[tor-relays] New obfsproxy transport: scramblesuit [bridge operators: please upgrade!]

Mon Feb 10 18:54:59 UTC 2014

On 2014-02-10 19:26, George Kadianakis wrote:
> Grozdan <neutrino8 at gmail.com> writes:
>
>> On Mon, Feb 10, 2014 at 6:54 PM, George Kadianakis <desnacked at riseup.net> wrote:
>>> Grozdan <neutrino8 at gmail.com> writes:
>>>
>>>> On Mon, Feb 10, 2014 at 5:04 PM, George Kadianakis <desnacked at riseup.net> wrote:
>>>>> Greetings,
>>>>>
>>>>> a few days ago we integrated ScrambleSuit to obfsproxy. ScrambleSuit
>>>>> is a pluggable transport by Philipp Winter; you can find more about it
>>>>> at: http://www.cs.kau.se/philwint/scramblesuit/
>>>>>
>>>>> If you are running a bridge, please consider upgrading your obfsproxy
>>>>> to the latest version (0.2.6) by using pip or fetching the latest git
>>>>> master.  Unfortunately, we don't have Linux packages yet, but we will
>>>>> hopefully have some soon. In the meanwhile, we would appreciate some
>>>>> testing :)
>>>>>
>>>>> After you upgrade obfsproxy, please change your ServerTransportPlugin
>>>>> line from:
>>>>>      ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
>>>>> to:
>>>>>      ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
>>>>>
>>>>> This will disable obfs2 [0] and enable scramblesuit.
>>>>>
>>>>> It's also important to know that scramblesuit is a password-based
>>>>> pluggable transport, which means that each scramblesuit bridge has a
>>>>> password and if the user doesn't know the password he/she can't
>>>>> connect to the bridge. If you publishing your bridge to BridgeDB, Tor
>>>>> will automatically send the ScrambleSuit password to BridgeDB so that
>>>>> clients can get it. By default ScrambleSuit will generate a random
>>>>> password; if you want to specify your own password, you can use a
>>>>> torrc line like this:
>>>>>       ServerTransportOptions scramblesuit password=LLDNOWV7I4P6RKFJMDEMIY2GNU2IQISA
>>>>>
>>>>> By the way, expect not to see any scramblesuit users in the
>>>>> beginning. After a few people have set up scramblesuit bridges, we
>>>>> will roll out a Tor Browser Bundle with scramblesuit enabled.
>>>>>
>>>>> Feel free to ask any questions you have!
>>>> I just installed version 0.2.6 and tried to make my normal bridge a
>>>> bridge with obfsproxy, but it fails to start it. In Tor log all i see
>>>> is the below
>>>>
>>>> Feb 10 18:30:44.000 [warn] The communication stream of managed proxy
>>>> '/usr/bin/obfsproxy' is 'closed'. Most probably the managed proxy
>>>> stopped running. This might be a bug of the managed proxy, a bug of
>>>> Tor, or a misconfiguration. Please enable logging on your managed
>>>> proxy and check the logs for errors.
>>>>
>>>> My torrc config contains the following:
>>>>
>>>> ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
>>>>
>>>
>>> Hm.
>>>
>>> Can you make sure that obfsproxy is in /usr/bin/obfsproxy? Depending
>>> on how you installed obfsproxy-0.2.6, the executable might be in
>>> /usr/local/bin/ or elsewhere.
>>>
>>> If that doesn't work, try this torrc line instead:
>>>    ServerTransportPlugin obfs3,scramblesuit exec /usr/local/bin/obfsproxy --log-min-severity=debug --log-file=/home/user/obfs.log managed
>>>
>>> this will turn on logging for obfsproxy and create a logfile in your
>>> home directory (fix the /home/user/obfs.log path). Please start up Tor
>>> again and check out the log file. If the log file doesn't get created
>>> it means that obfsproxy failed before writing the log file (this might
>>> be a permissions problem, or something else).
>> I was missing a package here (pyptlib) which I installed and now it
>> appears to work
>>
> Hm, out of curiosity, how did you install obfsproxy? Because if you
> used git, the setup.py script should have installed pyptlib for
> you. If you used pip, pip should have installed pyptlib for you.
>
> Is there a bug somewhere?
>

I updated a minority of our bridges. Sadly I can't install them on all
of our servers as most of our bridges a running in a KVM with minimal
ressources (1 GB HDD Space).

Greetings
Sam Grüneisen - FVDE (enn.lu)