[tor-relays] Multiple ServerTransportListenAddr OBFS2|3|4 Configuration

Gary C. New garycnew at yahoo.com
Thu Dec 15 01:08:06 UTC 2022 

 On Wednesday, December 14, 2022, 02:55:05 AM MST, trinity pointard <trinity.pointard at gmail.com> wrote:

Hi trinity!

>> As an added bonus, obfs4proxy also supports acting as an obfs2/3 client and bridge to ease the transition to the new protocol.

>> My question is whether the respective obfs2|3|4 transport names force the corresponding protocol?

> It does force the use of the protocol you specified, or at least it
> should and if it doesn't, that's a bug to report. You can quickly
> check this by connecting to an obfs4 bridge while saying it's obfs3:
> tor won't bootstrap.

Your recommended testing confirms that the "transport" portion of the ServerTransportListenAddr directive is an actual option passed and recognized by obfs4proxy (not just a label).

This point was made confusing by the "Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache" in the Tor manual. Notice the "obfs45" transport, which errors with "[warn] Server managed proxy encountered a method error. (obfs45 no such transport is supported)." I'm assuming this is a typo in the Tor manual?

Finally, it appears that BridgeDB hands-out the transport type with the ServerTransportListenAddr:Port and nullifies my attempts at providing multiple obfs4proxy listeners per Tor instance.

It's unfortunate that only a single ServerTransportListenAddr:Port can be spawned per Transport per Tor instance. Hopefully, this will be remedied in Arti.

>> Also... It wasn't clear in the manual whether obfs4proxy -enableLogging takes an optional path/file?

> It doesn't, logs are stored in $TOR_PT_STATE_LOCATION/obfs4proxy.log
> (usually that would be /var/lib/tor/pt_state/obfs4proxy.log)

I appreciate you confirming the obfs4proxy -enableLogging question as well. It seems like a symlink will have to do.

Thank you for your time and assistance.

Respectfully,


Gary


On Wed, 14 Dec 2022 at 10:02, Gary C. New via tor-relays
<tor-relays at lists.torproject.org> wrote:
>
> All:
>
> I noticed that the obfs2, obfs3, and obfs4 transport names seem to be hardcoded into tor.
>
> I have been able to configure the torrc to register each of the transports for multiple ServerTransportListenAddr:
>
> # cat torrc
> ORPort xxx.xxx.xxx.xxx:443 NoListen
> ORPort 192.168.0.31:9001 NoAdvertise
> SocksPort 9050
> SocksPort 192.168.0.31:9050
> ControlPort 9051
> HTTPTunnelPort 9080
> HTTPTunnelPort 192.168.0.31:9080
> ExtORPort 192.168.0.31:auto
> BridgeRelay 1
> BridgeDistribution moat
> ServerTransportPlugin obfs2 exec /opt/bin/obfs4proxy -enableLogging
> ServerTransportListenAddr obfs2 192.168.0.31:3102
> ServerTransportOptions obfs2 iat-mode=2
> ServerTransportPlugin obfs3 exec /opt/bin/obfs4proxy -enableLogging
> ServerTransportListenAddr obfs3 192.168.0.31:3103
> ServerTransportOptions obfs3 iat-mode=2
> ServerTransportPlugin obfs4 exec /opt/bin/obfs4proxy -enableLogging
> ServerTransportListenAddr obfs4 192.168.0.31:3104
> ServerTransportOptions obfs4 iat-mode=2
> DirCache 1
> ExitRelay 0
>
> # grep -i obfs ./torlog
> 2022/12/14 00:39:07 [NOTICE]: obfs4proxy-0.0.14 - launched
> Dec 13 17:41:48.000 [notice] Registered server transport 'obfs2' at '192.168.0.31:3102'
> Dec 13 17:41:48.000 [notice] Registered server transport 'obfs3' at '192.168.0.31:3103'
> Dec 13 17:41:48.000 [notice] Registered server transport 'obfs4' at '192.168.0.31:3104'
>
> # netstat -anp | grep obfs4proxy
> tcp        0      0 192.168.0.31:3102      0.0.0.0:*              LISTEN      30185/obfs4proxy
> tcp        0      0 192.168.0.31:3103      0.0.0.0:*              LISTEN      30185/obfs4proxy
> tcp        0      0 192.168.0.31:3104      0.0.0.0:*              LISTEN      30185/obfs4proxy
>
> My question is whether the respective obfs2|3|4 transport names force the corresponding protocol?
>
> If so... Are there any ServerTransportOptions that can force the obfs4 protocol on the legacy obfs2|3 transports?
>
> Also... It wasn't clear in the manual whether obfs4proxy -enableLogging takes an optional path/file?
>
> I appreciate any knowledge on the subjects.
>
> Respectfully,
>
>
> Gary
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20221215/4b6ef984/attachment.htm>

More information about the tor-relays mailing list