On Wednesday, December 14, 2022, 02:55:05 AM MST, trinity pointard <trinity.pointard@gmail.com> wrote:
Hi trinity!
>> As an added bonus, obfs4proxy also supports acting as an obfs2/3 client and bridge to ease the transition to the new protocol.
>> My question is whether the respective obfs2|3|4 transport names force the corresponding protocol?
> It does force the use of the protocol you specified, or at least it
> should and if it doesn't, that's a bug to report. You can quickly
> check this by connecting to an obfs4 bridge while saying it's obfs3:
> tor won't bootstrap.
Your recommended testing confirms that the "transport" portion of the ServerTransportListenAddr directive is an actual option passed and recognized by obfs4proxy (not just a label).
This point was made confusing by the "Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache" in the Tor manual. Notice the "obfs45" transport, which errors with "[warn] Server managed proxy encountered a method error. (obfs45 no such transport is supported)." I'm assuming this is a typo in the Tor manual?
Finally, it appears that BridgeDB hands-out the transport type with the ServerTransportListenAddr:Port and nullifies my attempts at providing multiple obfs4proxy listeners per Tor instance.
It's unfortunate that only a single ServerTransportListenAddr:Port can be spawned per Transport per Tor instance. Hopefully, this will be remedied in Arti.
>> Also... It wasn't clear in the manual whether obfs4proxy -enableLogging takes an optional path/file?
> It doesn't, logs are stored in $TOR_PT_STATE_LOCATION/obfs4proxy.log
> (usually that would be /var/lib/tor/pt_state/obfs4proxy.log)
I appreciate you confirming the obfs4proxy -enableLogging question as well. It seems like a symlink will have to do.
Thank you for your time and assistance.
Respectfully,
Gary
On Wed, 14 Dec 2022 at 10:02, Gary C. New via tor-relays
<tor-relays@lists.torproject.org> wrote:
>
> All:
>
> I noticed that the obfs2, obfs3, and obfs4 transport names seem to be hardcoded into tor.
>
> I have been able to configure the torrc to register each of the transports for multiple ServerTransportListenAddr:
>
> # cat torrc
> ORPort xxx.xxx.xxx.xxx:443 NoListen
> ORPort 192.168.0.31:9001 NoAdvertise
> SocksPort 9050
> SocksPort 192.168.0.31:9050
> ControlPort 9051
> HTTPTunnelPort 9080
> HTTPTunnelPort 192.168.0.31:9080
> ExtORPort 192.168.0.31:auto
> BridgeRelay 1
> BridgeDistribution moat
> ServerTransportPlugin obfs2 exec /opt/bin/obfs4proxy -enableLogging
> ServerTransportListenAddr obfs2 192.168.0.31:3102
> ServerTransportOptions obfs2 iat-mode=2
> ServerTransportPlugin obfs3 exec /opt/bin/obfs4proxy -enableLogging
> ServerTransportListenAddr obfs3 192.168.0.31:3103
> ServerTransportOptions obfs3 iat-mode=2
> ServerTransportPlugin obfs4 exec /opt/bin/obfs4proxy -enableLogging
> ServerTransportListenAddr obfs4 192.168.0.31:3104
> ServerTransportOptions obfs4 iat-mode=2
> DirCache 1
> ExitRelay 0
>
> # grep -i obfs ./torlog
> 2022/12/14 00:39:07 [NOTICE]: obfs4proxy-0.0.14 - launched
> Dec 13 17:41:48.000 [notice] Registered server transport 'obfs2' at '192.168.0.31:3102'
> Dec 13 17:41:48.000 [notice] Registered server transport 'obfs3' at '192.168.0.31:3103'
> Dec 13 17:41:48.000 [notice] Registered server transport 'obfs4' at '192.168.0.31:3104'
>
> # netstat -anp | grep obfs4proxy
> tcp 0 0 192.168.0.31:3102 0.0.0.0:* LISTEN 30185/obfs4proxy
> tcp 0 0 192.168.0.31:3103 0.0.0.0:* LISTEN 30185/obfs4proxy
> tcp 0 0 192.168.0.31:3104 0.0.0.0:* LISTEN 30185/obfs4proxy
>
> My question is whether the respective obfs2|3|4 transport names force the corresponding protocol?
>
> If so... Are there any ServerTransportOptions that can force the obfs4 protocol on the legacy obfs2|3 transports?
>
> Also... It wasn't clear in the manual whether obfs4proxy -enableLogging takes an optional path/file?
>
> I appreciate any knowledge on the subjects.
>
> Respectfully,
>
>
> Gary
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays