Opened 2 years ago

Last modified 23 months ago

#21453 new enhancement

add ClientTransportPlugin configuration to tor-service-defaults-torrc by default

Reported by: adrelanos Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: packaging, torrc-choice tor-pt
Cc: weasel, whonix-devel@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Please add ClientTransportPlugin configuration to /usr/share/tor/tor-service-defaults-torrc by default. What I mean by that...

tor-browser/Browser/TorBrowser/Data/Tor/torrc-defaults contains:

## fteproxy configuration
ClientTransportPlugin fte exec ./TorBrowser/Tor/PluggableTransports/fteproxy.bin --managed

## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy

## meek configuration
ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client

## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-reg.appspot.com/ -front www.google.com -ice stun:stun.l.google.com:19302

For /usr/share/tor/tor-service-defaults-torrc I suggest to add:

## fteproxy configuration
ClientTransportPlugin fte exec /usr/bin/fteproxy --managed

## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/bin/obfs4proxy

(Left out meek and snowflake, because these are not yet in packages.debian.org. #13160 #19409)

Why?

  • Improves usability. One step of configuration less. Fewer mistakes can be made. The user has no longer to add the ClientTransportPlugin line.
  • Using the canonical recommendation.
  • To be on par with Tor Browser.
  • ClientTransportPlugin does not have any effect as long as not adding a Bridge line.
  • ClientTransportPlugin lines do not change often.
  • ClientTransportPlugin can still be overwritten in /etc/tor/torrc by the user.

Child Tickets

Change History (6)

comment:1 Changed 2 years ago by arma

I think this is intended to be a ticket for the Tor deb?

I think the suggested change is a fine idea, but I think we might want to work through the failure cases and make Tor handle them better. In particular, if the Tor deb added these ClientTransportPlugin lines, but it didn't require obfsproxy as a dependency, then everything would work fine until you add an obfs4 bridge, and then things would break, and there would be some mysterious log lines if you know how to look for log lines:

Feb 14 13:47:47.589 [warn] Could not launch managed proxy executable at '/usr/bin/obfs4proxy' ('No such file or directory').
Feb 14 13:47:48.591 [warn] We were supposed to connect to bridge '18.18.18.18:443' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.

Are there good ways to handle the missing dependency in a more usable way?

comment:2 in reply to:  1 ; Changed 2 years ago by adrelanos

Replying to arma:

I think this is intended to be a ticket for the Tor deb?

Yes. However, I guess the Tor source package ships also a tor-service-defaults-torrc?

I think the suggested change is a fine idea, but I think we might want to work through the failure cases and make Tor handle them better. In particular, if the Tor deb added these ClientTransportPlugin lines, but it didn't require obfsproxy as a dependency, then everything would work fine until you add an obfs4 bridge, and then things would break, and there would be some mysterious log lines if you know how to look for log lines:

Feb 14 13:47:47.589 [warn] Could not launch managed proxy executable at '/usr/bin/obfs4proxy' ('No such file or directory').
Feb 14 13:47:48.591 [warn] We were supposed to connect to bridge '18.18.18.18:443' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.

Are there good ways to handle the missing dependency in a more usable way?

The same would happen if the user just added a ClientTransportPlugin line as well as an an obfs4 bridge but forgot to install obfs4proxy package. Is this perhaps worth a separate ticket and not a blocker here?

Another option is to shift responsibility on the related packages, i.e. obfs4proxy and fteproxy. Tell them to wait for Tor feature torrc.d-style configuration directories (#1922) and then ship an /etc/torrc.d config snippet?

comment:3 Changed 2 years ago by arma

Actually, you're right, I get this on start-up even if I have no obfs4 bridges configured:

Feb 14 13:58:07.593 [warn] Could not launch managed proxy executable at '/usr/bin/obfs4proxy' ('No such file or directory').

So just adding those lines to the deb's defaults would result in warns for everybody who didn't happen to also install some other debs.

comment:4 in reply to:  2 Changed 2 years ago by arma

Replying to adrelanos:

Replying to arma:

I think this is intended to be a ticket for the Tor deb?

Yes. However, I guess the Tor source package ships also a tor-service-defaults-torrc?

Please point to it if so, because I don't see one.

That's all from choices made by the packager.

comment:5 Changed 2 years ago by dgoulet

Milestone: Tor: unspecified

comment:6 Changed 23 months ago by nickm

Keywords: packaging torrc-choice tor-pt added
Note: See TracTickets for help on using tickets.