[tor-relays] New obfsproxy transport: scramblesuit [bridge operators: please upgrade!]

Tyler Durden virii at enn.lu
Mon Feb 10 18:54:59 UTC 2014

On 2014-02-10 19:26, George Kadianakis wrote:
> Grozdan <neutrino8 at gmail.com> writes:
>> On Mon, Feb 10, 2014 at 6:54 PM, George Kadianakis <desnacked at riseup.net> wrote:
>>> Grozdan <neutrino8 at gmail.com> writes:
>>>> On Mon, Feb 10, 2014 at 5:04 PM, George Kadianakis <desnacked at riseup.net> wrote:
>>>>> Greetings,
>>>>> a few days ago we integrated ScrambleSuit to obfsproxy. ScrambleSuit
>>>>> is a pluggable transport by Philipp Winter; you can find more about it
>>>>> at: http://www.cs.kau.se/philwint/scramblesuit/
>>>>> If you are running a bridge, please consider upgrading your obfsproxy
>>>>> to the latest version (0.2.6) by using pip or fetching the latest git
>>>>> master.  Unfortunately, we don't have Linux packages yet, but we will
>>>>> hopefully have some soon. In the meanwhile, we would appreciate some
>>>>> testing :)
>>>>> After you upgrade obfsproxy, please change your ServerTransportPlugin
>>>>> line from:
>>>>>      ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
>>>>> to:
>>>>>      ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
>>>>> This will disable obfs2 [0] and enable scramblesuit.
>>>>> It's also important to know that scramblesuit is a password-based
>>>>> pluggable transport, which means that each scramblesuit bridge has a
>>>>> password and if the user doesn't know the password he/she can't
>>>>> connect to the bridge. If you publishing your bridge to BridgeDB, Tor
>>>>> will automatically send the ScrambleSuit password to BridgeDB so that
>>>>> clients can get it. By default ScrambleSuit will generate a random
>>>>> password; if you want to specify your own password, you can use a
>>>>> torrc line like this:
>>>>>       ServerTransportOptions scramblesuit password=LLDNOWV7I4P6RKFJMDEMIY2GNU2IQISA
>>>>> By the way, expect not to see any scramblesuit users in the
>>>>> beginning. After a few people have set up scramblesuit bridges, we
>>>>> will roll out a Tor Browser Bundle with scramblesuit enabled.
>>>>> Feel free to ask any questions you have!
>>>> I just installed version 0.2.6 and tried to make my normal bridge a
>>>> bridge with obfsproxy, but it fails to start it. In Tor log all i see
>>>> is the below
>>>> Feb 10 18:30:44.000 [warn] The communication stream of managed proxy
>>>> '/usr/bin/obfsproxy' is 'closed'. Most probably the managed proxy
>>>> stopped running. This might be a bug of the managed proxy, a bug of
>>>> Tor, or a misconfiguration. Please enable logging on your managed
>>>> proxy and check the logs for errors.
>>>> My torrc config contains the following:
>>>> ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
>>> Hm.
>>> Can you make sure that obfsproxy is in /usr/bin/obfsproxy? Depending
>>> on how you installed obfsproxy-0.2.6, the executable might be in
>>> /usr/local/bin/ or elsewhere.
>>> If that doesn't work, try this torrc line instead:
>>>    ServerTransportPlugin obfs3,scramblesuit exec /usr/local/bin/obfsproxy --log-min-severity=debug --log-file=/home/user/obfs.log managed
>>> this will turn on logging for obfsproxy and create a logfile in your
>>> home directory (fix the /home/user/obfs.log path). Please start up Tor
>>> again and check out the log file. If the log file doesn't get created
>>> it means that obfsproxy failed before writing the log file (this might
>>> be a permissions problem, or something else).
>> I was missing a package here (pyptlib) which I installed and now it
>> appears to work
> Hm, out of curiosity, how did you install obfsproxy? Because if you
> used git, the setup.py script should have installed pyptlib for
> you. If you used pip, pip should have installed pyptlib for you.
> Is there a bug somewhere?

I updated a minority of our bridges. Sadly I can't install them on all
of our servers as most of our bridges a running in a KVM with minimal
ressources (1 GB HDD Space).

Sam Grüneisen - FVDE (enn.lu)

More information about the tor-relays mailing list