Opened 6 months ago

Last modified 3 months ago

#30471 new project

Improve UX for obfs4 bridge operation

Reported by: arma Owned by:
Priority: Medium Milestone:
Component: Circumvention/Obfs4 Version:
Severity: Normal Keywords: anti-censorship-roadmap-december
Cc: phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor28-must

Description

Right now there are some sharp edges if you want to operate an obfs4 bridge: you have to set up port forwarding, it's hard to know whether it's working, it's hard to figure out your bridge line, etc.

This is a master ticket for collecting these UX issues, so we can capture all of them and make progress on fixing them.

Child Tickets

TicketStatusOwnerSummaryComponent
#5304merge_readyObfsproxy should respect OutboundBindAddress in torrcCircumvention/Obfs4
#19496closedirlRemove deb.tpo obfs4proxy Debian packagesInternal Services/Service - deb.tpo
#20943closedClarify documentation for obfs4 setupCircumvention/Obfs4
#29128newPlace complete obfs4 bridge line in accessible locationCore Tor/Tor
#30472closedphwImplement a mechanism for PT reachability testingCircumvention/Pluggable transport
#30477newTor should self-test reachability of TCP listeners exposed by PT'sCore Tor/Tor
#31103newSupport ORPort picking a random port that persists across restartsCore Tor/Tor
#31153newCreate a "tor-bridge" Debian meta packageCircumvention/Obfs4
#31719newobfs4proxy should be more helpful if state file is emptyCircumvention/Obfs4

Change History (7)

comment:1 Changed 6 months ago by phw

Keywords: anti-censorship-roadmap-maybe added

comment:2 Changed 6 months ago by gaba

Keywords: anti-censorship-roadmap added

Adding this tickets to the backlog.

comment:3 Changed 6 months ago by gaba

Keywords: anti-censorship-roadmap-maybe removed

comment:4 Changed 6 months ago by phw

Over here, I emailed several bridge operators whose obfs4 port was not reachable. The ones who got back to me all had one of the following two issues:

  • Several people thought that only the ORPort must be reachable. They didn't know that obfs4 needs a separate port. We need to make this clear in our documentation.
  • Some people have obfs4 listen on a locally-scoped address. Our spec says that this is fine but it doesn't seem to work in practice because Tor ends up writing the locally-scoped address into its descriptor, e.g.: transport obfs4 10.0.0.5:PORT. This looks like a bug. I don't think a locally-scoped address should ever end up in a descriptor.

comment:5 Changed 6 months ago by phw

Sponsor: Sponsor28-must

comment:6 Changed 4 months ago by gaba

Keywords: anti-censorship-roadmap-august added; anti-censorship-roadmap removed

comment:7 Changed 3 months ago by gaba

Keywords: anti-censorship-roadmap-december added; anti-censorship-roadmap-august removed
Note: See TracTickets for help on using tickets.