[tor-dev] A meta-package for Pluggable Transports?

Tom van der Woerdt info at tvdw.eu
Thu Jun 30 19:22:55 UTC 2016

How about a conf.d style folder that plugins like bridges can drop files in?

$ yum install -y obfs4proxy
$ cat /etc/tor/torrc.d/obfs4.conf
ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy managed
ServerTransportListenAddr obfs4
ServerTransportListenAddr obfs4
$ systemctl restart tor


Op 30/06/16 om 21:15 schreef Nima Fatemi:
> It’s currently difficult for bridge operators to keep up with the
> changes in pluggable transports world. You’ve to be following tor
> development and censorship-war very closely to know which transport is
> needed currently and how to run them.
> There are many people who are still running vanilla bridges thinking
> they’re helping people in censored networks. Unfortunately those bridges
> are not anyone any good while burning operator’s resources.
> After some discussion on #tor-project a little while ago, the idea of
> having a meta-package that includes all or the most recent transports
> came up. Where people would install this meta package and it would
> automatically take care of the required steps to get the latest
> obfsproxy and set it up.
> From a UX perspective, ideally you’d set up a bridge with small and
> consistent steps like this:
> $ sudo apt-get install tor-bridge
> $ tor-bridge —-setup OR $ tor-bridge-setup
> and then it will automatically get the most recommended PT (eg obfs4),
> tor itself (if not installed), config your torrc, do a reachability
> test, publish the bridge to bridgdb automatically and give you the
> result in stdout:
> # Congrats! your bridge is up and running on $port
> # Your bridge is published in BridgeDB.
> # Thanks for fighting censorship!
> Additionally we can have more flags for different transports, ip, port
> and so on. For example if you want to run obfs4proxy on an specific port
> and not publish it, I imagine running something like this should get you
> there:
> $ tor-bridge-setup —-private —-obfs4 —-ip —-port 5000
> # Congrats! your bridge is up and running on port 5000
> # You have chosen to not to publish your bridge. Users would need to
> manually copy and paste the following line in their Tor Browser to use
> your bridge.
> #
> # bridge obfs4 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716
> cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA
> iat-mode=0
> The purpose of this email is to see whether this is a good approach (if
> not, how can we improve it), and what is needed to move towards it.
> Feedback from everyone, specially packagers and relay operators are
> encouraged and welcome :)
> Best,
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

More information about the tor-dev mailing list