obfsproxy for Debian ==================== Configuring an obfs3/scramblesuite bridge ----------------------------------------- (Inspired by upstream HOWTO.txt) This is a short guide on how to setup a obfsproxy obfs3/scramblesuit bridge: 1. Setup Tor Edit /etc/tor/torrc to add: SocksPort 0 ORPort 443 # or some other port if you already run a webserver/skype BridgeRelay 1 Exitpolicy reject *:* ## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like #Nickname CHANGEME_1 ## CHANGEME_2 -> provide some email address so we can contact you if there's a problem #ContactInfo CHANGEME_2 ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed Don't forget to uncomment and edit the CHANGEME fields. 2. Launch Tor and verify that it bootstraps Restart Tor to use the new configuration file: # service tor restart Now check /var/log/tor/log and you should see something like this: Nov 05 16:40:45.000 [notice] We now have enough directory information to build circuits. Nov 05 16:40:45.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Nov 05 16:40:46.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Nov 05 16:40:46.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Nov 05 16:40:48.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Nov 05 16:40:48.000 [notice] Bootstrapped 100%: Done. If Tor is earlier in the bootstrapping phase, wait until it gets to 100%. 3. Configure the firewall if needed If you're behind a NAT/firewall, you'll need to make your bridge reachable from the outside world — both on the ORPort and the obfsproxy port. The ORPort is whatever you defined in step two above. To find your obfsproxy port, check your Tor logs for two lines similar to these: Oct 05 20:00:41.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:26821 Oct 05 20:00:42.000 [notice] Registered server transport 'scramblesuit' at '0.0.0.0:40172 The last number in each line, in this case 26821 and 40172, are the TCP port numbers that you need to forward through your firewall. (This port is randomly chosen the first time Tor starts, but Tor will cache and reuse the same number in future runs.) If you want to change the number, put the following in your torrc: ServerTransportListenAddr scramblesuit 0.0.0.0:40000 Using an obfs3 bridge --------------------- To use an obfs3, please add the following lines to /etc/tor/torrc: ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed UseBridges 1 Bridge obfs3 192.0.2.42:443 C2A9DC82AA7E85DB6465EC8C4B1B4B1B77787BE0 Adjust address, port and the optional fingerprint accordingly. To use a ScrambleSuit bridge, first you need to retrieve the content of the `/var/lib/tor/pt_state/scramblesuit/server_password` file on the server. Then you can add a bridge line like the following: Bridge scramblesuit 192.0.2.42:40000 C2A9DC82AA7E85DB6465EC8C4B1B4B1B77787BE0 password=MCN8FMPJNZOBAAPOUXPY1TF435K75M2K