wiki:doc/TorObfsBridgeSetupForBeginners

Moved from wiki/TorObfsBridgeSetupForBeginners. Click to see authors.

Quick and Dirty Guide to Installing an Obfuscated Tor Bridge on Microsoft Windows

May 4, 2013 Edition

Introduction

[Note: Please only set up an Obfuscated Tor Bridge if you can dedicate your machine to be running and connected to the net for 24 hours a day, 7 days a week.]

On June 14, 2013, the eleventh election of the President of Iran is scheduled to be held. During this time, it is possible that the government of Iran will block and censor communications over the internet. In the past, Iranians were able to continue using the internet to communicate over the internet through the use of Tor, a system of network proxies run by volunteers around the world. However, in February of 2012, the government of Iran implemented a system that blocked all Iranians from using the Tor network. Here are some graphics to demonstrate what happened from the Tor Project:

https://metrics.torproject.org/direct-users.png?nocutoff=off&start=2011-11-12&events=on&dpi=72&end=2012-05-10&country=ir

https://metrics.torproject.org/bridge-users.png?start=2011-11-12&dpi=72&end=2012-05-10&country=ir

The coders at the Tor Project came up with a quick solution to address the problem which enabled Iranians to continue using Tor. They released a new program to work with Tor which created an obfuscated proxy. This guide will show you how to install an obfuscated Tor bridge on Windows so Iranians may continue to communicate via the internet if their government implements a new round of censorship.

I. Installing an Obfuscated Tor Bridge on Microsoft Windows [XP/Vista/7]

[Note: If you are running a firewall (either the Microsoft Windows firewall or a 3rd party firewall), a window will likely pop up at some point during these instructions asking you to allow Vidalia, Tor and Obfsproxy to connect to the net. You need to allow them to do so for the public internet, and set it so that you won't be prompted for such access again in order for your bridge to be reachable by others.]

1.) Download a copy of the "Windows Obfsproxy Tor Browser Bundle" from https://www.torproject.org/projects/obfsproxy.html.en

2.) Double click on the downloaded installer and, in the "Extract to" window that appears, type "C:\" and then click "Extract."

3.) Go to "C:\Tor Browser\App" and double click on the "Vidalia" program. This will attempt to start a Tor session, but you are going to get an error during this process since Vidalia does not know where the Tor program is yet. This is nothing to worry about as we will be fixing that. Just close/cancel any error dialog that comes up.

4.) Click on the "Settings" button in Vidalia. The first section that will appear will be "General." It is strongly recommended that you tick the check box next to "Start Vidalia when my system starts." This will ensure that your bridge will not be knocked offline if a power flash causes your machine to reboot.

5.) In the "General" section, there is also an area designated "Tor." You need to point Vidalia to where Tor is installed. Enter "C:\Tor Browser\App\tor.exe" in the text field for that section.

6.) Click on the "Network" icon in your "Settings" to go to the "Network" section. Make sure that all of the checkboxes on this page are unchecked. You want them all disabled.

7.) Click on the "Sharing" icon in your "Settings" to go to the "Sharing" section. You will see 4 options available with a radio button. Select the "Help censored users reach the Tor network" option.

8.) Click on the "Basic Settings" tab located under the "Help censored users reach the Tor network" option. In the "Nickname" field. Type a unique name for your machine. It should not be the same as anything else already on the Tor network. A fun descriptive term with some random numbers should work fine. For example, something like "WallBreaker675" would be sufficient (but use something you came up with on your own, not that).

9.) The "Contact Info" field is optional. Tor will run absolutely fine, regardless of whether or not you provide an e-mail address to be affiliated with your bridge. However, if the people at the Tor Network notice something odd happening with your machine, they won't be able to contact you if you do not provide them with an e-mail address. This comes down to a personal comfort issue.

10.) The "Relay Port" field can be left alone. Its default setting is "443."

11.) Leave the box next to "Attempt to automatically configure port forwarding" unchecked. If your computer is behind a router (which it most likely is), you will have to manually configure your router to forward connections to your obfuscated Tor Bridge from the internet. Instructions for configuring your router begin at step 19. You do not need to do it now.

12.) Towards the bottom of the window, there will be an option that is enabled called "Automatically distribute my bridge address." You need to disable/uncheck this option. If you automatically distribute your bridge address, the likelihood that an oppressive government will add it to a blacklist is a great possibility, which will defeat the purpose of running an Obfuscated Tor Bridge in the first place.

