Obfs4 bridge configuration

ja7670c · October 28, 2024, 12:13pm

Hello everyone

I’ve been looking at the documentation for days to get an obs4 bridge up and running, but no matter how many times I look at it (check, modify and check again) I can’t get it to work, which is why I’ve decided to ask you for help.

My /etc/tor/torrc file is:

Log notice file /var/log/tor/notices.log
GeoIPFile /usr/share/tor/geoip
GeoIPv6File /usr/share/tor/geoip6
ControlPort 9061

## Bridge Tor Relay configuration [btr1]
BridgeRelay 1
PublishServerDescriptor 1
BridgeDistribution none
DataDirectory /var/lib/tor

#This port must be externally reachable.
# Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet
ORPort 9011 IPv4Only

#This port must be externally reachable and must be different from the one specified for ORPort.
# Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:9012

# Local communication port between Tor and obfs4. Always set this to "auto".
# "Ext" means "extended", not "external". Don't try to set a specific port number, nor listen on 0.0
ExtORPort auto
CookieAuthentication 1

# Replace "<address@email.com>" with your email address so we can contact you if there are problems with your server.
# This is optional but encouraged.
ContactInfo <my_email@mydomain>

# Pick a nickname that you like for your bridge. This is optional.
Nickname btr1

In principle I would say that everything is correct, because looking at the log file /var/log/tor/notices.log

Oct 28 12:44:18.000 [notice] Tor 0.4.8.12 opening log file.
Oct 28 12:44:17.690 [notice] We compiled with OpenSSL 30000020: OpenSSL 3.0.2 15 Mar 2022 and we are running with OpenSSL 30000020: 3.0.2. These two versions should be binary compatible.
Oct 28 12:44:17.903 [notice] Tor 0.4.8.12 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.2, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.35 as libc.
Oct 28 12:44:17.903 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Oct 28 12:44:17.904 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 28 12:44:17.916 [notice] Read configuration file "/etc/tor/torrc".
Oct 28 12:44:18.017 [notice] Based on detected system memory, MaxMemInQueues is set to 715 MB. You can override this by setting MaxMemInQueues by hand.
Oct 28 12:44:18.108 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 28 12:44:18.110 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Oct 28 12:44:18.110 [notice] Opening Control listener on 127.0.0.1:9061
Oct 28 12:44:18.110 [notice] Opened Control listener connection (ready) on 127.0.0.1:9061
Oct 28 12:44:18.110 [notice] Opening OR listener on 0.0.0.0:9011
Oct 28 12:44:18.111 [notice] Opened OR listener connection (ready) on 0.0.0.0:9011
Oct 28 12:44:18.111 [notice] Opening Extended OR listener on 127.0.0.1:0
Oct 28 12:44:18.118 [notice] Extended OR listener listening on port 40191.
Oct 28 12:44:18.118 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:40191
Oct 28 12:44:35.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 28 12:44:38.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 28 12:44:40.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Oct 28 12:44:44.000 [notice] Your Tor server's identity key fingerprint is 'btr1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Oct 28 12:44:44.000 [notice] Your Tor bridge's hashed identity key fingerprint is 'btr1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Oct 28 12:44:44.000 [notice] Your Tor server's identity key xx00000000 fingerprint is 'btr1 PcVgKjdwdeOheSMvMuy3CictjoE9NXC2ISyIqMhIBr8'
Oct 28 12:44:44.000 [notice] You can check the status of your bridge relay at https://bridges.torproject.org/status?id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Oct 28 12:44:44.000 [notice] Bootstrapped 0% (starting): Starting
Oct 28 12:44:53.000 [notice] Starting with guard context "default"
Oct 28 12:47:22.000 [notice] Signaled readiness to systemd
Oct 28 12:47:22.000 [notice] Registered server transport 'obfs4' at '[::]:9012'
Oct 28 12:47:23.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Oct 28 12:47:24.000 [notice] Opening Socks listener on /run/tor/socks
Oct 28 12:47:24.000 [notice] Opened Socks listener connection (ready) on /run/tor/socks
Oct 28 12:47:24.000 [notice] Opening Control listener on /run/tor/control
Oct 28 12:47:24.000 [notice] Opened Control listener connection (ready) on /run/tor/control
Oct 28 12:47:24.000 [notice] Unable to find IPv4 address for ORPort 9011. You might want to specify IPv6Only to it or set an explicit address or set Address.
Oct 28 12:47:24.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Oct 28 12:47:24.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Oct 28 12:47:24.000 [notice] External address seen and suggested by a directory authority: 83.50.242.167
Oct 28 12:47:24.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Oct 28 12:47:24.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Oct 28 12:47:24.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Oct 28 12:47:24.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Oct 28 12:47:33.000 [notice] Bootstrapped 100% (done): Done
Oct 28 12:48:23.000 [notice] Now checking whether IPv4 ORPort xxx.xxx.xxx.xx:9011 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 28 12:48:28.000 [notice] Self-testing indicates your ORPort xxx.xxx.xxx.xxx:9011 is reachable from the outside. Excellent. Publishing server descriptor.
Oct 28 12:49:28.000 [notice] Performing bandwidth self-test...done.

