[tor-relays] Enabling obfs4 and obfs3 on 80 and 443
Yawning Angel
yawning at schwanenlied.me
Tue May 5 14:48:50 UTC 2015
On Tue, 05 May 2015 13:51:34 +0100
R-one <r1 at cryptoisimportantto.me> wrote:
[snip]
> This didn't work -- obfs4 complained that 443 was in use (is that
> because I had previously set it for ORPort?). So, for now, I have
> set obfs4 to a random high port.
>
> I will admit to being pretty confused about the recommended bridge
> setting for ORPort and the obfs ports (and what ExtORPort does
> differently). Does anyone have a recommendation for what I should
> do? Do I need to upgrade to tor 0.2.5?
ORPort should be sent to something random, that is externally reachable
and not in use by anything else.
ExtORPort should be set to "auto", it only listens on the loopback
interface, so it doesn't need external reachability.
The obfs ports can be unset (No ServerTransportListenAddr line) in
which case they will be random, or set to specific ports to attempt to
bypass naive attempts at protocol whitelisting.
You need to upgrade to tor 0.2.5.x or later to be a useful obfs4 bridge
period because Bridges running 0.2.4.x will publish broken bridge
configurations to BridgeDB, and will not ever get served to users.
(Yes, tor should log a warning whenever such situations occur, see
#13202 for people shooting that idea down when I first brought it up a
long time ago.)
No idea about the port already in use thing. Check the processes on
the system to see if you have a defunct obfs4proxy instance hanging
around (obfs4proxy 0.0.5 makes this less likely to happen).
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150505/085e4f29/attachment.sig>
More information about the tor-relays
mailing list