[tor-relays] Installing obfs4 on Raspberry Pi bridge

s7r s7r at sky-ip.org
Sun Mar 29 22:02:25 UTC 2015

Hash: SHA256


J - those links are for reference only. They cannot be added in
sources.list file because they are not valid repository strings.

Here is what I've learned so far.
If you are on Raspberry Pi B/B+ (ARMv6 CPU) you will not be fully
compatible with armhf architecture from Debian Wheezy / Raspbian
Wheezy because that requires at least ARMv7 CPU. Raspberry Pi 2 has an
ARMv7 CPU quad core @ 900 Mhz which should be fully compatible with
armhf. For previous Raspberry models, some armhf packages for wheezy
might work, some not.

True, by default from Raspbian repo, apt-get will install Tor

I was able to manually get the .deb of Tor and install it,
and it works good, no errors:

# cd ~/ && wget
# sudo dpkg -i tor_0.2.5.11-1_armhf.deb

- -press N to keep your current torrc file when prompted-

The obfs4proxy package in Raspbian main repo is borken. I could not
install it, there is no .deb there.

We currently do not have armhf or armel packages for obfs4proxy in
deb.torproject.org, but Yawning (CC'ed) will let us know when he has
time how we can build obfs4proxy from git on Raspbian.

On 3/29/2015 10:31 PM, jchase wrote:
> Thanks for your answer. Your instructions were good and explicit, 
> but you hit on two of the problems I run into. I installed tor 
> from torproject.org and got two error messages that I 
> couldn't solve. I would have to go back and re-install 
> to tell you what they were. In any case they weren't configuration 
> problems. I had pretty much the same problem months ago when I 
> installed a tor 0.2.5.x on Pi. Which leads me to want to use a 
> raspbian repo. only I am unable to get /etc/apt/sources.list to 
> recognize http://archive.raspbian.org/raspbian/pool/main/t/tor/
> (or variations thereof) as a repository. And in my main raspian
> repo tor doesn't go any higher than . So simply updating
> tor does not work. How do I add 
> http://archive.raspbian.org/raspbian/pool/main/t/tor/ 
> http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ 
> http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/ as
> one or more alternative repositories or force an install? Thanks,
> J. Chase
> tor-relays-request at lists.torproject.org:
>> Message: 4 Date: Sun, 29 Mar 2015 00:19:14 +0200 From: s7r 
>> <s7r at sky-ip.org> To: tor-relays at lists.torproject.org Subject:
>> Re: [tor-relays] Installing obfs4 on Raspberry Pi bridge
>> Message-ID: <551728E2.4030705 at sky-ip.org> Content-Type:
>> text/plain; charset=windows-1252
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> Hi,
>> obfs4 will not run on 0.2.4.x , you need at least 0.2.5.x or 
>> 0.2.6.x
>> First, upgrade your Tor.
>> You can use torproject.org repositories. If you are running 
>> wheezy:
>> 1. Add the repository: # echo "deb 
>> http://deb.torproject.org/torproject.org wheezy main" >> 
>> /etc/apt/sources.list
>> 2. Add the signing key: # gpg --keyserver keys.gnupg.net --recv 
>> 886DDD89; gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
>> | apt-key add ?
>> 3. Install keyring: # apt-get update && apt-get -y install 
>> deb.torproject.org-keyring
>> Now upgrade your Tor, an apt-get -y install tor would upgrade to 
>> 1.
>> You can install obfs4proxy from deb.torproject.org too:
>> # echo "deb http://deb.torproject.org/torproject.org obfs4proxy 
>> main"
>>>>>> /etc/apt/sources.list
>> # apt-get update && apt-get -y install obfs4proxy
>> Now, modify your torrc to enable the obfs4 transport. Make sure 
>> you also add ExtORPort auto in torrc so it will report some 
>> useful statistics. obfs4proxy also supports obfs3, and some
>> users still use that, so if you can be an obfs3 and obfs4 bridge
>> at the same time (requires just one more open port) it would be
>> great.
>> Sample torrc entry for enabling obfs4 and obfs3: ExtORPort auto 
>> ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy 
>> ServerTransportListenAddr obfs3 [::]:port 
>> ServerTransportListenAddr obfs4 [::]:port
>> To make the bridge even better, you can bind obfs3 and obfs4 to 
>> lower ports (< 1024), if you have them free, such as obfs3 on 80 
>> and obfs4 on 443 (for example). This will help users behind 
>> really restrictive firewalls who only allow connections on few 
>> ports. You can easily do this with libcap2-bin package:
>> # apt-get -y install libcap2-bin # setcap 
>> 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
>> To make this persistent after a reboot, edit the /etc/rc.local 
>> file and add this line before 'exit 0': setcap 
>> 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy
>> Hope this helps. If you don't want to use deb.torproject.org, 
>> everything required is also included in raspbian main repo:
>> http://archive.raspbian.org/raspbian/pool/main/t/tor/ 
>> http://archive.raspbian.org/raspbian/pool/main/o/obfs4proxy/ 
>> http://archive.raspbian.org/raspbian/pool/main/libc/libcap2/
>> If you want to use raspbian repo, simply ignore the lines where 
>> you add deb.torproject.org to your sources.list file and just 
>> upgrade, install the required packages and modify your torrc 
>> file.
>> Thanks for running a bridge.
> _______________________________________________ tor-relays mailing 
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Version: GnuPG v2.0.22 (MingW32)


More information about the tor-relays mailing list