Hey,
Starting to set up some Bridges behind some routers, if possible at several locations.
Since last time, I've found some useful informations, but I'm not 100% sure if torrc config is ok. So the goal is : - bridge - obsfproxy to help censored people - SOCKS available for LAN computers, to redirect traffic to Tor
Here the torrc file I've tuned : ####START#### SocksPort 192.168.1.10:9050 #LAN IP SocksPolicy accept 192.168.1.0/24 #Socks available for LAN computers SocksPolicy accept 127.0.0.1 #Socks available for localhost too SocksPolicy reject * Log notice file /var/log/tor/notices.log ORPort 10000 Address x.x.x.x #WAN IP Nickname Test01 #name of the bridge node ContactInfo me@mail.com DirPort 10001 ExitPolicy reject *:* BridgeRelay 1 PublishServerDescriptor bridge AuthoritativeDirectory 1 BridgeAuthoritativeDir 1 ServerTransportPlugin obfs3 exec /usr/bin/obfsproxy managed ServerTransportListenAddr obfs3 0.0.0.0:10002 ExtORPort auto ####END####
In the router/box, I'll open/forward those 3 TCP ports from the WAN to the LAN server IP : ORPort : 10000 DirPort : 10001 Obfs : 10002
Test with a LAN client Firefox connecting with Socks is ok, IP seen is a Tor exit... Torcheck says the current browser is using Tor.
But how to know if censored people can use this bridge ? (I'll test it from an open wifi hotspot in future...) Is this one is available in the list at bridges.torproject.org ? I see some log lines about stats files... where will it possible to check this bridge utilization ?
If someone wants to correct this torrc file, please don't hesitate ! Is there something to add, to remove ?! Another eye is always cool to be sure !
Many thx for your lights :)
On 29 Jun 2016, at 04:57, Petrusko petrusko@riseup.net wrote:
Hey,
Starting to set up some Bridges behind some routers, if possible at several locations.
Since last time, I've found some useful informations, but I'm not 100% sure if torrc config is ok. So the goal is :
- bridge
- obsfproxy to help censored people
- SOCKS available for LAN computers, to redirect traffic to Tor
Here the torrc file I've tuned : ####START#### SocksPort 192.168.1.10:9050 #LAN IP SocksPolicy accept 192.168.1.0/24 #Socks available for LAN computers SocksPolicy accept 127.0.0.1 #Socks available for localhost too SocksPolicy reject * Log notice file /var/log/tor/notices.log ORPort 10000 Address x.x.x.x #WAN IP Nickname Test01 #name of the bridge node ContactInfo me@mail.com DirPort 10001 ExitPolicy reject *:* BridgeRelay 1 PublishServerDescriptor bridge
AuthoritativeDirectory 1 BridgeAuthoritativeDir 1
You really don't want these two lines, they make your relay try to be an authoritative directory.
ServerTransportPlugin obfs3 exec /usr/bin/obfsproxy managed ServerTransportListenAddr obfs3 0.0.0.0:10002 ExtORPort auto ####END####
In the router/box, I'll open/forward those 3 TCP ports from the WAN to the LAN server IP : ORPort : 10000 DirPort : 10001 Obfs : 10002
Test with a LAN client Firefox connecting with Socks is ok, IP seen is a Tor exit... Torcheck says the current browser is using Tor.
But how to know if censored people can use this bridge ? (I'll test it from an open wifi hotspot in future...) Is this one is available in the list at bridges.torproject.org ? I see some log lines about stats files... where will it possible to check this bridge utilization ?
If someone wants to correct this torrc file, please don't hesitate ! Is there something to add, to remove ?! Another eye is always cool to be sure !
Many thx for your lights :)
-- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
Thx Tim for validating this torrc configuration, before deploying it. Ok, I'll remove those 2 lines. (but it can be helpful for Tor network on fast bridges ?)
About stats, I see Atlas and Globe can give informations when you know the Bridge's name... I was thinking they were only useful for relays/exits... Nice!
AuthoritativeDirectory 1 BridgeAuthoritativeDir 1
You really don't want these two lines, they make your relay try to be an authoritative directory.
On 29 Jun 2016, at 16:57, Petrusko petrusko@riseup.net wrote:
Thx Tim for validating this torrc configuration, before deploying it. Ok, I'll remove those 2 lines. (but it can be helpful for Tor network on fast bridges ?)
No, there are only 10 authoritative directories in the network. Your bridge automatically mirrors the content of these directories to clients.
Tim
About stats, I see Atlas and Globe can give informations when you know the Bridge's name... I was thinking they were only useful for relays/exits... Nice!
AuthoritativeDirectory 1 BridgeAuthoritativeDir 1
You really don't want these two lines, they make your relay try to be an authoritative directory.
-- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
tor-relays@lists.torproject.org