On Monday, December 12, 2022, 08:31:43 AM MST, David Fifield david@bamsoftware.com wrote:
On Sun, Dec 11, 2022 at 04:25:06AM +0000, Gary C. New via tor-relays wrote:
I was successfully able to get Snowflake cross-compiled and installed for OpenWRT and Entware as a package.
Thanks, nice work.
# opkg files snowflake Package snowflake (2.4.1-1) is installed on root and has the following files: /opt/bin/proxy /opt/bin/client /opt/bin/probetest /opt/bin/broker /opt/bin/server /opt/bin/distinctcounter
I don't think it makes sense to package the server or broker for OpenWRT. The client and proxy, sure. But the server and broker do not even run on the same host in an actual deployment. distinctcounter is just a metrics utility for the broker: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
I agree it makes sense to package the client and proxy separate from the broker and server. This was just a quick and dirty test to see if I could get Snowflake cross-compiled and working on the OpenWRT and Entware platforms.
I am having some issues or misunderstandings with implementing Snowflake Proxy within Tor. I assumed that implementing Snowflake Proxy within Tor would be similar to OBFS4Bridge in that Tor would initialize Snowflake Proxy as a managed Pluggable Transport listening on the assigned ServerTransportListenAddr. I can see Snowflake Proxy initiate outbound requests, but I don't see it listen on the specified ServerTransportListenAddr and Port.
NOTE: Basic Inbound Connection Flow is Nginx (xxx.xxx.xxx.xxx:6031) => Snowflake Proxy (192.168.0.31:6031) => Tor (192.168.0.31:9001)
NOTE: I am only running Snowflake Proxy within the test torrc configuration.
# cat torrc ... Nickname Snowflake31 ORPort xxx.xxx.xxx.xxx:443 NoListen ORPort 192.168.0.31:9001 NoAdvertise BridgeRelay 1 BridgeDistribution moat ExtORPort 192.168.0.31:auto ###ServerTransportPlugin obfs31-1 exec /opt/bin/obfs4proxy -enableLogging ###ServerTransportListenAddr obfs31-1 192.168.0.31:3031 ServerTransportPlugin snowflake31-1 exec /opt/bin/proxy -log /tmp/snowflake.log -verbose ServerTransportListenAddr snowflake31-1 192.168.0.31:6031
# ps w | grep -I tor 26303 tor 253m S /opt/sbin/tor -f /tmp/torrc --quiet 26304 tor 795m S /opt/bin/proxy -log /tmp/snowflake.log -verbose
# netstat -anp | grep proxy tcp 0 0 192.168.0.31:49850 37.218.245.111:443 ESTABLISHED 26304/proxy udp 0 0 192.168.0.31:33961 0.0.0.0:* 26304/proxy udp 0 0 0.0.0.0:52654 0.0.0.0:* 26304/proxy
# tail -f /tmp/snowflake.log ... 2022/12/12 04:28:33 snowflake-proxy 2.4.1 2022/12/12 04:28:33 Proxy starting 2022/12/12 04:28:33 WebRTC: Created offer 2022/12/12 04:28:33 WebRTC: Set local description 2022/12/12 04:28:33 Offer: {"type":"offer","sdp":"v=0\r\no=- 4129729503856148472 1670819313 IN IP4 [scrubbed]\r\ns=-\r\nt=0 0\r\na=fingerprint:sha-256 3B:60:50:33:72:A1:35:91:44:7E:02:2E:F2:4E:0E:21:C2:24:1C:47:F7:43:A1:A7:F3:DE:BA:AB:3E:82:9E:11\r\na=extmap-allow-mixed\r\na=group:BUNDLE 0\r\nm=application 9 UDP/DTLS/SCTP webrtc-datachannel\r\nc=IN IP4 [scrubbed]\r\na=setup:actpass\r\na=mid:0\r\na=sendrecv\r\na=sctp-port:5000\r\na=ice-ufrag:glNJtRHnBjaRYRkg\r\na=ice-pwd:OxntNuRslEPhLgSstUnzwJFTPzPUGmzt\r\na=candidate:551460743 1 udp 2130706431 [scrubbed] 50786 typ host\r\na=candidate:551460743 2 udp 2130706431 [scrubbed] 50786 typ host\r\na=candidate:1335998215 1 udp 1694498815 [scrubbed] 45684 typ srflx raddr [scrubbed] rport 45684\r\na=candidate:1335998215 2 udp 1694498815 [scrubbed] 45684 typ srflx raddr [scrubbed] rport 45684\r\na=end-of-candidates\r\n"} 2022/12/12 04:29:00 NAT Type measurement: unknown -> restricted = restricted 2022/12/12 04:29:00 NAT type: restricted ... 2022/12/12 04:29:11 sdp offer successfully received. 2022/12/12 04:29:11 Generating answer... ... 2022/12/12 04:29:31 Timed out waiting for client to open data channel. 2022/12/12 04:29:41 sdp offer successfully received. 2022/12/12 04:29:41 Generating answer... 2022/12/12 04:30:02 Timed out waiting for client to open data channel. ... 2022/12/12 04:32:05 sdp offer successfully received. 2022/12/12 04:32:05 Generating answer... 2022/12/12 04:32:26 Timed out waiting for client to open data channel.
Is it possible to use Snowflake Proxy as a managed Pluggable Transport similar to OBFS4Bridge within Tor? It would be helpful to have a torrc configuration example within the Standalone Snowflake Proxy documentation.
Thanks, again, for your guidance and assistance.
Respectfully,
Gary