[tor-talk] Why obfs4 bridges aren't work in Tails?

Alan Hiew alanhiew at openmailbox.org
Mon Apr 20 22:33:43 UTC 2015


Thu, 16 Apr 2015 20:25:08 +0300
s7r <s7r at sky-ip.org>:

> 
> On Debian Wheezy 64bit with Tor 0.2.5.10 and obfs4proxy installed from
> deb.torproject.org/torproject.org obfs4proxy main (via apt-get) 3
> obfs4 bridges out of a total of 31 crashed with no error or warn in
> Tor log.
> 
> /var/log/tor was an empty file
> /var/log/tor/log.1 (log rotation) had in the last lines the regular
> heartbeat notices, with info about total circuits, relayed traffic,
> [... ]
> 
> Simply started the Tor daemon again on these 3 servers and they are up
> and running, no problem. Will keep an eye on this.
> 

I've made some log analisys and (may be) found why obfs4 bridges don't
work correctly.

I've used tcpdump created by that command:

sudo tcpdump ip -n -nn -x | tee tcpdump.txt

and Tor log file located at /var/log/tor/log


The possible reason is IP-packet fragmentation. I
suspect that obfs4-protocol require sending big packet (with "no
fragmentation" flag/option) and router of my local network and(or)
other routers on the connection way can not pass these packets. My
routers answer: "unreachable - need to frag (mtu 1456)". And in Tor
log:


[info] smartlist_choose_node_by_bandwidth(): Empty routerlist passed in to old node selection for rule weight as guard
[info] should_delay_dir_fetches(): Delaying dir fetches (no running bridges known)
[info] compute_weighted_bandwidths(): Empty routerlist passed in to consensus weight node selection for rule weight
as guard

many times.

obfs3, obfs2 and bridges without pluggable transport all are working
correctly.

WBR, Alan Hiew


More information about the tor-talk mailing list