[tor-relays] bridge not accessible through obfs4 port

entensaison at use.startmail.com entensaison at use.startmail.com
Fri Jul 13 17:32:40 UTC 2018

>> Today I actually tried to connect to it and it is possible to 
>> connect to the
>> bridge using the ORport.
>> But when I tried to start tor browser with this setting to use 
>> obfs4:
>> obfs4 12.345.67.89:1111 (only with the right numbers)
>> it got stuck at "establishing an encrypted network connection".
>> I checked on canyouseeme.org and both the vanilla ORport and the 
>> obfs4 port
>> seem to be accessible from outside.
> The obfs4 protocol needs to have not just the IP and port, but also
> the shared secret.
> For example, a valid obfs4 bridge line looks like:
> obfs4 8FB9F4319E89E5C6223052AA525A192AFBC85D55 
> cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ 
> iat-mode=0
> The other parameters are needed because the client needs to prove
> knowledge of the shared secret before the bridge will admit to being 
> a
> bridge.
> That's because one of the steps in the arms race has been "active 
> probing"
> by China, where they use DPI to notice connections that might be 
> obfs4,
> and then do their own follow-up connection speaking the obfs4 
> protocol,
> and if it talks obfs4 back, they know they can block it:
> https://www.freehaven.net/anonbib/#foci12-winter
>> My router is set to allow TCP and UDP on the port for obfs4.
> obfs4 only needs TCP.
Thanks for your replies! :)
Seems like I followed the instructions on 
https://www.torproject.org/docs/bridges.html.en and replaced obfs3 with 
obfs4 without thinking xD.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180713/97613ef6/attachment.html>

More information about the tor-relays mailing list