Bridge still not working

Thoughts · December 31, 2023, 6:08pm

Hi all. This is a continuation of this Recent post

So its been 4 days since the bridge has once again started reporting that its using the obfs4 transport protocol, but I’m still not showing any non-trivial traffic:

https://metrics.torproject.org/rs.html#details/669A2C8A57C57DEE4B685437A7ECC86E9EAF4C3B

Recap: Did system maintenance and the obfs4proxy binary was renamed. Upon restart traffic failed (no big surprise). Provided a symbolic link to the new binary, which the website above now acknowledges, but no users have started to reconnect.

Looking for suggestions.

trinity-1686a · January 1, 2024, 12:28pm

Hi, it looks like your ORPort works, so metrics.tpo is happy, but your obfs4 port might not, so bridgedb isn’t: https://bridges.torproject.org/status?id=669A2C8A57C57DEE4B685437A7ECC86E9EAF4C3B

It’s possible your obfs4 is firewalled (or obfs4 is still not starting properly?).
Have you tried putting your bridgeline in TorBrowser and try to reach the tor network that way?

Thoughts · January 1, 2024, 10:59pm

Thanks for the diagnostics.

Lyrebird (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird) is suppose to be a drop in replacement, so I thought a symlink would be fine. Per the website, going to try calling it directly and see if that works.

No changes in any firewall settings, only change was applying maintenance to the server tor runs on, which replaced /usr/bin/obfs4proxy with /usr/bin/lyrebird.

Thoughts · January 8, 2024, 11:23am

Well, its been 6 days and I’m still getting:

Bridge 669A2C8A57C57DEE4B685437A7ECC86E9EAF4C3B advertises:

obfs4: dysfunctional
Bandwidth Ratio: 1.196442
Error: timed out waiting for bridge descriptor
Last tested: 2024-01-07 12:32:02.9559307 +0000 UTC (9h33m19.258423359s ago)

So Lyrebird is apparently not working. Anybody have a github like source for an obfs4proxy client that will work?

gus · January 8, 2024, 9:29pm

hm, which operating system are you running?

Thoughts · January 9, 2024, 2:00am

Gentoo Linux 6.1.67, all packages up to date.

Throughget · January 9, 2024, 2:01am

I don’t use gentoo but is building obfs4proxy from source an option for you? May at least be worth a try to test viability: https://gitlab.com/yawning/obfs4

Felix · January 10, 2024, 10:41am

Hi

so I thought a symlink would be fine

Did that work, meaning does Tor start Lyrebird?
Does netstat see Lyrebird listening on the port that the firewall expects?

Cheers

Thoughts · January 12, 2024, 11:07am

Thanks. Yes, all of Gentoo is source built, so not an issue. Sorry for the delay in replying… we live in the Midwest and just went 37 hours without power…

Thanks for the link. I’ve pulled it down and built it, restart Tor, and will let it run for a few days to see if things are better.

quidok · January 13, 2024, 11:54am

Hello! I ran into same issue. obfs4proxy.exe isn’t located in new Tor Browser installations newer than 2023!
It worked for me downloading Tor Browser Desktop version from April 2022 and that version contains also obfs4proxy.exe file!
It’s shame that TOR doesn’t do anything about nor at least didn’t rewrite Tor Bridge Windows installation guide.
Keep in mind you have to specify path in your torrc file to obfsproxy.exe file with this command:

ServerTransportPlugin obfs4 exec C:\Your\path\to\obfs4proxy.exe

You should follow installation guide include to do all necessary torrc configurations:

I hope this issue will be resolved and at least guide will be updated with a new replacement of obfsproxy.exe if there is some.

Thoughts · January 13, 2024, 11:55am

Not looking good. THIS is showing a disfunctional obfs4.

Not unexpectedly, the bridge statistics remain flatlined.

