Opened 4 years ago

Closed 2 months ago

#13665 closed task (worksforme)

Update the obfsbridge setup instructions on the website

Reported by: asn Owned by: cypherpunks
Priority: Medium Milestone: website redesign
Component: Webpages/Website Version:
Severity: Normal Keywords: website-content, FAQ, obfsproxy
Cc: yawning Actual Points:
Parent ID: #25218 Points:
Reviewer: Sponsor:

Description

https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en#instructions

As sysrqb noted, the official obfsbridge setup instructions are actually obfsproxy setup instructions which only support obfs3. The instructions should be updated to also include obfs4 which is the future PT. Then, we should also include instructions for FTE.

Furthermore, the page is missing ExtORPort auto from the sample torrc. Should we add it there? If yes, we need to make sure that all those people will have tor-0.2.5.x installed.

I hope this is not a duplicate ticket.

Child Tickets

Change History (10)

comment:1 Changed 4 years ago by asn

Cc: yawning added
Keywords: pt yawning removed

comment:2 Changed 4 years ago by yawning

Sure, this is a good idea.

I'm not sure about how the Debian specific parts of this works, is "apt-get install obfs4proxy" sufficient (I know that both Debian's and our repo have the package)?

Basic obfs4 deployment would be something like:

SocksPort 0
ORPort 443 # or some other port if you already run a webserver/skype
BridgeRelay 1
Exitpolicy reject *:*
ExtORPort auto

## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like
#Nickname CHANGEME_1
## CHANGEME_2 -> provide some email address so we can contact you if there's a problem
#ContactInfo CHANGEME_2

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy

(Optionally) For people that want to run both obfs3 and obfs4, the last line should read as:

ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy

I assume to avoid user confusion we should just entirely replace obfsproxy with obfs4proxy in our instructions till otherwise needed (NB: obfs4proxy packages only exist for i386/amd64 and ARM).

Would this also be the place to document how to use capabilities(7) and ServerTransportListenAddr to run the obfs4 bridge on reserved ports (eg: 443)?

Please let me know if there are any more questions.

comment:3 in reply to:  2 Changed 4 years ago by asn

Replying to yawning:

Sure, this is a good idea.

I'm not sure about how the Debian specific parts of this works, is "apt-get install obfs4proxy" sufficient (I know that both Debian's and our repo have the package)?

Hm, I think you will probably want to use Tor's debian repository, since looking at:
https://packages.debian.org/search?keywords=obfs4proxy
it seems that there is no obfs4proxy package for Debian stable.

We also need to revisit this page:
https://www.torproject.org/projects/obfsproxy-instructions.html.en
for non-Debian instructions for obfs4proxy.

And also this page:
https://www.torproject.org/docs/pluggable-transports.html.en
to add a "How to setup an obfsbridge" section that links to our instructions.

Basic obfs4 deployment would be something like:

SocksPort 0
ORPort 443 # or some other port if you already run a webserver/skype
BridgeRelay 1
Exitpolicy reject *:*
ExtORPort auto

## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like
#Nickname CHANGEME_1
## CHANGEME_2 -> provide some email address so we can contact you if there's a problem
#ContactInfo CHANGEME_2

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy

(Optionally) For people that want to run both obfs3 and obfs4, the last line should read as:

ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy

I assume to avoid user confusion we should just entirely replace obfsproxy with obfs4proxy in our instructions till otherwise needed (NB: obfs4proxy packages only exist for i386/amd64 and ARM).

I think that makes sense. Since obfs4proxy supports obfs3 and obfs4 we should be fine.

Would this also be the place to document how to use capabilities(7) and ServerTransportListenAddr to run the obfs4 bridge on reserved ports (eg: 443)?

Hm, maybe. But in a different section.
Or maybe put that in the wiki and link to the wiki?
Up to you.

comment:4 Changed 22 months ago by Sebastian

Owner: changed from Sebastian to cypherpunks
Status: newassigned

comment:5 Changed 16 months ago by hiro

Keywords: #website-content added
Severity: Normal

comment:6 Changed 15 months ago by hiro

Keywords: website-content added; #website-content removed

comment:7 Changed 7 months ago by hiro

Milestone: website redesign

comment:8 Changed 2 months ago by traumschule

Keywords: FAQ obfsproxy added

comment:9 Changed 2 months ago by traumschule

Parent ID: #25218

comment:10 Changed 2 months ago by traumschule

Resolution: worksforme
Status: assignedclosed

Since the https://www.torproject.org/projects/obfsproxy-instructions.html is gone and the other one links to wiki pages - doc/PluggableTransports/obfs4proxy and doc/PluggableTransports#BecomeaPTbridgeoperator - they can be updated there as needed.

Note: See TracTickets for help on using tickets.