[tor-relays] bridge not accessible through obfs4 port
entensaison at use.startmail.com
entensaison at use.startmail.com
Fri Jul 13 17:32:40 UTC 2018
>> Today I actually tried to connect to it and it is possible to
>> connect to the
>> bridge using the ORport.
>> But when I tried to start tor browser with this setting to use
>> obfs4:
>>
>> obfs4 12.345.67.89:1111 (only with the right numbers)
>
>> it got stuck at "establishing an encrypted network connection".
>> I checked on canyouseeme.org and both the vanilla ORport and the
>> obfs4 port
>> seem to be accessible from outside.
> The obfs4 protocol needs to have not just the IP and port, but also
> the shared secret.
>
> For example, a valid obfs4 bridge line looks like:
>
> obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55
> cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ
> iat-mode=0
>
> The other parameters are needed because the client needs to prove
> knowledge of the shared secret before the bridge will admit to being
> a
> bridge.
>
> That's because one of the steps in the arms race has been "active
> probing"
> by China, where they use DPI to notice connections that might be
> obfs4,
> and then do their own follow-up connection speaking the obfs4
> protocol,
> and if it talks obfs4 back, they know they can block it:
> https://www.freehaven.net/anonbib/#foci12-winter
>
>> My router is set to allow TCP and UDP on the port for obfs4.
> obfs4 only needs TCP.
>
Thanks for your replies! :)
>
Seems like I followed the instructions on
https://www.torproject.org/docs/bridges.html.en and replaced obfs3 with
obfs4 without thinking xD.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180713/97613ef6/attachment.html>
More information about the tor-relays
mailing list