On 22 Jun 2018, at 17:45, Arturo Filastò art@torproject.org wrote:
On 21 June 2018 at 20:11:45, Roger Dingledine (arma@mit.edu) wrote: I've been working with a person in #tor for the past few days, to try various configurations. My current best guess is that cantv is blocking by IP address only, and not doing DPI. It is blocking many of the public relay IP addresses, and it is blocking the default (built in to Tor Browser) obfs4 bridges. But obfs4 bridges from bridgedb work, and also vanilla bridges from bridgedb work.
That means it would be worthwhile for the OONI folks to do TCP reachability checks of all of the IP:ports for the Tor fallbackdir list.
We currently test the set of default dir auths, but I don’t think we test the fallbackdir list.
Please let us know how many of the 150 fallbacks are reachable on their ORPort. (Most Tor clients just use the ORPort.)
If they've all been blocked, we can work with the Tor Browser team to deploy some extra fallbacks in Tor, or in a torrc file.
(I also wonder if all the historical fallbacks have been blocked.)
T