Today I actually tried to connect to it and it is possible to
connect to the
bridge using the ORport.
But when I tried to start tor browser with this setting to use
obfs4:
obfs4 12.345.67.89:1111 (only with the right numbers)
it got stuck at "establishing an encrypted network connection".
I checked on canyouseeme.org and both the vanilla ORport and the
obfs4 port
seem to be accessible from outside.
The obfs4 protocol needs to have not just the IP and port, but also
the shared secret.
For example, a valid obfs4 bridge line looks like:
obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55
cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ
iat-mode=0
The other parameters are needed because the client needs to prove
knowledge of the shared secret before the bridge will admit to being
a
bridge.
That's because one of the steps in the arms race has been "active
probing"
by China, where they use DPI to notice connections that might be
obfs4,
and then do their own follow-up connection speaking the obfs4
protocol,
and if it talks obfs4 back, they know they can block it:
https://www.freehaven.net/anonbib/#foci12-winter
My router is set to allow TCP and UDP on the port for obfs4.
obfs4 only needs TCP.
Thanks for your replies! :)
Seems like I followed the instructions on
https://www.torproject.org/docs/bridges.html.en and replaced obfs3 with
obfs4 without thinking xD.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
