/pluggable-transports/obfs4.git/obfs4proxy`
To install:
Copy `$GOPATH/bin/obfs4proxy` to a permanent location (Eg: `/usr/local/bin`)
Regards,
--
Yawning Angel
pgprIqKr4egaS.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor
cal zones" in there.
https://tools.ietf.org/html/rfc1033
Regards,
--
Yawning Angel
pgpDm9wLHW9uc.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
aware this still requires using OpenSSL 1.1.x
(currently beta), and I don't remember off the top of my head if the
code necessary to use newer OpenSSL was backported to pre 0.2.9.x.
Regards,
--
Yawning Angel
pgpaOaNrGPCRk.pgp
Description: Open
://trac.torproject.org/projects/tor/ticket/13202 if you
wish to know more about this.
Best Regards,
--
Yawning Angel
[0]: Apparently this is not worth patching 0.2.4.x for, which I
personally view as unfortunate.
signature.asc
Description: PGP signature
to
catch up as the wonderful packager has the time.
Questions, comments, and bridges appreciated,
--
Yawning Angel
[0]: https://trac.torproject.org/projects/tor/ticket/12130
[1]: https://trac.torproject.org/projects/tor/ticket/13202
signature.asc
Descript
armhf packages will not.
NB: I have not tested either, because I do not have the hardware.
Regards,
--
Yawning Angel
signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/c
ng an obfs4 bridge!
(obfs4proxy can also speak obfs3 if you also want to run one of those,
as an alternative to installing obfsproxy. That code is well exercised
at this point and we have a bridge running it that has pushed multiple
TB worth of obfs3 traffic.)
--
Yawning Angel
[0]: I added tha
est things. On new snapshots (or
fingers crossed official Tor Browser builds with obfs4 support), what
is in the text file will be correct (though the older format is
naturally also supported).
Sorry for the confusion,
--
Yawning Angel
[0]:https://gitweb.torproject.org/pluggable-transports/
ine from /var/lib/tor/pt_state/obfs4_bridgeline.txt on
# the bridge, edited to replace the placeholders.
Bridge obfs4 .
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Regards,
--
Yawning Angel
pgppcCFdDzY4L.pgp
Description: OpenPGP digital signature
__
On Tue, 28 Oct 2014 04:46:37 +
Yawning Angel wrote:
> You could either "Wait for Tor Browser 4.5-alpha" which I am told will
> happen "Soon", or run a tor instance and edit the torrc to use your
> bridge. The same obfs4proxy binary also acts as the client.
Just
x27;ve heard someone complaining about the tor
AppArmor profile but that also isn't something I've dealt with ever.
Regards,
--
Yawning Angel
[0]: I just scp the binary to my bridge whenever I need to update it,
and my idea of how to update all my linux systems starts with "pacman"
and n
t.
Regards,
--
Yawning Angel
pgpmuupux5jWY.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
z
If you have an obfs4proxy binary compiled for windows, you can run an
obfs4 bridge on windows (as well as any of the other transports
supported by obfs4proxy, which is currently obfs2/obfs3).
I'm not really understanding the question...
--
Yawning Angel
pgpOcwxBJWQa3.pgp
Descr
ion added.
On the bridge look at: /var/lib/tor/pt_state/obfs4_bridgeline.txt
Regards,
--
Yawning Angel
pgpFLZLKb3nNp.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/c
RM
Assuming you can get a go compiler on the board the normal manual build
instructions should work
$ go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy
$ sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin
But naturally you lose the benefits of package management.
Reg
y - must be run as a managed
transport
If not, what does 'file /path/obfs4proxy' say?
Regards,
--
Yawning Angel
pgpfSUWdONl0s.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, 16 Apr 2015 18:37:10 +
jchase wrote:
> Hello,
> When I run either ./obfs4proxy or obfs4proxy.go I get:
>
> ./obfs4proxy: line 1: /bin: Is a directory
> ./obfs4proxy: line 2: syntax error near unexpected token `('
> ./obfs4proxy: line 2: ` * Copyright (c) 2
er. Prior versions of Go (Eg: 1.0.2) are missing
>certain important parts of the runtime library like a SHA256
>implementation.
Go 1.2 was released on December 1, 2013, so I'm not particularly
inclined to support older versions, especially since it means
re-implementing par
g the test suite, which according to the bug in
OpenSSL's bugtracker, would have failed".
