[tor-bugs] #20943 [Obfuscation/Obfsproxy]: Clarify documentation for obfs4 setup

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Dec 11 11:23:22 UTC 2016 

#20943: Clarify documentation for obfs4 setup
-----------------------------------+---------------------
 Reporter:  kaie                   |          Owner:  asn
     Type:  task                   |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Obfsproxy  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+---------------------

Comment (by kaie):

 Now that I understand it better, I'd like to amend the configuration I had
 suggested above for /etc/tor/torrc:

 ----------------
 ORPort IPADDRESS:443
 Address IPADDRESS
 OutboundBindAddress IPADDRESS

 ## 0 means: private bridge, do not publish
 ## 1 means: bridge information automatically published
 PublishServerDescriptor 0

 SocksPort 0
 BridgeRelay 1
 Exitpolicy reject *:*

 ExtORPort auto
 ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy --enableLogging
 --logLevel=INFO

 NickName BRIDGE-NICKNAME

 Log notice file /var/log/tor/notice.log
 ----------------


 The configuration "ExtORPort auto" is preferred, because it's better if
 different bridges use different port numbers, as it prevents censors from
 simply blocking a common bridge port number.

 On first start, a random port number will be assigned on which obfs4proxy
 will listen.

 That port number assignment will be cached, so it will be stable, even
 after restarting the software or the server.

 You need to lookup which port number has been assigned. Search the Tor
 logfile for obfs4.

 This is the port number that you must use in the bridge configuration line
 that you use on the client side that wants to connect to your bridge
 (instead of 9004 I had mentioned above), and a potential firewall must
 allow incoming connections on that port to the system that runs the
 bridge.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20943#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list