Opened 2 months ago

Last modified 26 hours ago

#30471 new project

Improve UX for obfs4 bridge operation

Reported by: arma Owned by:
Priority: Medium Milestone:
Component: Circumvention/Obfs4 Version:
Severity: Normal Keywords: anti-censorship-roadmap-august
Cc: phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor28-must

Description

Right now there are some sharp edges if you want to operate an obfs4 bridge: you have to set up port forwarding, it's hard to know whether it's working, it's hard to figure out your bridge line, etc.

This is a master ticket for collecting these UX issues, so we can capture all of them and make progress on fixing them.

Child Tickets

TicketStatusOwnerSummaryComponent
#5304needs_reviewObfsproxy should respect OutboundBindAddress in torrcCircumvention/Obfs4
#19496closedirlRemove deb.tpo obfs4proxy Debian packagesInternal Services/Service - deb.tpo
#20943closedClarify documentation for obfs4 setupCircumvention/Obfs4
#29128needs_informationPlace complete obfs4 bridge line in accessible locationCore Tor/Tor
#30472closedphwImplement a mechanism for PT reachability testingCircumvention/Pluggable transport
#30477newTor should self-test reachability of TCP listeners exposed by PT'sCore Tor/Tor
#31103newSupport ORPort picking a random port that persists across restartsCore Tor/Tor
#31153assignedirlCreate a "tor-bridge" Debian meta packageCircumvention/Obfs4

Change History (6)

comment:1 Changed 2 months ago by phw

Keywords: anti-censorship-roadmap-maybe added

comment:2 Changed 7 weeks ago by gaba

Keywords: anti-censorship-roadmap added

Adding this tickets to the backlog.

comment:3 Changed 7 weeks ago by gaba

Keywords: anti-censorship-roadmap-maybe removed

comment:4 Changed 7 weeks ago by phw

Over here, I emailed several bridge operators whose obfs4 port was not reachable. The ones who got back to me all had one of the following two issues:

  • Several people thought that only the ORPort must be reachable. They didn't know that obfs4 needs a separate port. We need to make this clear in our documentation.
  • Some people have obfs4 listen on a locally-scoped address. Our spec says that this is fine but it doesn't seem to work in practice because Tor ends up writing the locally-scoped address into its descriptor, e.g.: transport obfs4 10.0.0.5:PORT. This looks like a bug. I don't think a locally-scoped address should ever end up in a descriptor.

comment:5 Changed 6 weeks ago by phw

Sponsor: Sponsor28-must

comment:6 Changed 26 hours ago by gaba

Keywords: anti-censorship-roadmap-august added; anti-censorship-roadmap removed
Note: See TracTickets for help on using tickets.