issue with setting up a private bridge

List overview All Threads
Download

newer

older

Re: [tor-relays]...

Limiting connection count

Hamid Safe

4 Feb 2018 4 Feb '18

6:26 a.m.

Attachments:

attachment.html (text/html — 3.4 KB)
torrc-client.txt (text/plain — 8.8 KB)
torrc-server.txt (text/plain — 424 bytes)

Show replies by date

Dmitrii Tcvetkov

4 Feb 4 Feb

10:15 a.m.

On Sun, 4 Feb 2018 09:56:18 +0330 Hamid Safe hsafe@devopt.net wrote:

...

Hello tor-relays team,

...
I am facing issue trying to set up a private obfs4proxy+tor relay bridge(centos 7 server) on a vps outside Iran and using the same methodology obfs4+tor client (Arch linux) inside Iran.DPI blocks tor networks and vpn connections are no allowed. Please note that the set up basically needed to access pretty much anything serious in a production env for accessing the sites that will otherwise be blocked in Iran i.e hub.docker.com + my personal use, hence can't really use the tor-browser.

I have successfully followed yawning angel's github to compile and set up the obfs4proxy and also the tor in both ends. Tor service is running , and I attach along this email the config I used both in client and server end. I suspect that there is a key hash issue and the mechanism to obfuscate the traffic that fails and particularly a directory that does not exist in my server which is in a lot of howtos referred to as: /pt_state/obfs4_bridgeline.txt

Hello,

Absence of pt_state directory in DataDirectory is odd. You can't use obfs4 without information from obfs4_bridgeline.txt.

I suggest to change line ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy to ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed in server's torrc.

Also you need to connect not to the ORPort itself but to the transport port, so server config should have line: ServerTransportListenAddr <ip_address>:<port>

And then in your client torrc you specify bridge like: Bridge obfs4 <ip_address>:<port> <fingerprint> cert=<line from obfs4_bridgeline.txt> iat-mode=0

If it still doesn't work you can add line ServerTransportOptions obfs4 iat-mode=1 to bridge's torrc and also change iat-mode=1 in clients bridge line, so like this: Bridge obfs4 ip_address:port <fingerprint> cert=<line from obfs4_bridgeline.txt> iat-mode=1

iat-mode allows to enable additional obfuscation, it works only for sending traffic, so for 2-way obfuscation needs to be enabled on both ends.

2478

Age (days ago)

2478

Last active (days ago)

tor-relays@lists.torproject.org

1 comments

2 participants

tags (0)

participants (2)

Dmitrii Tcvetkov
Hamid Safe