Thanks for your answer. Your instructions were good and explicit, but you hit on two of the problems I run into. I installed tor 0.2.5.11-1 from torproject.org and got two error messages that I couldn't solve. I would have to go back and re-install 0.2.5.11-1 to tell you what they were. In any case they weren't configuration problems. I had pretty much the same problem months ago when I installed a tor 0.2.5.x on Pi. Which leads me to want to use a raspbian repo. only I am unable to get /etc/apt/sources.list to recognize http://archive.raspbian.org/raspbian/pool/main/t/tor/ (or variations thereof) as a repository. And in my main raspian repo tor doesn't go any higher than 0.2.4.26 . So simply updating tor does not work. How do I add http://archive.raspbian.org/raspbian/pool/main/t/tor/ http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/ as one or more alternative repositories or force an install? Thanks, J. Chase
tor-relays-request@lists.torproject.org:
Message: 4 Date: Sun, 29 Mar 2015 00:19:14 +0200 From: s7r s7r@sky-ip.org To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Installing obfs4 on Raspberry Pi bridge Message-ID: 551728E2.4030705@sky-ip.org Content-Type: text/plain; charset=windows-1252
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
obfs4 will not run on 0.2.4.x , you need at least 0.2.5.x or 0.2.6.x
First, upgrade your Tor.
You can use torproject.org repositories. If you are running wheezy:
- Add the repository:
# echo "deb http://deb.torproject.org/torproject.org wheezy main" >> /etc/apt/sources.list
- Add the signing key:
# gpg --keyserver keys.gnupg.net --recv 886DDD89; gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add ?
- Install keyring:
# apt-get update && apt-get -y install deb.torproject.org-keyring
Now upgrade your Tor, an apt-get -y install tor would upgrade to 0.2.5.1
You can install obfs4proxy from deb.torproject.org too:
# echo "deb http://deb.torproject.org/torproject.org obfs4proxy main"
/etc/apt/sources.list
# apt-get update && apt-get -y install obfs4proxy
Now, modify your torrc to enable the obfs4 transport. Make sure you also add ExtORPort auto in torrc so it will report some useful statistics. obfs4proxy also supports obfs3, and some users still use that, so if you can be an obfs3 and obfs4 bridge at the same time (requires just one more open port) it would be great.
Sample torrc entry for enabling obfs4 and obfs3: ExtORPort auto ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs3 [::]:port ServerTransportListenAddr obfs4 [::]:port
To make the bridge even better, you can bind obfs3 and obfs4 to lower ports (< 1024), if you have them free, such as obfs3 on 80 and obfs4 on 443 (for example). This will help users behind really restrictive firewalls who only allow connections on few ports. You can easily do this with libcap2-bin package:
# apt-get -y install libcap2-bin # setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
To make this persistent after a reboot, edit the /etc/rc.local file and add this line before 'exit 0': setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
Hope this helps. If you don't want to use deb.torproject.org, everything required is also included in raspbian main repo:
http://archive.raspbian.org/raspbian/pool/main/t/tor/ http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/
If you want to use raspbian repo, simply ignore the lines where you add deb.torproject.org to your sources.list file and just upgrade, install the required packages and modify your torrc file.
Thanks for running a bridge.