On Sun, 4 Feb 2018 09:56:18 +0330
Hamid Safe <hs...@devopt.net> wrote:

> Hello tor-relays team,
> > 
> > I am facing issue trying to set up a private obfs4proxy+tor relay
> > bridge(centos 7 server) on a vps outside Iran and using the same
> > methodology obfs4+tor client (Arch linux) inside Iran.DPI blocks tor
> > networks and vpn connections are no allowed. Please note that the set up
> > basically needed to access pretty much anything serious in a production env
> > for accessing the sites that will otherwise be blocked in Iran i.e
> > hub.docker.com + my personal use, hence can't really use the tor-browser.
> > 
> > I have successfully followed yawning angel's github to compile and set up
> > the obfs4proxy and also the tor in both ends. Tor service is running , and
> > I attach along this email the config I used both in client and server end.
> > I suspect that there is a key hash issue and the mechanism to obfuscate the
> > traffic that fails and particularly a directory that does not exist in my
> > server which is in a lot of howtos referred to
> > as: /pt_state/obfs4_bridgeline.txt 

Hello,

Absence of pt_state directory in DataDirectory is odd. You can't use obfs4
without information from obfs4_bridgeline.txt.

I suggest to change line
ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy 
to
ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed
in server's torrc.

Also you need to connect not to the ORPort itself but to the transport port, so
server config should have line:
ServerTransportListenAddr <ip_address>:<port>

And then in your client torrc you specify bridge like:
Bridge obfs4 <ip_address>:<port> <fingerprint> cert=<line from 
obfs4_bridgeline.txt> iat-mode=0

If it still doesn't work you can add line
ServerTransportOptions obfs4 iat-mode=1
to bridge's torrc and also change iat-mode=1 in clients bridge line, so like 
this:
Bridge obfs4 ip_address:port <fingerprint> cert=<line from 
obfs4_bridgeline.txt> iat-mode=1

iat-mode allows to enable additional obfuscation, it works only for sending 
traffic, so for 
2-way obfuscation needs to be enabled on both ends.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to