Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

2023-07-30 Thread Gary C. New via tor-relays 
On Sunday, July 30, 2023, 3:30:55 PM MDT, li...@for-privacy.net 
 wrote:
 

> I don't know if I should ignore that or better configure it that >way:
> ORPort 127.0.0.1:8443 NoListen
> ORPort 8443 NoAdvertise
> ORPort [::1]:8443 NoListen
> ORPort 8443 NoAdvertise

Other way around:
ORPort 8443 NoListen
ORPort 127.0.0.1:8443 NoAdvertise  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

2023-07-30 Thread lists 
On Freitag, 21. Juli 2023 18:07:35 CEST gus wrote:

> New update: In the last few weeks, internal political conflicts and
> other events[1] in Turkmenistan have led to another wave of censorship
> on Tor and anti-censorship tools. Tor bridges have been one of the few
> free alternatives for people in Turkmenistan to connect with the world
> and access the open Internet.
> 

I stopped snowflake and now a bridge is running on my dynIP.

> 
> ## torrc example
> 
> BridgeRelay 1
> ORPort 127.0.0.1:auto
> AssumeReachable 1
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ServerTransportListenAddr obfs4 0.0.0.0:8080
> ExtORPort auto
> Nickname helptm
> ContactInfo 
> Log notice file /var/log/tor/notices.log
> # If you set BridgeDistribution none, please remember to email
> # your bridge line to us: frontd...@torproject.org
> BridgeDistribution none

But I have that in the log :-(
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv4 ORPort address 127.0.0.1 does not 
match the descriptor address  203.0.113.18. If you have a static public IPv4 
address, use 'Address ' and 'OutboundBindAddress '. If you are 
behind a NAT, use two ORPort lines: 'ORPort  NoListen' and 'ORPort 
 NoAdvertise'.
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv6 ORPort address ::1 does not match 
the descriptor address 2001:db8:1234:1::::. If you have a 
static public IPv4 address, use 'Address ' and 'OutboundBindAddress 
'. If you are behind a NAT, use two ORPort lines: 'ORPort  
NoListen' and 'ORPort  NoAdvertise'.

I don't know if I should ignore that or better configure it that way:
ORPort 127.0.0.1:8443 NoListen
ORPort 8443 NoAdvertise
ORPort [::1]:8443 NoListen
ORPort 8443 NoAdvertise

I'm aware of
https://gitlab.torproject.org/tpo/core/tor/-/issues/40208
I hope to get it done with scipting on my Mikrotik, or switch to ipv4 only.

frontd...@torproject.org has no PGP key, can I send you or meskio the 
bridgeline?

Bridgeline must be:
Bridge obfs4 :  cert=abra+kadabra iat-mode=0
But DynIP changes every few days. Do you also give the bridge users 
myrouter.example.net?

Because of your post in the forum:
https://forum.torproject.org/t/orport-127-0-0-1-auto/8470
should we do this with all running bridges, or only the hidden ones?

-- 
Ciao Marco!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays