-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 18/03/2014 7:59 PM, James Valleroy wrote:
Do you see any vulnerabilities, attacks, or risks with the current configuration, and are there any changes that you would recommend?
[1] https://wiki.debian.org/FreedomBox [2] https://www.torproject.org/docs/bridges#RunningABridge
If you're going to be running these as bridges, it seems to make sense to include obfsproxy support, probably with obfs3 and scramblesuit [0] enabled right off the bat. Note that scramblesuit requires tor 0.2.5.1 or higher [1], and obfsproxy should be at 0.2.7 or higher [3]. Lines to add to the torrc: 1. ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed ([0]) 2. ServerTransportListenAddr obfs3 0.0.0.0:<port number> (if you want to preset your obfs3 port, will be random otherwise) ([3]) 3. ServerTransportListenAddr scramblesuit 0.0.0.0:<port number> (if you want to preset your scramblesuit port, will be random otherwise) ([3]) 4. ExtORPort auto (used internally between tor and obfsproxy, does not need to be forwarded externally, so auto should be fine) ([4]) If I'm giving bad advice, somebody please speak up to correct me! -Lance [0] https://lists.torproject.org/pipermail/tor-relays/2014-February/003886.html [1] https://lists.torproject.org/pipermail/tor-relays/2014-February/003898.html [2] https://lists.torproject.org/pipermail/tor-relays/2014-March/004074.html [3] https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en [4] https://lists.torproject.org/pipermail/tor-relays/2014-February/003962.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBCgAGBQJTKZrEAAoJEECmBqfoBgXnK+cP/RDhzkPBw33vW+VE1ro2QdPo DX6WOB8tiGhMdmOq0oakAqZj8x7nDXs5lO7EcYYzQ7Gnh+ghJVQVBwMzJwX614x9 Hmbk19gvUyf9+9Y9b3gEFQlab1pk3+T0gkOJXu6+6+qHIunoINwa4KrhAYM/h2Ll LzC+IL8IagO9GMGOMeSbqWyHmxHTaOWcZMGuAVZaQ7f07gY7sF/yxjCOuVuzseki QqWQl2gwrvIhyVa7ukEpx/iwY6/+5BokPHDwAzG0oSZwlQCfyvpcIVrPFSO6B6DG +jt4QGAsRKynNg5AaopHKi1F6SJ5ehWuvMOzPjWV8eDgqFimwHgSnRO0k2abwvat ufXcJjtxyvi3j4O3jmTh14768th7QiGB5lLfeg/b8owp+Bnx4hAK9+iQe8L/zWWD 1afQDUC2PHjvyUif0eJ4+rvaPSFxUrb0HNJPE5seVTMPOWtX+P0a2bwJU0Me/7aZ nqgCi7V0aqWjk/AegbkAwdLSHVHK8ChrJBlDsmYviwC8Psmhpkw2sCcJT2ki7mWS xuRqIyU0xugeYhUJSOOUYnmH5iyjsaj6CXEoLG7Jvtke5iSvENlhNeMOjoy4Ppu4 ziKMxozpS1dVprS8Qsbo8TOmrJN2LdcpSVQuXzYeTU0AKEqLSB4rOAws9Ny1t2PZ r/ww4J/SVK9+fgINSgOr =5c2j -----END PGP SIGNATURE-----