[Support] sgraaf - obfs4-bridge

[sgraaf]

Overview: Support for the obfs4-bridge Docker template.

Application: obfs4-bridge - https://community.torproject.org/relay/setup/bridge/docker/

Docker Hub: https://hub.docker.com/r/thetorproject/obfs4-bridge

GitLab: https://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge/

 

Description:

obfs4-bridge is a container that allows you to run a Tor Bridge relay to help censored users connect to the Tor network.

 

Configuration:

• OR_PORT: Your bridge's onion routing (Tor) port.
• PT_PORT: Your bridge's obfs4 port.
• EMAIL: Your email address.

 

Note:

• Make sure that both ports are forwarded in your firewall.
• Make sure that you create the DATA_DIR and change its owner before running the container:

  mkdir /mnt/user/appdata/tor && chown 101:101 /mnt/user/appdata/tor

   

Edited May 31, 2021 by sgraaf

[sgraaf]

Reserving this for a possible future changelog.

Edited May 31, 2021 by sgraaf

[greaterbeing]

Thanks for the awesome template. Quick question; I keep getting a warning in my logs that says...

 

Sep 01 04:49:30.000 [notice] Unable to find IPv6 address for ORPort 9393. You might want to specify IPv4Only to it or set an explicit address or set Address. [59 similar message(s) suppressed in last 3540 seconds]

I went back to edit the container because I remembered seeing a config to disable IPv6. Key value: OBFS4V_AddressDisableIPv6. The default is set to 0 which I assumed meant false.

 

Anyway I set the value to 1 and I'm still receiving the warning. I figure its probably not a big deal, but do you know what value I need to set to disable IPv6 routing?

 

Thanks

EDIT:

I figured out my issue after viewing the dockerhub project:
 

Quote

 

4. Advanced usage

You may set additional torrc variables in your .env file by setting OBFS4_ENABLE_ADDITIONAL_VARIABLES to 1 and prefixing the desired torrc options with OBFS4V_. For example, to set the AddressDisableIPv6 option, include the following lines in your .env:

OBFS4_ENABLE_ADDITIONAL_VARIABLES=1 OBFS4V_AddressDisableIPv6=1

 

 

 

I left the default variable "enable additional variables" set to 0. Both needed to be 1. 👍

 

 

 

Edited September 2, 2021 by greaterbeing

[Jamaica1985]

I´d like to assist censored people accessing the rest of the world, but in reality how would this affect the usage of my connection (I dont mind a lot of usage but I do mind people using the Tor network to do illegal things) is there any way TOR relay "providers" can be held responsible for what other users do through your internet connection? Anyone here that is knowledgeable about this?

 

Thanks

[Krennic]

On 10/8/2021 at 8:53 AM, Jamaica1985 said:

I´d like to assist censored people accessing the rest of the world, but in reality how would this affect the usage of my connection (I dont mind a lot of usage but I do mind people using the Tor network to do illegal things) is there any way TOR relay "providers" can be held responsible for what other users do through your internet connection? Anyone here that is knowledgeable about this?

 

Thanks

 

Please see this page for descriptions of the different types of Tor relays and their risks: https://community.torproject.org/relay/types-of-relays/

[Mr_IceSlice]

Is there a way to use nyx to view live stats?

https://nyx.torproject.org/

[Teleminator]

May it possible to remove "SocksPort 0" from the default config? I want to use the socks proxy and tried to set "SocksPort 9050" as an additional variables, but it collides with the predefined SocksPort entry.

[Autchirion]

Somehow it seems this is not working for me, I don't get any trafic, even after a couple days waiting.

 

Does someone have an idea what could go wrong? I'm stopping the container every day at night for one hour or so, since this is backup time.

 

https://bridges.torproject.org/status?id=[MyID] is reporting:

* obfs4: dysfunctional
Error: timed out waiting for bridge descriptor
Last tested: 2022-03-22 03:15:07.691628216 +0000 UTC (7h19m51.151949657s ago)

 

