Author: arma Date: 2012-11-09 20:28:18 +0000 (Fri, 09 Nov 2012) New Revision: 25866 Modified: website/trunk/projects/en/obfsproxy-debian-instructions.wml Log: make the obfsproxy bridge debian instructions more likely to work Modified: website/trunk/projects/en/obfsproxy-debian-instructions.wml =================================================================== --- website/trunk/projects/en/obfsproxy-debian-instructions.wml 2012-11-06 22:40:33 UTC (rev 25865) +++ website/trunk/projects/en/obfsproxy-debian-instructions.wml 2012-11-09 20:28:18 UTC (rev 25866) @@ -2,7 +2,7 @@ # Revision: $Revision$ # Translation-Priority: 4-optional -#include "head.wmi" TITLE="obfsproxy: Installation instructions" CHARSET="UTF-8" +#include "head.wmi" TITLE="obfsproxy: Setting up an Obfsproxy Bridge on Debian/Ubuntu" CHARSET="UTF-8" <div id="content" class="clearfix"> <div id="breadcrumbs"> @@ -14,65 +14,55 @@ <!-- PUT CONTENT AFTER THIS TAG --> - <h1 id="instructions">Obfsproxy Bridge Instructions on Debian/Ubuntu</h1> + <h1 id="instructions">Setting up an Obfsproxy Bridge on Debian/Ubuntu</h1> <img src="$(IMGROOT)/obfsproxy_diagram.png" alt="obfsproxy diagram"></a> <p> - This guide will help you setup an obfuscated bridge on a Debian/Ubuntu system. + This guide will help you set up an obfuscated bridge on a Debian/Ubuntu system. </p> - <h3>Step 0: Add Tor repositories to APT</h3> + <h3>Step 0: Move to the development version of Tor</h3> <br> <p> - You need - to <a href="https://www.torproject.org/docs/debian#development">install - the experimental official Tor Project APT repositories</a>, - because a fresh version of Tor (0.2.4.x) is required (Older - versions of Tor don't report their bridge addresses to BridgeDB). + Add the <a href="<page docs/debian>#development">development Tor + APT repository</a> and run the specified commands to install tor + and deb.torproject.org-keyring. You need Tor 0.2.4.x Tor because + it knows how to automatically report your obfsproxy address to <a + href="https://bridges.torproject.org/?transport=obfs2">BridgeDB</a>. </p> - <h3>Step 1: Install Tor and obfsproxy</h3> + <h3>Step 1: Install obfsproxy</h3> <br> - <p> - Now install tor and obfsproxy: - </p> - <pre style="margin: 1.5em 0 1.5em 2em"> -\# apt-get update -\# apt-get install obfsproxy tor +\# apt-get install obfsproxy </pre> <p> - Note that obfsproxy requires - libevent2 and your distribution (e.g. Debian stable) might not - have it in its repos. You can - <a href="https://trac.torproject.org/projects/tor/ticket/5009#comment:9">try - our experimental backport libevent2 debs</a>, - or <a href="https://trac.torproject.org/projects/tor/ticket/5009#comment:17">build - libevent2 from source</a>. + Obfsproxy requires libevent2. If your distribution (e.g. Debian + squeeze) doesn't include it, you can get it from the <a + href="http://packages.debian.org/search?keywords=libevent-2.0-5">backports</a> + repository. </p> - <h3>Step 2: Set up Tor</h3> + <h3>Step 2: Configure Tor</h3> <br> <p> - You will need an appropriate - Tor <a href="<page docs/faq>#torrc">configuration file</a> - (usually at <i>/etc/tor/torrc</i>): + Edit your <i>/etc/tor/torrc</i> to add: </p> <pre style="margin: 1.5em 0 1.5em 2em"> SocksPort 0 -ORPort auto +ORPort 443 # or some other port if you already run a webserver/skype BridgeRelay 1 Exitpolicy reject *:* -\## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like. +\## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like Nickname CHANGEME_1 -\## CHANGEME_2 -> If you want others to be able to contact you uncomment this line and put your GPG fingerprint for example. +\## CHANGEME_2 -> provide some email address so we can contact you if there's a problem \#ContactInfo CHANGEME_2 ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed @@ -82,11 +72,12 @@ Don't forget to edit the <i>CHANGEME</i> fields! </p> - <h3>Step 3: Launch Tor and verify that it works</h3> + <h3>Step 3: Launch Tor and verify that it bootstraps</h3> <br> <p> - Restart Tor for the the new configuration file to be in effect: + Restart Tor to use the new configuration file. + (Preface with sudo if needed.) </p> <pre style="margin: 1.5em 0 1.5em 2em"> @@ -112,10 +103,16 @@ 100%. </p> + <h3>Step 4: Set up port forwarding if needed</h3> + <br> + <p> - Now you need to find the address on which obfsproxy is - listening. To do this, check your Tor logs for a line similar to - this one: + If you're behind a NAT/firewall, you'll need to make your bridge + reachable from the outside world — both on the ORPort and + the obfsproxy port. The ORPort is whatever you defined in step two + above. To find your obfsproxy port, check your Tor logs for a line + similar to this one: + </p> <pre style="margin: 1.5em 0 1.5em 2em"> Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821 @@ -123,19 +120,11 @@ <p> The last number, in this case <i>26821</i>, is the TCP port number - that your clients should point their obfsproxy to. So for example, - if your public IP is 1.2.3.4, your clients should put <i>Bridge - obfs2 1.2.3.4:26821</i> in their configuration file. - </pre> + that you need to forward through your firewall. (This port is randomly + chosen the first time Tor starts, but Tor will cache and reuse the + same number in future runs.) </p> - <p> - <img width="7%" height="7%" style="float: left;" src="$(IMGROOT)/icon-Obfsproxy.jpg"> - <b>Don't forget!</b> If you are behind a NAT, you should <b>port - forward</b> the port that obfsproxy is listening on. In the - example above you would have to forward port <i>26821</i>. - </p> - </div> <!-- END MAINCOL --> <div id = "sidecol">