[tor-relays] A call to arms for obfuscated bridges

Drake Wilson drake at dasyatidae.net
Fri Apr 19 04:15:39 UTC 2013


Quoth Steve Snyder <swsnyder at snydernet.net>, on 2013-04-16 15:53:14 -0400:
> obfs3 won't build/run on RHEL6/CentOS6 due to the Python 2.7.x (plus
> many, many subpackages) requirement.  Replacing the installed Python
> v2.6.x will break your system.  Installing to an alternate location
> (download, ./configure, make altinstall) and editing
> /usr/bin/obfsproxy isn't enough as the subpackages are all still
> installed beneath /usr/lib/python2.6/.

Indeed.

I tend to run my server-y machines on CentOS 6 at the moment, and I
was going to try to spin up an obfs3 proxy on one of them, but the
Python 2.7 dependency steamrolls that plan.  Curiously, if it needed
Python 3, I would be more amenable to it, both since the major version
change means upstreams are likely to make sure parallel installation
works, and because I'm interested in increased Python 3 adoption
anyway.

I am not really inclined to do any of:

  - try to have both a distribution and an out-of-distribution Python
    2 installed in parallel;

  - bypass declared installation requirements, use 2.6.6, and blindly
    hope that it won't result in some awful subtle bug;

  - allocate additional money and tracking resources to fooling around
    with Amazon (eating my free usage quota and then likely causing me
    to drop the bridge after a year anyway, which is exactly what you
    _didn't_ want) when I have perfectly good spare computing power
    already;

  - try to figure out how to retrieve the "Tor Cloud" image and/or
    convert it into something I can use outside of Amazon's service.

I also ran into the following:

  - I'd like to examine the obfsproxy source code out of curiosity to
    see how it's likely to interact with my other network services.
    The only thing that looks like a source link on [1] points me to
    installation instructions of the form "now, here's how to vomit
    all the files somewhere on your system using pip, which you
    already have because you're about to install it on this very
    machine, right?".  Where's the beef^Wtarball?  Hell if I know
    without spending a lot of energy on it.

    [1] https://www.torproject.org//projects/obfsproxy.html.en

  - What's the way to make this play nicely if all the "common"
    encrypted-connection ports (particularly 443/tcp) are already
    bound to their "usual" services on this IP address?  Does that
    exist?  What requirements are there for what the service "looks
    like" to the outside for the obfs3 usage to actually be effective?
    I can't easily tell.

For me, this is "oh, well", but if you want more deployed obfuscated
bridges, there might be other people running into the same things.

   ---> Drake Wilson


More information about the tor-relays mailing list