Today I actually tried to connect to it and it is possible to connect to the
bridge using the ORport.
But when I tried to start tor browser with this setting to use obfs4:
obfs4 12.345.67.89:1111 (only with the right numbers)
it got stuck at "establishing an encrypted network connection".
I checked on canyouseeme.org and both the vanilla ORport and the obfs4 port
seem to be accessible from outside.
The obfs4 protocol needs to have not just the IP and port, but also
the shared secret.
For example, a valid obfs4 bridge line looks like:
obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55
cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0
The other parameters are needed because the client needs to prove
knowledge of the shared secret before the bridge will admit to being a
bridge.
That's because one of the steps in the arms race has been "active probing"
by China, where they use DPI to notice connections that might be obfs4,
and then do their own follow-up connection speaking the obfs4 protocol,
and if it talks obfs4 back, they know they can block it:
https://www.freehaven.net/anonbib/#foci12-winter
My router is set to allow TCP and UDP on the port for obfs4.
obfs4 only needs TCP.