Dmitrii Tcvetkov wrote: > On Thu, 28 Mar 2019 17:08:38 +0000 > Marek Szuba <[email protected]> wrote: > > > Anyway, here is my logic. In order to operate properly, my bridge must > > have its ORPort reachable from the Internet. > > I might be wrong, but I got impression that if bridge is using > pluggable transports (obfs3, obfs4, meek, snowflake, etc) then ORPort is > only useful for bridge authority and users which want to use the bridge > without pluggable transports. Communication between pluggable transport > and Tor process is going via ExtORPort which isn't public by default > (binds to localhost). Clients connect to pluggable transport port and > their traffic is obufscated by the transport. > > Since your bridge is private then bridge authority is none of your > concerns. In that case you need ORPort reachable only if you have > bridge clients which use bridge without pluggable transports.
This works for me: AssumeReachable 1 PublishServerDescriptor 0 ORPort PUBLIC-IP:2345 NoListen ORPort 127.0.0.1:2345 NoAdvertise ExtORPort 127.0.0.1:3456 # you can try auto ServerTransportListenAddr obfs4 PUBLIC-IP:4567 ServerTransportPlugin obfs4 exec /path/to/obfs4proxy -- Alex _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
