the new configuration file. + (Preface with sudo if needed.) </p>
<pre style="margin: 1.5em 0 1.5em 2em"> @@ -112,10 +103,16 @@ 100%. </p>
+ <h3>Step 4: Set up port forwarding if needed</h3> + <br> + <p> - Now you need to find the address on which obfsproxy is - listening. To do this, check your Tor logs for a line similar to - this one: + If you're behind a NAT/firewall, you'll need to make your bridge + reachable from the outside world — both on the ORPort and + the obfsproxy port. The ORPort is whatever you defined in step two + above. To find your obfsproxy port, check your Tor logs for a line + similar to this one: + </p>
<pre style="margin: 1.5em 0 1.5em 2em"> Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821 @@ -123,19 +120,11 @@
<p> The last number, in this case <i>26821</i>, is the TCP port number - that your clients should point their obfsproxy to. So for example, - if your public IP is 1.2.3.4, your clients should put <i>Bridge - obfs2 1.2.3.4:26821</i> in their configuration file. - </pre> + that you need to forward through your firewall. (This port is randomly + chosen the first time Tor starts, but Tor will cache and reuse the + same number in future runs.) </p>
- <p> - <img width="7%" height="7%" style="float: left;" src="$(IMGROOT)/icon-Obfsproxy.jpg"> - <b>Don't forget!</b> If you are behind a NAT, you should <b>port - forward</b> the port that obfsproxy is listening on. In the - example above you would have to forward port <i>26821</i>. - </p> - </div> <!-- END MAINCOL --> <div id = "sidecol">