Greeting everyone, I've been running a TOR relay for a couple of years and as recently posted, my bandwidth usage has dribbled down to almost nothing. I was going to pull the relay as the ubuntu box is basically doing nothing and not being utilised by TOR.
Then I saw the above email about being a bridge and thought, fine, I'll configure it to be a bridge and help out someone. Tried to do it via the docker/script method, but soon realised that was outside my skill level (hey stop laughing! :P) So I did it via the method here: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy Setting ORPort to 443 as suggested. I forwarded that port on the router and then tested it, but it said it was closed. So I thought my router was playing up. I checked a few other ports using online tools and a few of them were closed. I forwarded a new another port to some other software on another machine and that worked?! So I realised the ports are open on the router but closed on the ubuntu machine. I've played around with all the settings, changed by torrc file to a really basic one of: RunAsDaemon 1 > BridgeRelay 1 > > # Replace "TODO" with a Tor port of your choice. This port must be > externally > # reachable. Avoid port 9001 because it's commonly associated with Tor and > # censors may be scanning the Internet for this port. > ORPort 9051 > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > # Replace "TODO" with an obfs4 port of your choice. This port must be > # externally reachable. Avoid port 9001 because it's commonly associated > with > # Tor and censors may be scanning the Internet for this port. > ServerTransportListenAddr obfs4 0.0.0.0:443 > > # Local communication port between Tor and obfs4. Always set this to > "auto". > # "Ext" means "extended", not "external". Don't try to set a specific port > # number, nor listen on 0.0.0.0. > ExtORPort auto > > # Replace "<addr...@email.com>" with your email address so we can contact > you if > # there are problems with your bridge. This is optional but encouraged. > ContactInfo blades1...@gmail.com > > # Pick a nickname that you like for your bridge. This is optional. > Nickname MelbTORbridge > I was able to monitor tor still with NYX, but that seems to have stopped and given me an error of: > Unable to authenticate: socket connection failed ([Errno 104] Connection > reset by peer) > I was blowing a gasket yesterday and about to flush the whole machine, but left it for the day and figured I'd ask for help before I scrap it and go back to the original tor relay Torrc file. Any help would be greatly appreciated. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-4885-a> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> On Wed, Jul 3, 2019 at 1:01 PM Philipp Winter <p...@torproject.org> wrote: > On Wed, Jul 03, 2019 at 02:09:02AM +0000, to...@protonmail.com wrote: > > Looking at the new, improved instructions for Debian/Ubuntu obfs4 > > bridges, I am confused by the talk about a fixed obfs4 bridge port. > > The line to do this is commented out. Does that mean it is optional > > to give obfs4 a fixed port? If it were a random port, however, I'd > > need a lot of open ports on my firewall... > > We recommend to not set ServerTransportListenAddr and keep the "ORPort > auto" setting, which makes Tor pick a random OR and obfs4 port for you. > These random ports persist across restarts, so you only have to forward > them once -- at least as long as you keep your data directory. We don't > provide a static port in the sample config because we don't want > operators to end up with the same port. If that was the case, censors > could scan the IPv4 address space for these ports and block all bridges > they find that way. > > That said, feel free to choose your own obfs4 port. For example, we > could use more bridges whose obfs4 port is 443. Just avoid port 9001 as > it's commonly associated with Tor and an attractive target for > Internet-wide scanning. > > I hope this clears things up a bit. > > Cheers, > Philipp > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