13.) Click on the "Advanced" icon in your "Settings" to go to the "Advanced" section. You need to specify the appropriate location for your "torrc" file. In the field entitled "Tor Configuration File," type "C:\Tor Browser\Data\Tor\torrc".

14.) You also need to specify a directory to contain data for Tor. In the field entitled "Data Directory," type "C:\Tor Browser\Data\Tor".

15.) Click the "OK" button in your settings window to close it. Then, from Vidalia's main window," click on the "Exit" button.

16.) We now need to edit your "torrc" file. Open up "C:\Tor Browser\Data\Tor\torrc" in Notepad. Look for the line that reads "GeoIPFile .\Data\Tor\geoip" and replace it with "GeoIPFile C:/Tor Browser/Data/Tor/geoip". Then, add "ServerTransportPlugin obfs2,obfs3 exec C:/Tor Browser/App/pyobfsproxy.exe managed" to the bottom of the file, save it and exit.

17.) Run the "Vidalia" program again located in "C:\Tor Browser\App". If all has gone correctly, you should see an indication message that you have "Connected to the Tor network!" in the Vidalia status window.

18.) Now you need to get the information relevant to your Obfuscated Tor Bridge to send over to the people at the Tor Project. Click on the "Message log" button in Vidalia. In the "Message log" window that pops up, click on the "Advanced" tab. You may notice a highlighted warning stating "Warning: Failed to open GEOIP file. C:\some random directories\tor\geoip6." This can be safely ignored since you are not running Tor over the IPv6 protocol. In this window, look for your IP Address and Obfuscated Proxy Port. Search for two lines that look like the following:

"[Notice] Registered server transport 'obfs3' at '0.0.0.0:1463'" "[Notice] Registered server transport 'obfs2' at '0.0.0.0:1464'"

The numbers at the end of these lines will likely be different on your machine. But, in the example above, "1463" and "1464" are the Obfuscated Proxy Ports. Next, look for a line that resembles the following:

"Feb 21 13:22:36.119 [Notice] Now checking whether ORPort 256.10.32.215:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)"

Again, the address numbers here will be different on your machine. But, in this example, the IP Address is "256.10.32.215".

19.) Now it is time to configure port forwarding on your router. Click on your "Start" or "Windows" button in your taskbar and go to "All Programs -> Accessories -> Command Prompt." In the command prompt window, type "ipconfig." If you are running off of an ethernet connection, the info you will be looking for is located in the "Ethernet Adapter Local Area Connection" section. If you are using a wireless connection, the info you will be looking for is in the "Wireless LAN Adapter Wireless Network Connection" section. You will need to write down or copy two IP addresses. The first address is the "IPv4 Address." For reference, on my machine, it is "192.168.1.102." The second address is the "Default Gateway," which is most likely the IP address of your router. For reference, in my network setup, the address is "192.168.1.1".

20.) Open up your web browser. In the URL bar/input field, type your Default Gateway address. For example, in my set up, I would type "http://192.168.1.1". That should take you to your router's setup menu. If prompted for a username and password, consult your router manual or do a web search for the info related to your router's model number.

21.) In the port forwarding section for your router (on some routers, it's called "virtual servers"), add your Obfuscated Proxy Ports from Step 18 as an "inbound port" and set it to point to your IPv4 Address plus port number plus your Obfuscated Proxy Port (for example, from the info gather in step 18, it would be something "192.168.1.102 1463" and "192.168.1.102 1464"). Next, you will need to add your OR Listening Port in the same manner. For our purposes, the OR listening port you are using is "443" (for example, from the info gather in step 18, it would be something "192.168.1.102 443).

advertise your bridge

22.) Combine your IP Adress and Obfuscated Proxy Ports together (from step 18). In the examples provided in step 18, it would be "256.10.32.215:1463" and "256.10.32.215:1464". To set up a semi-public bridge you will need to e-mail the combination of your IP Address and Obfuscated Tor Port to "tor-assistants[at]torproject.org". If you do not e-mail this information to tor-assistants, your Obfuscated Tor Bridge will remain unknown (unless it is discovered by a port scan) and nobody will be able to access it unless you personally tell them about it (private bridge).

You're done.

Last modified 5 years ago Last modified on May 4, 2013, 9:43:10 PM