[tor-talk] obfsproxy on CentOS 6 (help Iran)
Ondrej Mikle
ondrej.mikle at gmail.com
Sun Feb 12 02:31:56 UTC 2012
On 02/12/2012 12:40 AM, Softail wrote:
> The attached script will configure a fresh 256MB CentOS 6.0 virtual machine
> on Rackspace as an obfsproxy bridge. You have to say yes several times and
> it takes awhile but it will eventually reboot as an obfsproxy bridge. I
> know it gives an error at the end but it does work.
>
> You will have to winkle out the IP address and obfsproxy port
>
> grep ORPort /var/log/tor/tor.log
> grep obfs /var/log/tor/tor.log
>
> and send them to tor-assistants at torproject.org
It's also possible to run obfsproxy with "stable" Tor, one just needs to execute
it manually, like mentioned here:
https://trac.torproject.org/projects/tor/ticket/5009#comment:17
Also, you can avoid LD_LIBRARY_PATH hack by using ldconfig (I'll write whole
howto for installing into /opt):
tar xzf libevent-2.0.16-stable.tar.gz
cd libevent-2.0.16-stable
./configure --prefix=/opt/libevent --with-pic --enable-openssl
make
make install #(as root)
#Create a file /etc/ld.so.conf.d/libevent2.conf containing following line:
/opt/libevent/lib/
#Then, as root, run:
ldconfig
cd /some/directory/to/put/obfsproxy/source/in
git clone https://git.torproject.org/obfsproxy.git
cd obfsproxy
export libevent_CFLAGS=-I/opt/libevent/include
export libevent_LIBS="-L/opt/libevent/lib -levent"
./autogen.sh && ./configure --prefix=/opt/obfsproxy && make
make install #(as root)
#One way to run it without screen in background, assuming 9001 is your
#ORPort and you want obfsproxy to listen on port 2345:
(/opt/obfsproxy/bin/obfsproxy obfs2 --dest=127.0.0.1:9001 server 0.0.0.0:2345 \
</dev/null >>obfsproxy.log 2>&1 & echo $! > obfsproxy.pid)
Checking that your obfsproxy works (on other computer on another network, in
obfsproxy directory; you'll need to install "socat", run each command in
separate terminal; replace _ip_address_of_your_bridge_ with IP of your bridge):
./obfsproxy obfs2 socks 127.0.0.1:50000 #no idea how to use just the client mode
socat -d -d TCP4-LISTEN:5353,bind=localhost,reuseaddr,fork \
SOCKS4A:localhost:_ip_address_of_your_bridge_:2345,socksport=50000
#In another terminal, check that the fingerprints match
openssl s_client -connect localhost:5353 </dev/null 2>/dev/null | openssl \
x509 -noout -fingerprint
openssl s_client -connect _ip_address_of_your_bridge_:2345 </dev/null \
2>/dev/null | openssl x509 -noout -fingerprint
The line printed by the "openssl" commands should be identical.
Ondrej
More information about the tor-talk
mailing list