Both of these dastardly details are hidden in the depths of the file
misleadingly titled "README" in cryptodev-linux-1.7.tar.gz, under the
heading "* OpenSSL:".
Regards,
--
know.
Instead of some garbage TI part, use something that supports ARM-v8's
AES, SHA1, SHA256, and VMULL instructions.
Regards,
--
Yawning Angel
pgp0uhdF2rE_Y.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
s occur, see
#13202 for people shooting that idea down when I first brought it up a
long time ago.)
No idea about the port already in use thing. Check the processes on
the system to see if you have a defunct obfs4proxy instance hanging
around (obfs4proxy 0.0.5 makes this less lik
"Running a Bridge" portion of the
> bridges.html page, [3] but I'm totally open to suggestions if people
> think the documentation should go into the FAQ page, or on a wiki
> page (or link to a wiki page, so that it's easier for community
> members to contr
y better in this regard,
and of all the things to do wrt the bwauths, bolting more features on
is not something I would personally consider important right now.
Regards,
--
Yawning Angel
pgpxg2NGmHUOU.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
ct that TCP/IP breaks when write calls are done when the
system is breaking PMTUD is not an obfs4 issue.
In sane environments where PMTUD works, obfs4 has no issues with
shorter than normal MSS.
Regards,
--
Yawning Angel
pgpdutIpIar2D.pgp
Description:
a separate file.
You can kind of do this with a `--defaults-torrc` file and a separate
file (probably autogenerated) containing all your other things. Or
start Tor with `DisableNetwork` set, and use the control port to load
your tinfoil hattery.
Regards,
--
Yawning Angel
pgpAqJK4TjJkY.pgp
Desc
trickier prospect. It's
important that every relay can talk to every other relay, and TCP NAT
traversal when both boxes are behind NATs requires a intermediary of
some sort (See: http://nutss.gforge.cis.cornell.edu/pub/imc05-tcpnat.pdf
for a reasonable intro to how this works[0]).
Regards,
uot; cycle to complete) or if you are having
> trouble with your current relay being measured properly, in a few
> days I'm considering to give away several fingerprints+keys from my
> relays that I will be shutting down.
What are the fingerprints so they can be rejected by the Di
h side so that consensus weight
and flag assignment gets totally reset if the ORPort IP changes, but if
there's too much churn already it may cause more trouble than it's
worth.
Regards,
--
Yawning Angel
pgpp5HzUsPwa3.pgp
Description: OpenPGP digital signature
___
> seemed like a waste.
If I have to write a script to figure out the fingerprints of your
relays just to keep users safe I will. I have 3 million other things I
rather be doing, but keeping the user safe from the bad guys (no matter
how good their intentions) is the most important thing I coul
ning behavior I envision, a relay
that changes an IP once in a blue moon still remains useful, a relay
that changes an IP frequently (for some definition of frequently) will
be used as a middle only (which is still useful).
Regards,
--
Yawning Angel
pgpSnPvF1AUtK.pgp
Description: OpenPGP digita
discussion for practical issues caused by such devices.
Regards,
--
Yawning Angel
pgpcciOfZ2l9G.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
to the network. If your router is
working, then great, it meets what should be a minimum standard of
usefulness.
--
Yawning Angel
pgpussxvlgPmc.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
operator on what to do.
Apart from a short term decrease in network capacity/diversity, I see
spinning up new relays as an equally good alternative here (with enough
prior notice to teardown, even the current bwauths will get around to
measuring things, assuming the chicken entrails are spread correc
d is that you
became one of the HSDirs for a popular hidden service (use your
imagination as to which one, there's a few that cause a lot of traffic).
I wouldn't worry about it that much.
Regards,
--
Yawning Angel
pgpXC4cMYXbRp.pgp
Description: OpenPGP digital signature
__
for a large number of users is going to be
rather high (Near insurmountable for the amount of bandwidth you are
contributing).
The one upshot of all this is that people are now thinking about the
implication of a Guard moving, which hopefully will lead to a safer Tor
for the userbase in the future.
es (elliptic curve) have overtaken
> older RSA connections.
This has nothing to do with TAP vs ntor, and only affects TLS.
--
Yawning Angel
pgpay0pHTe22G.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
be for, but it hasn't been
maintained in a while, and is known to be buggy.
Getting time/funding to work on that if my recollection is correct
would be great I think.
Regards,
--
Yawning Angel
pgpXT0PaEG1Tg.pgp
Description: OpenPGP digital signature
___
n an extra package needs to be installed to get the setcap
executable, but I don't remember what it is off the top of my head.
