Please try out the new bridge features

Roger Dingledine arma at mit.edu
Mon Jul 30 12:13:06 UTC 2007


Hi folks,

The upcoming 0.2.0.3-alpha release has a couple new features from the
blocking-resistance design we're working on. I'm going to write down more
details about how it works soon, but I wanted to give people a chance
to play with it (and report problems) now that it'll be out in a release.

For background on the design, see
https://tor.eff.org/svn/trunk/doc/design-paper/blocking.html

In short, the new Tor release lets you run a relay that isn't in the
main directories (known as a bridge), and you can configure your client
by giving it a set of bridge addresses to use as your first hop into
the Tor network and as your source of directory information. There's no
support in Vidalia for it yet, and the design is still in flux, but here
are some tips to get you started.

(Warning: these instructions are geared for people who are comfortable
editing their torrc and messing around with Tor. If it breaks and
you think it's a bug, please let me know; if you just fail to get it
working, wait for a few more releases and it'll be easier. Also, note
that these features alone do not provide very good blocking-resistance;
more features are on the way still.)

Thanks!
--Roger

********* Part one: using a bridge when you're a client *****

Add these lines to your torrc file:

  UseBridges 1
  TunnelDirConns 1
  Bridge 128.31.0.34:9009 4C17 FB53 2E20 B2A8 AC19 9441 ECD2 B017 7B39 E4B1

You can specify as many Bridge lines as you like, one for each bridge
you'd like to use. You can leave out the key if you don't know it or
don't care:

  Bridge 128.31.0.34:9009

******** Part two: setting up your own bridge ***********

Configure yourself as if you were a normal Tor server. Make sure to
define a DirPort. Then add this line to your torrc file:

  PublishServerDescriptor 0

This makes you into a Tor server that doesn't advertise on the main
directory authorities. You should tell people your IP address and ORPort
(and optionally your identity fingerprint) and they can write their own
Bridge lines as in "Part one" above.

Optionally, you may want to set

  RelayBandwidthRate 50 KB
  RelayBandwidthBurst 50 KB

instead of the more traditional BandwidthRate and BandwidthBurst options,
so you can use your bridge as a Tor client too and not get hit by your
own rate limiting.

********Part three: a bridge directory authority *********

For the adventurous, I'm also running a temporary bridge directory
authority. If you want your bridge to publish to this bridge authority,
use these lines in your torrc:

  PublishServerDescriptor bridge
  dirserver moria1 v1 orport=9001 128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
  dirserver moria2 v1 orport=9002 128.31.0.34:9032 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
  dirserver tor26 v1 orport=443 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
  dirserver lefkada orport=443 140.247.60.64:80 38D4 F5FC F7B1 0232 28B8 95EA 56ED E7D5 CCDC AF32
  dirserver dizum 194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755
  dirserver moria5 orport=9005 bridge no-v2 128.31.0.34:9035 F812 FCC1 E3EB E2E8 1C09 E516 E51A F9BF AFE3 3974

The first line specifies to publish to all authorities of type 'bridge',
and the last line specifies a new dirserver of type bridge. The others
are just repeating the current dirservers so we don't lose them when we
define a new one. I promise I'll have a better interface for this soon. :)

Then clients that use your bridge can add

  UpdateBridgesFromAuthority 1

to their torrc, and now even if your IP:port change (for example you're
on a dynamic IP address), they'll still be able to find you again.



More information about the tor-talk mailing list