But that’s how it stays, on the contrary if I go to the link https://bridges.torproject.org/status?id= I always get the same response:

Bridge DF3B6AB318B9F942ACA594B8AEA3FE0E04E873C9 advertises:

obfs4 IPv4: dysfunctional
Error: timed out waiting for bridge descriptor
Last tested: 2024-10-28 11:40:22.587590415 +0000 UTC (13m39.245087765s ago)

Can someone tell me what I’m doing wrong, or what I’m not doing, because my level of frustration is starting to be worrying.

Thank you for your time

Best regards

tobrop · October 28, 2024, 1:42pm

Hello,

your obfs4 port 9012 is reachable? You can verify it with the reachability test.

ja7670c · October 28, 2024, 3:26pm

Hi tobrop

Thanks for your support.

I checked your comment about checking if the port is reachable, I performed the test and… oh!! to my surprise it is not reachable.

I checked everything and discovered that in the NAT configuration in the firewall my legendary “dyslexia” has eaten up port 9012, well… I configure it, start the service and perform the test you mentioned again, IT IS REACHABLE!!!

Euphoric and ecstatic, I check again at the link https://bridges.torproject.org/status?id= and I see that the message has changed to not “verified”

After a few minutes, the message has changed again to:

Bridge DF3B6AB318B9F942ACA594B8AEA3FE0E04E873C9 advertises:

obfs4 IPv4: dysfunctional
Error: timed out waiting for bridge descriptor
Last tested: 2024-10-28 15:04:28.281247552 +0000 UTC (12m17.24970656s ago)
obfs4 IPv4: not yet tested

What really puzzles me is not “not yet tested” but the previous “ovfs4 IPv4: dysfunctional” as well as the “Error: time out waiting for bridge descriptor”

Any other suggestions?

Thanks

tobrop · October 28, 2024, 3:49pm

I would just wait now and see, possibly just an update problem on the status page. In the meantime, maybe Nyx can help you.

ja7670c · October 28, 2024, 4:16pm

Hi tobrop

I think it is what you say about a possible problem with the page update, since now after about 30 minutes this message appears (the first part remains the same) but now the second part changes:

Bridge DF3B6AB318B9F942ACA594B8AEA3FE0E04E873C9 advertises:

obfs4 IPv4: dysfunctional
Error: timed out waiting for bridge descriptor
Last tested: 2024-10-28 15:04:28.281247552 +0000 UTC (1h6m36.006391234s ago)
obfs4 IPv4: functional
Last tested: 2024-10-28 15:49:56.69497904 +0000 UTC (21m7.592666977s ago)

Thanks for the support-

Best regards