Startup messages looked normal:

Jan 10 16:46:24 web Tor[3989]: Your Tor server’s identity key fingerprint is ‘SpinnerDolphinBr2 11DACB6FB231E5B1BC18EA915D609541D7C4E 3D2’
Jan 10 16:46:24 web Tor[3989]: Your Tor bridge’s hashed identity key fingerprint is ‘SpinnerDolphinBr2 669A2C8A57C57DEE4B685437A7ECC8 6E9EAF4C3B’
Jan 10 16:46:24 web Tor[3989]: Your Tor server’s identity key ed25519 fingerprint is ‘SpinnerDolphinBr2 NRHA5Rqv3S6vUCxQuMzT3HTKK9arf0 So8PIpcIiV+sE’
Jan 10 16:46:24 web Tor[3989]: You can check the status of your bridge relay at https://bridges.torproject.org/status?id=669A2C8A57C57 DEE4B685437A7ECC86E9EAF4C3B
Jan 10 16:46:24 web Tor[3989]: Bootstrapped 0% (starting): Starting
Jan 10 16:47:18 web Tor[3989]: Starting with guard context “default”
Jan 10 16:47:18 web Tor[3989]: Registered server transport ‘obfs4’ at ‘0.0.0.0:5152’
Jan 10 16:47:20 web Tor[3989]: Bootstrapped 5% (conn): Connecting to a relay
Jan 10 16:47:20 web Tor[3989]: Bootstrapped 10% (conn_done): Connected to a relay
Jan 10 16:47:20 web Tor[3989]: Bootstrapped 14% (handshake): Handshaking with a relay
Jan 10 16:47:20 web Tor[3989]: Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 10 16:47:20 web Tor[3989]: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Jan 10 16:47:20 web Tor[3989]: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Jan 10 16:47:20 web Tor[3989]: Bootstrapped 30% (loading_status): Loading networkstatus consensus
Jan 10 16:47:22 web Tor[3989]: I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
Jan 10 16:47:23 web Tor[3989]: I learned some more directory information, but not enough to build a circuit: We’re missing descriptors for 1/3 of our primary entry guards (total microdescriptors: 7674/8078). That’s ok. We will try to fetch missing descriptors soon.
Jan 10 16:47:23 web Tor[3989]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Jan 10 16:47:23 web Tor[3989]: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Jan 10 16:47:23 web Tor[3989]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Jan 10 16:47:24 web Tor[3989]: Bootstrapped 100% (done): Done
Jan 10 16:47:24 web Tor[3989]: Now checking whether IPv4 ORPort 216.146.251.8:5151 is reachable… (this may take up to 20 minutes – look for log messages indicating success)
Jan 10 16:47:26 web Tor[3989]: Self-testing indicates your ORPort 216.146.251.8:5151 is reachable from the outside. Excellent. Publish ing server descriptor.
Jan 10 16:48:05 web Tor[3989]: Performing bandwidth self-test…done.

I’ve verified that ports 5151 and 5152 are open for TCP traffic and redirected to the Tor machine, even though that has not changed since I setup in October of 2022.

Here is my torrc:

User tor
PIDFile /run/tor/tor.pid
Log notice syslog
DataDirectory /var/lib/tor/data

ExitRelay 0
RunAsDaemon 1
BridgeRelay 1
ControlPort 9051
CookieAuthentication 1
ORPort 0.0.0.0:5151 IPv4Only
ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:5152 IPV4Only iat_mode=2
ExtORPort auto
Address 216.146.251.8
Nickname SpinnerDolphinBr2
BandwidthRate 256 MBits
RelayBandwidthRate 256 MBits
BandwidthBurst 512 MBits
RelayBandwidthBurst 512 MBits
MaxAdvertisedBandwidth 384 MBits
ContactInfo Random Person <thoughts AT carpenter DASH farms DOT us>
TruncateLogFile 1
SOCKSPort 0

Going to try letting iat_mode default. Open to other suggestions.

Thoughts · January 14, 2024, 8:14am

Appreciate the feedback, but this is a Linux installation.

Thoughts · January 14, 2024, 8:14am

Still showing obfs4 as dysfunctional. Out of ideas.

Felix · January 15, 2024, 8:00pm

Hi

Like mentioed above
》 Did that work, meaning does Tor start Lyrebird (or Obfs4proxy) ?
》Does netstat see Lyrebird listening on the port that the firewall expects, 5151 and 5152?

In addition, can you reach the bridge with a Tor client? Enter the bridgeline from the server’s obfs4_bridgeline.txt.

Cheers

Thoughts · February 6, 2024, 8:25am

FWIW - Saw that a new version of Tor was available, installed it, and everything came alive. Weird.