[Nix-dev] Obfuscated TOR bridge is packaged. Please consider running it.

phreedom at yandex.ru phreedom at yandex.ru
Wed Jun 12 06:06:46 CEST 2013


В письме от Вторник 11 июня 2013 15:27:04 пользователь Patrick Wheeler 
написал:
> How long does a tor relay/bridge(those are the same thing right?) have to
> be up and running before it starts being fully utilized?

The difference between bridge and relay is that the list of relays is publicly 
available. Bridges also may provide tor traffic obfuscation to fool DPI such as 
the setup we have in NixOS now.

> My naive assumption is that starting and stoping the bridge every few
> seconds would not do anyone any good. So my question how long does it need
> to up for it to be worth while?

It's a matter of both uptime %  and total running time. It takes some time for 
your bridge contact info to trickle down to the users, so once you enable the 
bridge for the first time, it may take many days for the traffic to pick up. 
Occasional server reboot and intermittent outages aren't going to cause any 
problems once your relay is known to the system to be generally available.

If your connection is very erratic and IP changes too often, a good 
alternative is FlashProxy(doesn't require adobe flash):
https://crypto.stanford.edu/flashproxy/
https://crypto.stanford.edu/flashproxy/options.html

Currently, FlashProxy is the only reliable way to unblock TOR in Iran.

> On Tue, Jun 11, 2013 at 7:55 AM, <phreedom at yandex.ru> wrote:
> > В письме от Вторник 11 июня 2013 09:03:13 пользователь Lluís Batlle i
> > Rossell
> > 
> > написал:
> > > On Tue, Jun 11, 2013 at 04:00:28AM +0300, phreedom at yandex.ru wrote:
> > > > Hi,
> > > > 
> > > > Helping people in censorship-heavy countries has just gotten even
> > 
> > easier.
> > 
> > > > TOR in bridge mode now also runs obfsproxy which helps defeat those
> > 
> > nasty
> > 
> > > > DPI boxes in those countries which are actively trying to prevent
> > 
> > people
> > 
> > > > from using TOR.
> > > > 
> > > > There are no known cases of non-exit node operators getting attacked
> > > > by
> > > > governments. Defeating censorship requires a vast and diverse pool of
> > 
> > IP
> > 
> > > > addresses, so please consider adding this to your configuration.nix on
> > > > your
> > > > 
> > > > internet-facing box:
> > > >   services.tor.relay = {
> > > >   
> > > >     enable = true;
> > > >     isBridge = true;
> > > >     port = 443;
> > > >   
> > > >   };
> > > > 
> > > > If you need help with a more complex setup, just ask me.
> > > 
> > > do you know if it can handle upnp or anything like that?
> > 
> > No, not yet. You'd need to forward 3 ports: OR(443 in this case), obfs2
> > and
> > obfs3 which you can glean from journalctl -u tor. It's better that you
> > forward
> > from/to the same port numbers.
> > _______________________________________________
> > nix-dev mailing list
> > nix-dev at lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev


More information about the nix-dev mailing list