[tor-talk] obfsproxy on CentOS 6 (help Iran)

Ondrej Mikle ondrej.mikle at gmail.com
Sun Feb 12 02:31:56 UTC 2012


On 02/12/2012 12:40 AM, Softail wrote:
> The attached script will configure a fresh 256MB CentOS 6.0 virtual machine
> on Rackspace as an obfsproxy bridge. You have to say yes several times and
> it takes awhile but it will eventually reboot as an obfsproxy bridge. I
> know it gives an error at the end but it does work.
> 
> You will have to winkle out the IP address and obfsproxy port
> 
> grep ORPort /var/log/tor/tor.log
> grep obfs /var/log/tor/tor.log
> 
> and send them to tor-assistants at torproject.org

It's also possible to run obfsproxy with "stable" Tor, one just needs to execute
it manually, like mentioned here:
https://trac.torproject.org/projects/tor/ticket/5009#comment:17

Also, you can avoid LD_LIBRARY_PATH hack by using ldconfig (I'll write whole
howto for installing into /opt):

tar xzf libevent-2.0.16-stable.tar.gz
cd libevent-2.0.16-stable
./configure --prefix=/opt/libevent --with-pic --enable-openssl
make
make install #(as root)

#Create a file /etc/ld.so.conf.d/libevent2.conf containing following line:
/opt/libevent/lib/
#Then, as root, run:
ldconfig

cd /some/directory/to/put/obfsproxy/source/in
git clone https://git.torproject.org/obfsproxy.git
cd obfsproxy
export libevent_CFLAGS=-I/opt/libevent/include
export libevent_LIBS="-L/opt/libevent/lib -levent"
./autogen.sh && ./configure --prefix=/opt/obfsproxy && make
make install #(as root)

#One way to run it without screen in background, assuming 9001 is your
#ORPort and you want obfsproxy to listen on port 2345:

(/opt/obfsproxy/bin/obfsproxy obfs2 --dest=127.0.0.1:9001 server 0.0.0.0:2345 \
  </dev/null >>obfsproxy.log 2>&1 & echo $! > obfsproxy.pid)

Checking that your obfsproxy works (on other computer on another network, in
obfsproxy directory; you'll need to install "socat", run each command in
separate terminal; replace _ip_address_of_your_bridge_ with IP of your bridge):

./obfsproxy obfs2 socks 127.0.0.1:50000 #no idea how to use just the client mode
socat -d -d TCP4-LISTEN:5353,bind=localhost,reuseaddr,fork \
 SOCKS4A:localhost:_ip_address_of_your_bridge_:2345,socksport=50000

#In another terminal, check that the fingerprints match
openssl s_client -connect localhost:5353 </dev/null 2>/dev/null | openssl \
 x509 -noout -fingerprint
openssl s_client -connect _ip_address_of_your_bridge_:2345 </dev/null \
 2>/dev/null | openssl x509 -noout -fingerprint

The line printed by the "openssl" commands should be identical.

Ondrej


More information about the tor-talk mailing list