Hi David,
Couldn't I firewall the non-obfs port so only looback addresses may access it?
Cordially, Nathaniel Suchy
On Tue, Aug 21, 2018 at 11:37 AM David Fifield david@bamsoftware.com wrote:
On Mon, Aug 20, 2018 at 02:25:40PM -0400, Nathaniel Suchy wrote:
Interesting. Is there any reason to not use an obfuscated bridge?
No, not really. obfs4 resists active probing without any special additional steps. But I can think of one reason why the MSS trick is worth trying, anyway. Due to a longstanding bug (really more of a design issue that's hard to repair), you can't run an obfs4 bridge without also running a vanilla (unobfuscated) bridge on a different port on the same IP address. So if anyone ever connects to that vanilla port, the bridge will get probed and the entire IP address blocked, including the obfs4 port. https://bugs.torproject.org/7349 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays