[tor-relays] Confusing bridge signs...

Keifer Bly keifer.bly at gmail.com
Tue Feb 21 16:23:44 UTC 2023 

Ok, changed to port 8080 and upped my allowed traffic a bit:

GNU nano 3.2
              /etc/tor/torrc


Nickname gbridge
ORPort 8080
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom

Yes, I have limited bandwidth I can give so as to avoid being
massively charged for traffic. Perhaps there is a way to set tor to only
allow traffic with a small connection? Thanks.










--Keifer


On Tue, Feb 21, 2023 at 1:29 AM trinity pointard <trinity.pointard at gmail.com>
wrote:

> > And the reason why it's on port 443 is so as to be on a port that's not
> likely blocked by network administrators.
>
> That might be useful for the ORPort of a relay, and for the obfs4 port
> of a bridge, but not for the ORPort of a bridge. Clients are not
> supposed to connect to it.
> The only reason it's exposed is because the bridge authority still
> requires it to verify the bridge is reachable. See
> https://gitlab.torproject.org/tpo/core/tor/-/issues/7349.
> You are better of using 443 for the ServerTransportListenAddr, and
> some high port for ORPort.
>
> On Tue, 21 Feb 2023 at 03:05, Keifer Bly <keifer.bly at gmail.com> wrote:
> >
> > Well,
> >
> > So I just changed my torrc to this:
> >
> > Nickname gbridge
> > ORPort 443
> > SocksPort 0
> > BridgeRelay 1
> > PublishServerDescriptor bridge
> > BridgeDistribution email
> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > ExtOrPort auto
> > Log notice file /var/log/tor/notices.log
> > ExitPolicy reject *:*
> > AccountingMax 50 GB
> > ContactInfo keiferdodderblyyatgmaildoddercom
> >
> > Trying to avoid being charged a huge amount for traffic as these VPS
> providers can be ridiculous when it comes to that, which is why it was set
> to so little. Ran killall -HUP tor to reload it and see that happens in the
> next day or so. And the reason why it's on port 443 is so as to be on a
> port that's not likely blocked by network administrators. Thank you.
> > --Keifer
> >
> >
> > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
> trinity.pointard at gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> Your torrc is correct wrt to distribution mechanism (your bridge is
> >> indicating "bridge-distribution-request any" in the descriptor it
> >> sends), but for the record, the line would have been
> >> "BridgeDistribution any".
> >> A bridge uses less bandwidth than a relay, but it's still a proxy. At
> >> 5GB per month, you'd be providing a steady 16kbps over the month, or a
> >> single mbps for little over 11 hours. That's very little, if you can't
> >> have more bandwidth (by using a provider with no bandwidth accounting,
> >> or one that gives better pricing per bandwidth), I fear your bridge
> >> won't be very useful at all. Mine consumes between a few hundred GB
> >> and a few TB depending on the distribution mechanism.
> >>
> >> Are you sure your bridge is reachable? Bridgestrap reports suggest it
> isn't.
> >> As the bridge operator, you should know its bridge line. Can you test
> >> it with Tor Browser to make sure?
> >> Given your accounting limits, it could be unreachable because
> >> currently hibernating. Or you could have a firewall issue, or
> >> something else.
> >> I believe not passing bridgestrap can explain not being assigned a
> >> distribution mechanism.
> >>
> >> It might also explain why it would be considered blocked in Russia: if
> >> it's not reachable from anywhere, it's not reachable from Russia. An
> >> other possibility, given you use 443 for your ORPort, is that your
> >> bridge was indeed detected by just scanning the whole internet. The
> >> ORPort is very recognizable (enough that some of my former bridges
> >> ended up tagged "tor" on Shodan) so it should be put on a port that's
> >> less likely to be scanned.
> >>
> >> Regards,
> >> trinity-1686a
> >>
> >> On Mon, 20 Feb 2023 at 21:29, Keifer Bly <keifer.bly at gmail.com> wrote:
> >> >
> >> > Where in the torrc file would I set it to any? I am looking for a way
> to run a bridge without being charged a huge amount of money for it, and I
> was curious how it would have been detected by Russia if noone had used the
> bridge there? Thanks.
> >> > --Keifer
> >> >
> >> >
> >> > On Mon, Feb 20, 2023 at 8:45 AM <lists at for-privacy.net> wrote:
> >> >>
> >> >> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
> >> >> > Ok. Here is the torrc file:
> >> >> >
> >> >> >   GNU nano 3.2                                   /etc/tor/torrc
> >> >> >
> >> >> >
> >> >> > Nickname gbridge
> >> >> > ORPort 443
> >> >> > SocksPort 0
> >> >> > BridgeRelay 1
> >> >> > PublishServerDescriptor bridge
> >> >> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> >> >> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> >> >> > ExtOrPort auto
> >> >> > Log notice file /var/log/tor/notices.log
> >> >> > ExitPolicy reject *:*
> >> >> > AccountingMax 5 GB
> >> >> > ContactInfo keiferdodderblyyatgmaildoddercom
> >> >> >
> >> >> >
> >> >> > Where in this torrc file is that configured?
> >> >> Then set it to 'any' and wait 24-48 hours to see what happens. Maybe
> there was
> >> >> an error in the db.
> >> >>
> >> >> If your bridge is still not distributed, it could be due to the
> outdated
> >> >> obfs4proxy or because of 'AccountingMax 5 GB'.
> >> >> Sorry but, 5 GB is a 'fart in the wind' the accounting period would
> only be a
> >> >> few hours a month. It's not even worth distributing them because it
> would only
> >> >> frustrate the users.
> >> >>
> >> >> > And how would it be blocked in
> >> >> > Russia already if it hasn't even been used?
> >> >> Why should this new feature of the bridgedb, more precisely the
> rdsys backend,
> >> >> have anything to do with whether someone uses a bridge? This is a
> bridgedb
> >> >> distribution method introduced by meskio.
> >> >>
> >> >>
> >> >> --
> >> >> ╰_╯ Ciao Marco!
> >> >>
> >> >> Debian GNU/Linux
> >> >>
> >> >> It's free software and it gives you
> freedom!_______________________________________________
> >> >> tor-relays mailing list
> >> >> tor-relays at lists.torproject.org
> >> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >> >
> >> > _______________________________________________
> >> > tor-relays mailing list
> >> > tor-relays at lists.torproject.org
> >> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >> _______________________________________________
> >> tor-relays mailing list
> >> tor-relays at lists.torproject.org
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230221/4bafb470/attachment.htm>

More information about the tor-relays mailing list