[tor-relays] Installing obfs4 on Raspberry Pi bridge

Alexander Dietrich alexander at dietrich.cx
Sun Mar 29 14:56:35 UTC 2015


So far I have been building tor packages myself on the Pi, but your post 
made me check out out the repositories again.

Unfortunately, it's still a bit of a mess:
- The Tor Project repo has "armhf" builds only for old Tor versions, and 
I'm not sure if they are even meant for the Pi's processor (I didn't 
try).
- The Raspbian repo has 0.2.5.11 tor package files, but apt only finds 
0.2.4.26.
- The Raspbian repo doesn't have a binary obfs4proxy package.

Looks like I will keep building my own packages on the Pi for now, and 
run obfs3.

Best regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B

On 2015-03-28 23:19, s7r wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hi,
> 
> obfs4 will not run on 0.2.4.x , you need at least 0.2.5.x or 0.2.6.x
> 
> First, upgrade your Tor.
> 
> You can use torproject.org repositories. If you are running wheezy:
> 
> 1. Add the repository:
> # echo "deb http://deb.torproject.org/torproject.org wheezy main" >>
> /etc/apt/sources.list
> 
> 2. Add the signing key:
> # gpg --keyserver keys.gnupg.net --recv 886DDD89; gpg --export
> A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add –
> 
> 3. Install keyring:
> # apt-get update && apt-get -y install deb.torproject.org-keyring
> 
> Now upgrade your Tor, an apt-get -y install tor would upgrade to 
> 0.2.5.1
> 1.
> 
> You can install obfs4proxy from deb.torproject.org too:
> 
> # echo "deb http://deb.torproject.org/torproject.org obfs4proxy main"
>>> /etc/apt/sources.list
> # apt-get update && apt-get -y install obfs4proxy
> 
> Now, modify your torrc to enable the obfs4 transport. Make sure you
> also add ExtORPort auto in torrc so it will report some useful
> statistics. obfs4proxy also supports obfs3, and some users still use
> that, so if you can be an obfs3 and obfs4 bridge at the same time
> (requires just one more open port) it would be great.
> 
> Sample torrc entry for enabling obfs4 and obfs3:
> ExtORPort auto
> ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy
> ServerTransportListenAddr obfs3 [::]:port
> ServerTransportListenAddr obfs4 [::]:port
> 
> To make the bridge even better, you can bind obfs3 and obfs4 to lower
> ports (< 1024), if you have them free, such as obfs3 on 80 and obfs4
> on 443 (for example). This will help users behind really restrictive
> firewalls who only allow connections on few ports. You can easily do
> this with libcap2-bin package:
> 
> # apt-get -y install libcap2-bin
> # setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
> 
> To make this persistent after a reboot, edit the /etc/rc.local file
> and add this line before 'exit 0':
> setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
> 
> Hope this helps. If you don't want to use deb.torproject.org,
> everything required is also included in raspbian main repo:
> 
> http://archive.raspbian.org/raspbian/pool/main/t/tor/
> http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/
> http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/
> 
> If you want to use raspbian repo, simply ignore the lines where you
> add deb.torproject.org to your sources.list file and just upgrade,
> install the required packages and modify your torrc file.
> 
> Thanks for running a bridge.
> 
> 
> On 3/28/2015 11:47 PM, jchase wrote:
>> Hello, I run a bridge on a Raspberry Pi running Debian Wheezy and
>> tor 0.2.4.26 . I have obfs3 installed and would like to upgrade to
>> obfs4. So far this has not been possible. If I understand it
>> correctly, my best bet is to update to tor 0.2.6.x and then
>> install obfs4. Let me know if I'm wrong. And if I'm right, what is
>> the easiest way to do that? Thanks, J. Chase
>> _______________________________________________ tor-relays mailing
>> list tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> 
> iQEcBAEBCAAGBQJVFyjiAAoJEIN/pSyBJlsRd+MH/36/4abGF4/h/4YZuf1TG2sf
> 0jJLaGt8Tg3c7038+7TbVwj884hvnA/gYaJTr8sPH8+2yuIqyxBfBu5IYNCaTCgT
> 7beR6KY4tJv1IgoReHUsn/4PLZ6K9vsnFTu08oQwjjolGcdx4BlAbHcsm0pZaGWA
> yAZlG1GKHGdn77bRHGi9F1ZKthRbMEQmXNV7abZPAbqjVFrTngOo68lDhIv46orP
> YPAhXx1v08cXZjfS0jcuwwaqhJPfxfP3nJSCNcJPG47ng81/eLWr5JgU3neyPhiN
> frZa2LCngPEeNlY5bjmaPrm/McmOM2Onrx9rXDEpezrCtAyQeGett2W1u/k+HI8=
> =VpQT
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


More information about the tor-relays mailing list