wiki:doc/PluggableTransports/obfs4proxy

This guide will help you run an obfs4 bridge to help censored users connect to the Tor network.

If you're a censored user and need a bridge to connect, please see [wiki/doc/PluggableTransports#HowtousePluggableTransports How to use a PT bridge].

Note: This guide is intended for Debian based machines. If you're running other *nix systems, you should probably compile obfs4 from source.

  1. Install Tor:

    Get the latest version of Tor. If you're on debian stable sudo apt-get install tor should give you the latest stable version of Tor.

    Note:     Ubuntu users need to get it from Tor repository. Please see "Download instructions for Ubuntu".
  2. Install obfs4proxy:

    obfs4proxy package is available on sid, stretch and jessie. If you're running any of them, sudo apt-get install obfs4proxy should work.
    If not, you can either add deb http://deb.torproject.org/torproject.org obfs4proxy main to your sources.list or build it from source.
  3. Edit your Tor config file, usually located at /etc/tor/torrc and add the following lines:

    #Bridge config
RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto

#Set your bridge nickname and contact info
ContactInfo <your-contact-info>
Nickname <pick-a-nickname>

    Don't forget to change contact info and nickname values.
  4. Restart tor: service tor restart.
  5. Monitor your logs (usually located at /var/log/tor/log), to confirm your bridge is running with no issues.

    sudo tail -F /var/log/tor/log

    You should see something like this:

    [notice] Registered server transport 'obfs4' at '[::]:46396'
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
[notice] Bootstrapped 100%: Done
[notice] Now checking whether ORPort <redacted>:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.

Remember the random port associated to your bridge needs to be open for incoming connections. You can find it from the logs: it's 46396 in this example.

Congrats! If you get to this point, it means that your obfs4 bridge is setup and is being distributed by BridgeDB to censored users.

If you run into any issues while setting up your bridge, please join #tor channel on OFTC IRC network and hopefully someone can help you.

Last modified 22 months ago Last modified on Jul 13, 2016, 4:14:47 PM