[tor-relays] ExtORPort notice

Kostas Jakeliunas kostas at jakeliunas.com
Sat Feb 15 12:47:34 UTC 2014 

On Sat, Feb 15, 2014 at 6:44 AM, Delton Barnes <delton.barnes at mail.ru>wrote:

> Upon upgrading obfsproxy to 0.2.6 and Tor to 0.2.5.1-alpha-dev
> (git-f63b394d90583b77+96972c4) for scramblesuit, I got this in the Tor log:
>
> Feb 15 04:40:03.000 [notice] We are a bridge with a pluggable transport
> proxy but the Extended ORPort is disabled. The Extended ORPort helps Tor
> communicate with the pluggable transport proxy. Please enable it using
> the ExtORPort torrc option.
>
> How should this be set?  What does it do?  I saw some web pages
> suggesting "ExtORPort 6699" for statistics-gathering purposes.
>

I personally think there should be some kind of notice (or it should be
more verbose) for obfsproxy bridge operators who are upgrading to the
newest obfsproxy, telling them to enable ExtORPort and so on. That notice
should include instructions how to do this, which is very simple (assuming
obfsproxy bridge operators are already familiar with torrc):

You just need to add one line to your torrc:

ExtORPort <some_unused_port>

so for example

ExtORPort 6699

If obfsproxy is already running, it's probably best to then simply restart
tor (vs. just reloading, that is, 'sudo service tor reload' or 'sudo
killall -HUP tor'). Tor will start listening to that port, and will
automatically inform obfsproxy (upon starting it) to use this port for
communication.

> What does it do?

As far as I understand it, ExtORPort tells tor to open a local-only (bound
to localhost) socket for getting information from / communicating with
obfsproxy (the pluggable transport proxy executable); i.e. the only
communication that happens through this port is between tor and obfsproxy.
Information exchanged includes statistics about obfsproxy bridge users
(such as the number of users coming from a specific country and the number
of users per each pluggable transport). Tor then aggregates this data
(rounding up to a number, etc.) in a way that makes sure it is anonymized /
cannot be used by anyone attempting to pinpoint users of this specific
bridge and so on.

You can e.g. look up some statistics that come from this kind of reporting
on the Tor Metrics portal.[1] (the actual numbers are probably
significantly different from what is currently shown; hence the need for
more bridges with ExtORPort enabled.

I may have misunderstood something, though. But in any case, it's best if
you just include a "ExtORPort <some_port>" line in your torrc - that should
be enough.

[1]: e.g. obfs3 transport users:
https://metrics.torproject.org/users.html?graph=userstats-bridge-transport&start=2013-11-17&end=2014-02-15&transport=obfs3#userstats-bridge-transport

--

Kostas.

0x0e5dce45 @ pgp.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140215/a599d099/attachment.html>

More information about the tor-relays mailing list