[tor-bugs] #33336 [Circumvention/Snowflake]: Deploy a Turbo Tunnel–aware Snowflake bridge

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 15 17:35:30 UTC 2020 

#33336: Deploy a Turbo Tunnel–aware Snowflake bridge
-------------------------------------+--------------------------
 Reporter:  dcf                      |          Owner:  dcf
     Type:  task                     |         Status:  assigned
 Priority:  Medium                   |      Milestone:
Component:  Circumvention/Snowflake  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:  turbotunnel              |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+--------------------------

Comment (by dcf):

 Here are two Tor Browser builds. These are what I hope to announce to
 testers. They are built from the [https://gitweb.torproject.org/user/dcf
 /tor-browser-build.git/log/?h=snowflake-turbotunnel-
 kcp&id=96495fea60b2a5aac9808343cb0d3bcec87c9230 snowflake-turbotunnel-kcp]
 and [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/log/?h
 =snowflake-turbotunnel-quic&id=06e0ad9d4ef4c1094638648515fc846c37b1b704
 snowflake-turbotunnel-quic] branches of tor-browser-build.git
 respectively. In both cases I had the rbm submodule at
 [https://gitweb.torproject.org/user/boklm/rbm.git/log/?h=bug_33283_v2&id=e4f12abe9ed81050994b5345c21b988005259396
 bug_33283_v2] from #33283 in an attempt to speed up the build.
  * [https://people.torproject.org/~dcf/pt-bundle/tor-browser-snowflake-
 turbotunnel-kcp-9.5a5-20200215/ tor-browser-snowflake-turbotunnel-
 kcp-9.5a5-20200215]
  * [https://people.torproject.org/~dcf/pt-bundle/tor-browser-snowflake-
 turbotunnel-quic-9.5a5-20200215/ tor-browser-snowflake-turbotunnel-
 quic-9.5a5-20200215]

 Both builds have [https://gitweb.torproject.org/user/dcf/tor-browser-
 build.git/commit/?h=snowflake-turbotunnel-
 kcp&id=59aa57b64682a17f4aaa62fae9633732dce4a1a9 a commit] that attempts to
 disable automatic updates for 60 days. My reasoning is that we don't want
 our testers to experience an automatic update while they are testing these
 special builds, because an update would remove the snowflake-turbotunnel
 features. But also, if someone for some reason decides to keep using an
 experimental build, we don't want them to be stuck on a non-updating
 browser forever.

 == How to try them locally ==

 When we deploy the [[comment:1|triple-mode bridge]], it will be possible
 to just select "snowflake" from the menu. But until a Turbo Tunnel–aware
 bridge is deployed, you have to run a broker, proxy, and bridge locally.

 1. Download the turbotunnel branch and build all but the client.
    {{{
 git clone https://git.torproject.org/pluggable-transports/snowflake.git
 cd snowflake
 git remote add dcf https://git.torproject.org/user/dcf/snowflake.git
 git fetch dcf
 git checkout d5be0906ffe4ef8de8a9345690713bc362d3bcee # turbotunnel branch
 for d in broker proxy-go server; do (cd $d && go get); done
 # set dependencies to the same versions that Tor Browser uses
 (cd $GOPATH/src/github.com/lucas-clemente/quic-go && git checkout
 907071221cf97f75398d9cf8b1174e94f56e8f96)
 (cd $GOPATH/src/github.com/marten-seemann/qtls && git checkout
 65ca381cd298d7e0aef0de8ba523a870ec5a96fe)
 for d in broker proxy-go server; do (cd $d && go build); done
    }}}
 2. Run the broker.
    {{{
 broker/broker --disable-tls --addr 127.0.0.1:8000
    }}}
 3. Run a proxy.
    {{{
 proxy-go/proxy-go --broker http://127.0.0.1:8000/ --relay
 ws://127.0.0.1:8080/
    }}}
 4. Run the bridge. Create a file called '''torrc.server''' with the
 contents
    {{{
 DataDirectory datadir-server
 SocksPort 0
 ORPort 9001
 ExtORPort auto
 BridgeRelay 1
 AssumeReachable 1
 PublishServerDescriptor 0
 ServerTransportListenAddr snowflake 0.0.0.0:8080
 ServerTransportPlugin snowflake exec server/server --disable-tls --log
 snowflake-server.log
    }}}
    Then run the command
    {{{
 tor -f torrc.server
    }}}
 5. Unpack the Tor Browser package and edit the file
 '''Browser/TorBrowser/Data/Tor/torrc-defaults'''. Change the
 `ClientTransportPlugin snowflake` line to make it use the local broker:
    {{{
 ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports
 /snowflake-client -url http://127.0.0.1:8000/ -ice
 stun:stun.l.google.com:19302
    }}}
 6. Run Tor Browser. Select '''Configure''', then '''Tor is censored in my
 country''', then '''Provide a bridge I know'''. In the box, enter
    {{{
 snowflake 0.0.3.0:1
    }}}
 7. Click '''Connect''' and everything should start working. Keep an eye on
 the proxy-go output to see if packets are flowing. The Turbo Tunnel
 feature means you should be able to leave the browser idle for hours and
 have it still be working later, in the worst case after a wait of 30
 seconds.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33336#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list