For more information see setcap(8) and capabilities(7).
Regards,
--
Yawning Angel
pgp4AU2Cj4baV.pgp
Description: OpenPGP digital signature
___
total
> connection counts.
This does present us with an opportunity to gain an actual estimate for
the number of botnet clients since there's a way to distinguish them
from normal users.
Not sure if we'd require actual metrics or if this is just a matter
eems rather pointless and counter productive.
Regards,
--
Yawning Angel
pgpN_FdyxPXrW.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
's quite annoying that Tor doesn't remember its auto-picked port,
> and I have to change the port-forwarding rule every time.
This should get persisted in the state file.
Regards,
--
Yawning Angel
pgp29dnnHV2KV.pgp
Description: OpenPGP digital signature
_
On Fri, 8 Jan 2016 23:39:59 +1100
David Tomic wrote:
> Is there something incredibly simple which I'm simply just not doing
> properly, or is there possibly more going on here than first meets
> the eye?
Set the `Address` option in each torrc, otherwise tor will guess.
--
vely targeted as well, but the various transports do
raise the bar by varying amounts.
Apart from the cases involving Bridges and PTs, explicitly hiding Tor
use is not in Tor's threat model either (and probably can't be without
a major re-design of how the network works, which is unlikel
ort for the ARMv8 hardware
AES acceleration.
This requires 0.2.8.x from the maint-028 branch (or master if you're
brave) since I recently fixed tor (again) to compile with this version
of the library, but the changes will be in the next 0.2.8 release
candidate.
Regards,
g fire. :P
Realistically I'd wait till there at least is a formal OpenSSL 1.1.0
release before using it for more than testing. But I figured it would
be good to note that the RasPi3 will benefit.
Regards,
--
Yawning Angel
[0]: Obvious hyperbole is obvious.
pgp
hysically controlled by you is between you and the SOCKS proxy
server[0], simply based on the request (and authentication if you
chose to use such things) being in the clear.
Regards,
--
Yawning Angel
[0]: So, SOCKS over an internal network to a VM/magical anonymity box
may be ok (depending on your thr
e bandwidth, where is
this mentioned?
Regards,
--
Yawning Angel
pgpHHhOs7T6BB.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, 7 May 2016 20:38:08 +0200
Toralf Förster wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 05/07/2016 08:27 PM, Yawning Angel wrote:
> > Apart from accounts that have grandfathered free bandwidth, where
> > is this mentioned?
> >
>
t though, so, anyone know how to interfere with that? It's
> Moxie, mind you, so it's probably bulletproof.
Run a version of tor more recent than 0.2.2.17-alpha.
https://trac.torproject.org/projects/tor/ticket/1751
--
Yawning Angel
pgp99DIM4H2BZ.pgp
ers.
On Sun, 5 Jun 2016 18:20:56 +0200
fatal wrote:
> Hello,
>
> openssl with enabled padlock and tor stable crashes on my via nano
> servers running linux and freebsd.
How's it crashing, what are the versions of the relevant components? My
gut feeling would be an OpenSSL bug o
; > All quite expected and well known ever since the
> > dawn of overlay networks. Same with the Internet.
>
> Also, wasn't there a change that made discovery impossible?
Prop 224 will fix it, but that hasn't been fully implemented yet.
Using `stealth` HS auth in th
tandard
CentOS compiler will choke on.
From my perspective it would be easier to fix obfsproxy to better
tolerate dependencies being prehistoric, but again, without a detailed
bug report to work off of, that won't happen unless by happy accident.
Regards,
--
Yawn
On Fri, 25 Apr 2014 22:43:38 -0400
Steve Snyder wrote:
>
> On 04/24/2014 11:16 PM, Yawning Angel wrote:
> > On Thu, 24 Apr 2014 20:00:53 -0400
> > Steve Snyder wrote:
> >
> >> Let us know if/when obfsproxy runs on CentOS.
> >
> > It's broken
On Sat, 26 Apr 2014 06:05:27 +
Yawning Angel wrote:
[snip]
> I'll look into adding backward compatibility code for the version of
> pycrypto CentOS packages so it's possible to setup one of these
> without pulling in all the development tools next (Git is temporary
> t
to allow
connections to the ORPort and DirPort.
Good luck and thanks for running a relay!
--
Yawning Angel
signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin
55 matches
Mail list logo
