obfs4 bridge support
b1oki opened this issue · 13 comments
What exactly should be done here to support it?
Include obfs4proxy packet.
If obfs4 enabled, file /etc/tor/torrc should be contain:
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 ip:port key iat-mode=0
UseBridges 1
I think list of bridges can be filled from an external file. And we can determine by the fact that the parameter with the path to the file with bridges is filled in, whether the use of the bridge is enabled.
@b1oki I'm not sure how many of the users here need it so that we should include it by default. Will take a look at the details, especially the effort and impact on image size, and see what can we do for it.
Looks like obfs4proxy package only exist in the edge branch right now:
Can't find it in v3.16 branch:
Let's add the package in the image first, as it's more advanced usage, I believe that users who needed will be able to mount self-modified config and the bridge list into the container, at least don't need to install the package again.
Runs on Raspberry, but cannot connect to Relay. Maybe bridges unavailable. Message: "Delaying directory fetches: No running bridges". Tryied bridges from https://torscan-ru.ntc.party/ and https://bridges.torproject.org/bridges/?transport=obfs4. Might @NickiHell help me
Runs on Raspberry, but cannot connect to Relay. Maybe bridges unavailable. Message: "Delaying directory fetches: No running bridges". Tryied bridges from https://torscan-ru.ntc.party/ and https://bridges.torproject.org/bridges/?transport=obfs4. Might @NickiHell help me
Add in Dockerfile:
RUN /bin/sh -c apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing obfs4proxy
Add in torrc:
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 107.189.14.228:2042 755B8D9967A8E9678C18822AB0C2622057A12AA3 cert=lY6L0qguLEylITkmpst6fzjDagpQLX/zKO4bW/WAlEbJaXLdfXq4Hr3leXpc+7oL7mWULA iat-mode=0
Bridge obfs4 208.126.24.214:3030 8EC0FA12703AE80E46C0BE43E1BF00D16E0DB830 cert=/tiNx9L0jTrQlctbY+YoLS82w8qdHPyzukQwa9NiTibtcc2ISbhOhAY5p7Ke76bdsTLTVw iat-mode=0
Bridge obfs4 46.226.106.0:2693 65DA2C6CCC608D538388BA35257B330B1EC68F60 cert=ofziB4sqqQSymILRXtzaDQbhi59LQVYHDajQoG47gN8WR535sGPlBxSITXU9UWw6QFz2AA iat-mode=0
Bridge obfs4 108.61.166.44:443 96589051314BF00CC6A76A153AC17E7549C4B0FC cert=RYFD9oV8tbaZvgeiw1UTL7GpaTRetJSyofgrM+C1n374/rEy/zfSscqFJ6deV6ne5H2EKg iat-mode=0
You can find bridges via https://t.me/GetBridgesBot
You can find bridges via https://t.me/GetBridgesBot
Thank you, but I think the Country's Firewall is too strong.
Oct 07 09:17:34.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 07 09:17:36.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 07 09:17:38.000 [notice] Bootstrapped 0% (starting): Starting
Oct 07 09:17:38.000 [notice] Starting with guard context "bridges"
Oct 07 09:17:38.000 [notice] Delaying directory fetches: No running bridges
Oct 07 09:20:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:20:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:21:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:22:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:22:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:23:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
You can find bridges via https://t.me/GetBridgesBot
Thank you, but I think the Country's Firewall is too strong.
Oct 07 09:17:34.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Oct 07 09:17:36.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Oct 07 09:17:38.000 [notice] Bootstrapped 0% (starting): Starting Oct 07 09:17:38.000 [notice] Starting with guard context "bridges" Oct 07 09:17:38.000 [notice] Delaying directory fetches: No running bridges Oct 07 09:20:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc) Oct 07 09:20:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc) Oct 07 09:21:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc) Oct 07 09:22:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc) Oct 07 09:22:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc) Oct 07 09:23:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
You're doing something wrong. Bridges should work, it says in the logs that there are no bridges.
You're doing something wrong. Bridges should work, it says in the logs that there are no bridges
With torrc #ClientTransportPlugin line.
Oct 15 02:18:08.000 [notice] Bootstrapped 0% (starting): Starting
Oct 15 02:18:08.000 [notice] Starting with guard context "bridges"
Oct 15 02:18:08.000 [notice] Delaying directory fetches: No running bridges
Oct 15 02:18:09.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Oct 15 02:18:09.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Oct 15 02:18:09.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Oct 15 02:18:09.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Oct 15 02:18:09.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Oct 15 02:18:09.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Oct 15 02:18:09.000 [notice] new bridge descriptor 'moukari' (fresh):
Oct 15 02:18:09.000 [notice] Bridge 'yourmom13bskd301' has both an IPv4 and an IPv6 address. Will prefer using its IPv4 address
...
Oct 15 02:18:27.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Oct 15 02:18:28.000 [notice] Bootstrapped 100% (done): Done
Run container with bridges on x86_64. For now using volumes. Example:
cat ./bridges.txt
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 x.x.x.x:xxx xxx cert=xxx iat-mode=0
UseBridges 1
docker run -d --restart=always --name tor-socks-proxy -p 0.0.0.0:9100:9150 -v $(pwd)/bridges.txt:/home/bridges.txt ghcr.io/peterdavehello/tor-socks-proxy sh -c "cat /home/bridges.txt >> /etc/tor/torrc; /usr/bin/tor -f /etc/tor/torrc"Got error with "obfs4proxy" on Ubuntu 20.04 x64
By some reason "obfs4proxy" failed with status code 256
...
tor-socks-proxy | Aug 08 12:12:26.000 [warn] Managed proxy "/usr/bin/obfs4proxy" process terminated with status code 256
tor-socks-proxy | Aug 08 12:12:23.000 [err] tor_assertion_failed_(): Bug: src/feature/client/transports.c:519: proxy_prepare_for_restart: Assertion mp->conf_state == PT_PROTO_COMPLETED failed; aborting. (on Tor 0.4.8.12 )
tor-socks-proxy | Aug 08 12:12:23.000 [err] Bug: Tor 0.4.8.12: Assertion mp->conf_state == PT_PROTO_COMPLETED failed in proxy_prepare_for_restart at src/feature/client/transports.c:519: . (Stack trace not available) (on Tor 0.4.8.12 )
tor-socks-proxy exited with code 139
...
Solved
Replace "obfs4proxy" > "lyrebird".
- in Dockerfile (line 10)
...
apk -v add tor@edge lyrebird@edge curl && \
...
- In torrc:
Bridge obfs4 ...
Bridge obfs4 ...
Bridge obfs4 ...
Bridge obfs4 ...
ClientTransportPlugin obfs4 exec /usr/bin/lyrebird
UseBridges 1
Maybe help to someone!
PS: Thanks for tor-socks-proxy project! 🚀