[tor-relays] We need bridges with iat-mode set to 1 and especially 2 as well!

juckiuscaesar at web.de juckiuscaesar at web.de
Tue Jan 25 22:29:31 UTC 2022 

Yes is true, but this does not work, I think they use DPI devices and if obfs4 / underlying Tor signature is detected, a permanent block for that bridge is added to firewall rules. I tried this many times, only when both side have iat-mode=1 or 2, it is undetected.

If one side has iat-mode=0, internet service provider permanently blocks access to the subnet of the bridge IP (/24), even ICMP / ping don't work anymore for all 255 ip's.. it's sad.

Thank you for hosting bridges, really!! Please make 5 with iat-mode 1 and 5 with iat-mode 2, just in case one iat-mode get's blocked.

خداحافظ

Gesendet: Dienstag, 25. Januar 2022 um 12:36 Uhr
Von: "s7r" <s7r at sky-ip.org>
An: tor-relays at lists.torproject.org
Betreff: Re: [tor-relays] We need bridges with iat-mode set to 1 and especially 2 as well!
juckiuscaesar at web.de wrote:
> Hey,
>
> I live in Iran. Can't disclose my ISP because one person using Tor was sent to jail recently even though he did nothing wrong.
>
> For all Bridge Admins:
>
> You can turn change iat-mode with this config entry in your torrc:
>
> ServerTransportOptions obfs4 iat-mode=2
>
> Good Luck.

Hello,

Wasn't that iat-mode can be used either at one side either at both sides?

E.g. if you use only at your side (client) iat-mode=2 but the bridge
runs with iat-mode=0, then only your client will inject traffic but it
might still be enough to bypass the filters of the censor.

Of course if both sides (client and bridge) use iat-mode=2 both sides
contribute and offering a higher degree of obfuscation, but still, worth
trying with just client set to iat-mode=2 and bridge set to iat-mode=0
just so we know here.

So, could you please get an obfs4 bridge from the usual location
(bridges.torproject.org) that has a iat-mode=0 (like tha majority of
course) and run it in your client with an overwritten iat-mode=2
setting, then tell us if it connects to Tor? This will let us know how
helpful the current iat-mode=0 obfs4 bridges are for Iran.

I am spinning 10 new bridges within 24 hours with obfs4, ipv6, low ports
and iat-mode=2 natively for Iran anyway, just because you mailed us, but
still if you could try what I suggested and let us know it would be great.

Thank you, stay safe!
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list