On Tue, Mar 14, 2017 at 04:13:13PM +0100, Mart van Santen wrote:
In that case I do not see any problems to run a few, to a maximum of 4. For example 2 in Europe, and 2 in Asia.
Please let me know if you want us to move forward with this.
Yes, I think we're ready for you to move forward. Please send me the bridge lines in private email and I will take of filing the necessary tickets.
We need a slightly special configuration for the default bridges. The main thing is that the ORPort should be firewalled off, so the bridge stays out of BridgeDB. I think it's worth setting iat-mode=1 for these new bridges, because most of the existing bridges use iat-mode=0.
These are the essential things to have in the torrc configuration file: BridgeRelay 1 ExtORPort auto ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportOptions obfs4 iat-mode=1
One tor is running, we will need to know the "bridge line" which includes the IP address, port, relay fingerprint, and obfs4 parameters. The fingerprint is in <tor datadir>/hashed-fingerprint and the obfs4 parameters are in <tor datadir>/pt_state/obfs4_bridgeline.txt Example: Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=hLMtj0qIlIL1/gz/LrfRsA8wQDKWlz20aMzELFNtCctJvEcd/9vTD4fJP02KcjcTCviuUQ iat-mode=1
On its first run, obfs4 will choose a random high-numbered port to listen on. We've found it is helpful for bridges also to listen on ports 80 and 443, if possible. Unfortunately, the best way to do this is via iptables rules, separate from the Tor configuration: https://tor.stackexchange.com/questions/543/how-to-set-up-an-obfs3-bridge-on... For example: iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port <obfs4 port>