On Tuesday, December 13, 2022, 07:35:23 PM MST, David Fifield <da...@bamsoftware.com> wrote:
On Tue, Dec 13, 2022 at 07:29:45PM +0000, Gary C. New via tor-relays wrote: >> On Tuesday, December 13, 2022, 10:11:41 AM PST, David Fifield >> <da...@bamsoftware.com> wrote: >> >> Am I correct in assuming extor-static-cookie is only useful within the >> context >> of bridging connections between snowflake-server and tor (not as a pluggable >> transport similar to obfs4proxy)? > That's correct. extor-static-cookie is a workaround for a technical > problem with tor's Extended ORPort. It serves a narrow and specialized > purpose. It happens to use the normal pluggable transports machinery, > but it is not a circumvention transport on its own. It's strictly for > interprocess communication and is not exposed to the Internet. You don't > need it to run a Snowflake proxy. Created a Makefile for extra-static-cookie for OpenWRT and Entware: https://forum.openwrt.org/t/extor-static-cookie-makefile/145694 > I am not sure what your plans are with running multiple obfs4proxy, but > if you just want multiple obfs4 listeners, with different keys, running > on different ports on the same host, you don't need a load balancer, > extor-static-cookie, or any of that. Just run multiple instances of tor, > each with its corresponding instance of obfs4proxy. The separate > instances don't need any coordination or communication. The goal of running multiple obfs4proxy listeners is to offer numerous, unique bridges distributed across several servers maximizing resources and availability. > You could, in principle, use the same load-balanced setup with > obfs4proxy, but I expect that a normal bridge will not get enough users > to justify it. It only makes sense when the tor process hits 100% CPU > and becomes a bottleneck, which for the Snowflake bridge only started > to happen at around 6,000 simultaneous users. Hmm... If normal bridges will not see enough users to justify the deployment of numerous, unique bridges distributed over several servers--this may be a deciding factor. I don't have enough experience with normal bridges to know. >> What about a connection flow of haproxy/nginx => (snowflake-server => >> extor-static-cookie => tor) on separate servers? > You have the order wrong (it's snowflake-server → haproxy → > extor-static-cookie → tor), but yes, you could divide the chain at any > of the arrows and run things on different hosts. You could also run half > the extor-static-cookie + tor on one host and half on another, etc. I've installed and started configuring snowflake-server and have some questions after reading the README: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tree/main/server 1. How are Snowflake Bridges advertised? Will they compromise a Normal Bridge running on the same public addresses? 2. I already have a DNS Let's Encrypt process in place for certificates and port 80 (HTTP) is already in use by another daemon on my server. Is there an alternative method to provide snowflake-server with the required certificates? 3. I'm using an init.d (not systemd) operating system. Do you have any init.d examples for snowflake-server? In short, I'm trying to get a sense of whether it makes sense to run a Snowflake Bridge and Normal Bridge on the same public addresses? Thanks, again, for your assistance. Respectfully, Gary
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays