[tor-relays] Bridge Usage and Setup

Tom Ritter tom at ritter.vg
Mon Jun 1 16:34:08 UTC 2015 

Earlier this month I set up an obfs3/obfs4 bridge that (as far as I
can tell) has never been used. Is this normal?  My bridge is at
https://atlas.torproject.org/#details/C184F644B9D39B26647779282003ACAF59E8028A


During this exercise I ran across a few pain points for setting up a
bridge.  Maybe I completely ignored some existing resource for this,
but the bottom of https://www.torproject.org/docs/bridges is out of
date, BridgeDB doesn't have a link anywhere, and trac's search isn't
that good but I couldn't find anything on that either.

1) Setup
I followed https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/README.md
to set up the obfs3/obfs4
As good as this is, it would be great if it included a minimal and
complete torrc for an obfs4 bridge, and perhaps also for an
obfs3/obfs4 bridge and an IPv6 setup.  My torrc is

SocksPort 0
ControlPort 9051
HashedControlPassword ...
CookieAuthentication 1
ORPort 9001
ORPort [<public ipv6 addr>]:9001
BridgeRelay 1
ExtORPort auto
ServerTransportPlugin obfs3,obfs4 exec /usr/local/bin/obfs4proxy
ServerTransportListenAddr obfs3 [::]:80
ServerTransportListenAddr obfs4 [::]:443

2) Testing
How do I (easily) confirm my bridge is correctly configured?
Especially if I don't have an IPv6 connection for TBB?

netstat seems to say that things are good.  The tcp6 connections on 80
and 443 also apply to ipv4 though; right?

$ netstat -lpn
tcp        0      0 127.0.0.1:9051          0.0.0.0:*
LISTEN      479/tor
tcp        0      0 0.0.0.0:9001            0.0.0.0:*
LISTEN      479/tor
tcp        0      0 127.0.0.1:55346         0.0.0.0:*
LISTEN      479/tor
tcp6       0      0 :::443                  :::*
LISTEN      480/obfs4proxy
tcp6       0      0 <public ipv6 addr> :::*                    LISTEN
    479/tor
tcp6       0      0 :::80                   :::*
LISTEN      480/obfs4proxy

I can put my bridge line into TBB and try and use it for obfs4; seems
to work. But actually finding that bridge line wasn't straightforward
(cat /var/lib/tor/pt_state/obfs4_bridgeline.txt and then edit the
fields, right?) And it doesn't help for obfs3.

Some external validation would be nice.

3) Usage
Can do I figure out if my bridge is being used?  I've identified the following:

$  cat /var/lib/tor/stats/bridge-stats
bridge-stats-end 2015-05-31 18:58:43 (86400 s)
bridge-ips
bridge-ip-versions v4=0,v6=0
bridge-ip-transports

$ zgrep unique /var/log/tor/*
(a bunch of lines of "0 unique clients")

Atlas graphs, showing virtually no traffic




I feel like #2 might be addressed by Weather (if it was working), but
all of these might be a good subject for a wiki page on how to run a
bridge, if my understanding of everything is correct.

-tom

More information about the tor-relays mailing list