Hi folks,
In addition to the "get many fast exit relays" plan, that same funder (Voice of America) wants us to run a pile of fast stable unpublished bridges. We'll give the bridge addresses out manually to their target users over the coming months.
The constraints are: * 100mbit+ connectivity, though in practice I expect they will spend most of their time doing far less than that. * No more than 2 bridges per /24. If you're running fast (100mbit+) exits (which is more important), exits on that /24 count toward this 2. * No more than 7 bridges total per data center.
If you could set up 1 (or 2, or 20) and send me the address(es) privately, that would be grand.
We do have some funding for this, but I'm hoping that we can get enough volunteers so we can put the money toward more fast exits and better QA and build automation for the Tor bundles. So if you have good connectivity but can't run an exit, this is a great way to contribute.
The torrc lines we want include:
ORPort 443 # or whichever port you like BridgeRelay 1 PublishServerDescriptor 0 RelayBandwidthRate 11875 KB # or more RelayBandwidthBurst 12500 KB # or more
If you have 3+ IP addresses and want to get fancy, you might set OutboundBindAddress to a different IP address than you tell me, to avoid some of the bridge enumeration attacks listed at https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bri...
Later I might ask you to set up some sort of server-side pluggable transport like obfsproxy, but there's no rush on that.
Long-term, "get a bunch of fast bridges on individual static IP addresses" is not a very good plan. Instead, we plan to focus on borrowing whole netblocks from ISPs and other people who aren't using them, and redirecting the addresses en masse into a bridge. You can start playing around with this idea by using an iptables rule rather than a bridge: /sbin/iptables -t nat -A PREROUTING -p tcp -d 18.244.0.114 --dport 80 -j DNAT --to-destination 128.31.0.34:9032 if the bridge listens on 128.31.0.34:9032 and you want me to advertise the address 18.244.0.114:80.
Let me know if you have any questions or I can help clarify anything.
Thanks! --Roger