Opened 5 weeks ago

Last modified 6 days ago

#31164 assigned project

Set up default bridge at Karlstad University

Reported by: phw Owned by: phw
Priority: Medium Milestone:
Component: Circumvention Version:
Severity: Normal Keywords: tbb-bridges
Cc: cohosh, phw Actual Points:
Parent ID: Points: 0.5
Reviewer: Sponsor:

Description

We're running low on default bridges. Tobias, a professor at Karlstad University, showed interest in running a default bridge at his university. Let's use this ticket to coordinate this effort and eventually get the bridge into tor-browser-launcher.

Child Tickets

Change History (6)

comment:1 Changed 4 weeks ago by pulls

Hi, Tobias Pulls here.

This is vacation times in Sweden, things get back to normal towards the middle of August. The next step on my side is to get the local research engineers that run our network fully on board with replacing our relay with a default bridge. In particular, we need to look at where in our network to put the bridge make sure high load or any blacklisting of IPs associated with the bridge have minimal impact on the rest of the network. Will update as soon as I know more, ball in my corner.

comment:2 in reply to:  1 ; Changed 4 weeks ago by arma

Replying to pulls:

fully on board with replacing our relay with a default bridge

Replacing? Why choose? :)

comment:3 in reply to:  2 ; Changed 7 days ago by pulls

Replying to arma:

Replying to pulls:

fully on board with replacing our relay with a default bridge

Replacing? Why choose? :)

Bandwidth is precious! :) Maybe the relay will find its way back later if there's room.

I got an OK to use 1 gbit of our link. Will upgrade the hardware of the box (lacked AESNI) this week. To use the full link, should the box run more than one instance of tor? Something else to keep in mind? Appreciate any help here.

comment:4 in reply to:  3 Changed 6 days ago by phw

Replying to pulls:

I got an OK to use 1 gbit of our link. Will upgrade the hardware of the box (lacked AESNI) this week. To use the full link, should the box run more than one instance of tor? Something else to keep in mind? Appreciate any help here.


Great news! Two tor instances sound like a good plan. Several other default bridge operators are doing this: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/DefaultBridges

comment:5 Changed 6 days ago by phw

Another thing that just came to my mind: Please set BridgeDistribution to none in your torrc, so your bridge isn't distributed by BridgeDB. As explained in #13727, this prevents users from using both your (publicly known) default bridge and a private bridge at the same time, which may help a censor discover the private bridge.

comment:6 Changed 6 days ago by ln5

I've been using

EntryStatistics 1
ExtraInfoStatistics 1

for gathering more metrics and

HeartbeatPeriod 1 hour

for my own sake.

I've been using various ServerTransportOptions, most notably iat-mode to obfs4, by request from dcf and others.

Some of the obfs bridges I run have AssumeReachable 1 together with a local IP filter blocking traffic to the ORPort, to not expose the ORPort.

Note: See TracTickets for help on using tickets.