[tor-relays] Relay configuration for FreedomBox
Lance Hathaway
qhltx at yahoo.com
Wed Mar 19 13:25:35 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 18/03/2014 7:59 PM, James Valleroy wrote:
> Do you see any vulnerabilities, attacks, or risks with the current
> configuration, and are there any changes that you would recommend?
>
> [1] https://wiki.debian.org/FreedomBox [2]
> https://www.torproject.org/docs/bridges#RunningABridge
If you're going to be running these as bridges, it seems to make sense
to include obfsproxy support, probably with obfs3 and scramblesuit [0]
enabled right off the bat.
Note that scramblesuit requires tor 0.2.5.1 or higher [1], and
obfsproxy should be at 0.2.7 or higher [3].
Lines to add to the torrc:
1. ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy
managed ([0])
2. ServerTransportListenAddr obfs3 0.0.0.0:<port number> (if you want
to preset your obfs3 port, will be random otherwise) ([3])
3. ServerTransportListenAddr scramblesuit 0.0.0.0:<port number> (if
you want to preset your scramblesuit port, will be random otherwise) ([3])
4. ExtORPort auto (used internally between tor and obfsproxy, does not
need to be forwarded externally, so auto should be fine) ([4])
If I'm giving bad advice, somebody please speak up to correct me!
-Lance
[0]
https://lists.torproject.org/pipermail/tor-relays/2014-February/003886.html
[1]
https://lists.torproject.org/pipermail/tor-relays/2014-February/003898.html
[2]
https://lists.torproject.org/pipermail/tor-relays/2014-March/004074.html
[3]
https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en
[4]
https://lists.torproject.org/pipermail/tor-relays/2014-February/003962.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQIcBAEBCgAGBQJTKZrEAAoJEECmBqfoBgXnK+cP/RDhzkPBw33vW+VE1ro2QdPo
DX6WOB8tiGhMdmOq0oakAqZj8x7nDXs5lO7EcYYzQ7Gnh+ghJVQVBwMzJwX614x9
Hmbk19gvUyf9+9Y9b3gEFQlab1pk3+T0gkOJXu6+6+qHIunoINwa4KrhAYM/h2Ll
LzC+IL8IagO9GMGOMeSbqWyHmxHTaOWcZMGuAVZaQ7f07gY7sF/yxjCOuVuzseki
QqWQl2gwrvIhyVa7ukEpx/iwY6/+5BokPHDwAzG0oSZwlQCfyvpcIVrPFSO6B6DG
+jt4QGAsRKynNg5AaopHKi1F6SJ5ehWuvMOzPjWV8eDgqFimwHgSnRO0k2abwvat
ufXcJjtxyvi3j4O3jmTh14768th7QiGB5lLfeg/b8owp+Bnx4hAK9+iQe8L/zWWD
1afQDUC2PHjvyUif0eJ4+rvaPSFxUrb0HNJPE5seVTMPOWtX+P0a2bwJU0Me/7aZ
nqgCi7V0aqWjk/AegbkAwdLSHVHK8ChrJBlDsmYviwC8Psmhpkw2sCcJT2ki7mWS
xuRqIyU0xugeYhUJSOOUYnmH5iyjsaj6CXEoLG7Jvtke5iSvENlhNeMOjoy4Ppu4
ziKMxozpS1dVprS8Qsbo8TOmrJN2LdcpSVQuXzYeTU0AKEqLSB4rOAws9Ny1t2PZ
r/ww4J/SVK9+fgINSgOr
=5c2j
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list