bridge not accessible through obfs4 port
Dear friends, I am uncuccessfully running a bridge that uses obfs4 as pluggable transport. (At least it should.) Today I actually tried to connect to it and it is possible to connect to the bridge using the ORport. But when I tried to start tor browser with this setting to use obfs4: obfs4 12.345.67.89:1111 (only with the right numbers) it got stuck at "establishing an encrypted network connection". I checked on canyouseeme.org and both the vanilla ORport and the obfs4 port seem to be accessible from outside. My router is set to allow TCP and UDP on the port for obfs4. What could be causing the problem? Cheers, Lo Am Mittwoch, 11. Juli 2018 um 20:47 schrieb Keifer Bly <keifer.bly@gmail.com>:
In comparison how much bandwidth would a Tor bridge user per month? It would be tough to give an exact answer to that is it depends on how many people are connecting through your specific bridge. However in general the bandwidth requirements would be much less, as bridges are used for mostly areas where the tor network is blocked whereas one of the exit relays is used by every client that uses tor at all. You can find more information on this topic here https://metrics.torproject.org/stats.html This page contains information about how much traffic different types of relays generally send and receive over time, etc. PS, my apologies if this comes through twice for some reason. My email client is acting a bit strange at the moment. On Wed, Jul 11, 2018 at 9:04 AM Nathaniel Suchy <me@lunorian.is> wrote: Hi. I would like to run a public OBFS4 Tor Bridge. Digitalocean’s price changes made running an exit too expensive. In comparison how much bandwidth would a Tor bridge use per month? Cheers, Nathaniel _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, Jul 13, 2018 at 02:24:53PM +0200, entensaison@use.startmail.com wrote:
I am uncuccessfully running a bridge that uses obfs4 as pluggable transport. (At least it should.) Today I actually tried to connect to it and it is possible to connect to the bridge using the ORport. But when I tried to start tor browser with this setting to use obfs4:
obfs4 12.345.67.89:1111 (only with the right numbers)
it got stuck at "establishing an encrypted network connection". I checked on canyouseeme.org and both the vanilla ORport and the obfs4 port seem to be accessible from outside.
The obfs4 protocol needs to have not just the IP and port, but also the shared secret. For example, a valid obfs4 bridge line looks like: obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0 The other parameters are needed because the client needs to prove knowledge of the shared secret before the bridge will admit to being a bridge. That's because one of the steps in the arms race has been "active probing" by China, where they use DPI to notice connections that might be obfs4, and then do their own follow-up connection speaking the obfs4 protocol, and if it talks obfs4 back, they know they can block it: https://www.freehaven.net/anonbib/#foci12-winter
My router is set to allow TCP and UDP on the port for obfs4.
obfs4 only needs TCP. Thanks! --Roger
Today I actually tried to connect to it and it is possible to connect to the bridge using the ORport. But when I tried to start tor browser with this setting to use obfs4:
obfs4 12.345.67.89:1111 (only with the right numbers) it got stuck at "establishing an encrypted network connection". I checked on canyouseeme.org and both the vanilla ORport and the obfs4 port seem to be accessible from outside. The obfs4 protocol needs to have not just the IP and port, but also the shared secret.
For example, a valid obfs4 bridge line looks like:
obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0
The other parameters are needed because the client needs to prove knowledge of the shared secret before the bridge will admit to being a bridge.
That's because one of the steps in the arms race has been "active probing" by China, where they use DPI to notice connections that might be obfs4, and then do their own follow-up connection speaking the obfs4 protocol, and if it talks obfs4 back, they know they can block it: https://www.freehaven.net/anonbib/#foci12-winter
My router is set to allow TCP and UDP on the port for obfs4. obfs4 only needs TCP.
Thanks for your replies! :)
Seems like I followed the instructions on https://www.torproject.org/docs/bridges.html.en and replaced obfs3 with obfs4 without thinking xD.
I had the same problem, you can connect to your bridge by two means: 1. through orport, the bridge line should be: <ip>:<Orport> without obfs4 in the beginning. 2. through obfs4: you need to find out your bridge line, it's under /var/lib/tor/pt_state/obfs4_bridgeline.txt the line is like this obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert= iat-mode=0 now the port is the obfs4 port hope this helps On 13-07-2018 12:24, entensaison@use.startmail.com wrote:
Dear friends,
I am uncuccessfully running a bridge that uses obfs4 as pluggable transport. (At least it should.) Today I actually tried to connect to it and it is possible to connect to the bridge using the ORport. But when I tried to start tor browser with this setting to use obfs4:
obfs4 12.345.67.89:1111 (only with the right numbers)
it got stuck at "establishing an encrypted network connection". I checked on canyouseeme.org and both the vanilla ORport and the obfs4 port seem to be accessible from outside.
My router is set to allow TCP and UDP on the port for obfs4.
What could be causing the problem?
Cheers, Lo
Am Mittwoch, 11. Juli 2018 um 20:47 schrieb Keifer Bly <keifer.bly@gmail.com>:
In comparison how much bandwidth would a Tor bridge user per month? It would be tough to give an exact answer to that is it depends on how many people are connecting through your specific bridge. However in general the bandwidth requirements would be much less, as bridges are used for mostly areas where the tor network is blocked whereas one of the exit relays is used by every client that uses tor at all. You can find more information on this topic here https://metrics.torproject.org/stats.html This page contains information about how much traffic different types of relays generally send and receive over time, etc. PS, my apologies if this comes through twice for some reason. My email client is acting a bit strange at the moment. On Wed, Jul 11, 2018 at 9:04 AM Nathaniel Suchy <me@lunorian.is> wrote: Hi. I would like to run a public OBFS4 Tor Bridge. Digitalocean’s price changes made running an exit too expensive. In comparison how much bandwidth would a Tor bridge use per month? Cheers, Nathaniel _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (3)
-
caioau tor -
entensaison@use.startmail.com -
Roger Dingledine