Using NICKNAME=DockerObfs4Bridge, OR_PORT=9393, PT_PORT=9292, and [email protected].
Additional properties from 'OBFS4V_' environment variables processing enabled
Overriding 'AddressDisableIPv6' with value '1'
Starting tor.
Mar 22 02:08:33.162 [notice] Tor 0.4.6.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1k, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Mar 22 02:08:33.162 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Mar 22 02:08:33.162 [notice] Read configuration file "/etc/tor/torrc".
Mar 22 02:08:33.163 [notice] Based on detected system memory, MaxMemInQueues is set to 6374 MB. You can override this by setting MaxMemInQueues by hand.
Mar 22 02:08:33.164 [notice] Opening OR listener on 0.0.0.0:9393
Mar 22 02:08:33.164 [notice] Opened OR listener connection (ready) on 0.0.0.0:9393
Mar 22 02:08:33.165 [notice] Opening OR listener on [::]:9393
Mar 22 02:08:33.165 [notice] Opened OR listener connection (ready) on [::]:9393
Mar 22 02:08:33.165 [notice] Opening Extended OR listener on 127.0.0.1:0
Mar 22 02:08:33.165 [notice] Extended OR listener listening on port 46133.
Mar 22 02:08:33.165 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:46133
Mar 22 02:08:34.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Mar 22 02:08:34.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Mar 22 02:08:34.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Mar 22 02:08:34.000 [notice] Your Tor server's identity key fingerprint is 'DockerObfs4Bridge ID'
Mar 22 02:08:34.000 [notice] Your Tor bridge's hashed identity key fingerprint is 'DockerObfs4Bridge MyID'
Mar 22 02:08:34.000 [notice] Your Tor server's identity key ed25519 fingerprint is 'DockerObfs4Bridge AnotherID
Mar 22 02:08:34.000 [notice] You can check the status of your bridge relay at https://bridges.torproject.org/status?id=MyID
Mar 22 02:08:34.000 [notice] Bootstrapped 0% (starting): Starting
Mar 22 02:08:51.000 [notice] Starting with guard context "default"
Mar 22 02:08:51.000 [notice] Registered server transport 'obfs4' at '[::]:9292'
Mar 22 02:08:52.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Mar 22 02:08:52.000 [notice] Unable to find IPv4 address for ORPort 9393. You might want to specify IPv6Only to it or set an explicit address or set Address.
Mar 22 02:08:52.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Mar 22 02:08:52.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Mar 22 02:08:52.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Mar 22 02:08:52.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Mar 22 02:08:52.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Mar 22 02:08:52.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Mar 22 02:08:52.000 [notice] External address seen and suggested by a directory authority: my.private.ip
Mar 22 02:08:52.000 [notice] Bootstrapped 100% (done): Done
Mar 22 02:09:52.000 [notice] Now checking whether IPv4 ORPort my.private.ip:9393 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Mar 22 02:09:52.000 [notice] Self-testing indicates your ORPort my.private.ip:9393 is reachable from the outside. Excellent. Publishing server descriptor.
Mar 22 02:21:52.000 [notice] Performing bandwidth self-test...done.
Using NICKNAME=DockerObfs4Bridge, OR_PORT=9393, PT_PORT=9292, and [email protected].
Additional properties from 'OBFS4V_' environment variables processing enabled
Overriding 'AddressDisableIPv6' with value '1'
Starting tor.
Mar 22 04:45:01.774 [notice] Tor 0.4.6.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1k, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Mar 22 04:45:01.774 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Mar 22 04:45:01.774 [notice] Read configuration file "/etc/tor/torrc".
Mar 22 04:45:01.775 [notice] Based on detected system memory, MaxMemInQueues is set to 6374 MB. You can override this by setting MaxMemInQueues by hand.
Mar 22 04:45:01.776 [notice] Opening OR listener on 0.0.0.0:9393
Mar 22 04:45:01.776 [notice] Opened OR listener connection (ready) on 0.0.0.0:9393
Mar 22 04:45:01.776 [notice] Opening OR listener on [::]:9393
Mar 22 04:45:01.776 [notice] Opened OR listener connection (ready) on [::]:9393
Mar 22 04:45:01.776 [notice] Opening Extended OR listener on 127.0.0.1:0
Mar 22 04:45:01.776 [notice] Extended OR listener listening on port 33923.
Mar 22 04:45:01.776 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:33923
Mar 22 04:45:03.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Mar 22 04:45:03.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Mar 22 04:45:03.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Mar 22 04:45:03.000 [notice] Your Tor server's identity key fingerprint is 'DockerObfs4Bridge ID'
Mar 22 04:45:03.000 [notice] Your Tor bridge's hashed identity key fingerprint is 'DockerObfs4Bridge MyID'
Mar 22 04:45:03.000 [notice] Your Tor server's identity key ed25519 fingerprint is 'DockerObfs4Bridge AnotherID
Mar 22 04:45:03.000 [notice] You can check the status of your bridge relay at https://bridges.torproject.org/status?id=MyID
Mar 22 04:45:03.000 [notice] Bootstrapped 0% (starting): Starting
Mar 22 04:45:13.000 [notice] Starting with guard context "default"
Mar 22 04:45:13.000 [notice] Registered server transport 'obfs4' at '[::]:9292'
Mar 22 04:45:14.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Mar 22 04:45:14.000 [notice] Unable to find IPv4 address for ORPort 9393. You might want to specify IPv6Only to it or set an explicit address or set Address.
Mar 22 04:45:14.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Mar 22 04:45:14.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Mar 22 04:45:14.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Mar 22 04:45:14.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Mar 22 04:45:14.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Mar 22 04:45:14.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Mar 22 04:45:14.000 [notice] External address seen and suggested by a directory authority: my.private.ip
Mar 22 04:45:14.000 [notice] Bootstrapped 100% (done): Done
Mar 22 04:46:14.000 [notice] Now checking whether IPv4 ORPort my.private.ip:9393 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Mar 22 04:46:14.000 [notice] Self-testing indicates your ORPort my.private.ip:9393 is reachable from the outside. Excellent. Publishing server descriptor.
Mar 22 04:53:14.000 [notice] Performing bandwidth self-test...done.
Mar 22 10:45:14.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 0 circuits open. I've sent 2.26 MB and received 6.20 MB. I've received 28 connections on IPv4 and 0 on IPv6. I've made 23 connections with IPv4 and 0 with IPv6.
Mar 22 10:45:14.000 [notice] While bootstrapping, fetched this many bytes: 48465 (consensus network-status fetch); 897 (microdescriptor fetch)
Mar 22 10:45:14.000 [notice] While not bootstrapping, fetched this many bytes: 3889100 (server descriptor fetch); 359 (server descriptor upload); 339753 (consensus network-status fetch); 31346 (microdescriptor fetch)
Mar 22 10:45:14.000 [notice] Heartbeat: In the last 6 hours, I have seen 0 unique clients.

 

My Config:

Edited March 22, 2022 by Autchirion