[tor-relays] Call for setting up new obfs4 bridges
Philipp Winter
phw at torproject.org
Wed Jul 3 03:01:12 UTC 2019
On Wed, Jul 03, 2019 at 02:09:02AM +0000, torix at protonmail.com wrote:
> Looking at the new, improved instructions for Debian/Ubuntu obfs4
> bridges, I am confused by the talk about a fixed obfs4 bridge port.
> The line to do this is commented out. Does that mean it is optional
> to give obfs4 a fixed port? If it were a random port, however, I'd
> need a lot of open ports on my firewall...
We recommend to not set ServerTransportListenAddr and keep the "ORPort
auto" setting, which makes Tor pick a random OR and obfs4 port for you.
These random ports persist across restarts, so you only have to forward
them once -- at least as long as you keep your data directory. We don't
provide a static port in the sample config because we don't want
operators to end up with the same port. If that was the case, censors
could scan the IPv4 address space for these ports and block all bridges
they find that way.
That said, feel free to choose your own obfs4 port. For example, we
could use more bridges whose obfs4 port is 443. Just avoid port 9001 as
it's commonly associated with Tor and an attractive target for
Internet-wide scanning.
I hope this clears things up a bit.
Cheers,
Philipp
More information about the tor-relays
mailing list