Obfs4 ports explained

I will continue thread from here and the mailing list from here

Without ORPORT exposed to the internet i got this

11:49:55 [WARN] Your server has not managed to confirm reachability for its ORPort(s) at XXX:2024. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address,
/etc/hosts file, etc.

And on bridges.torproject.org/status?id=bridgeid i received the “no resources for the given id”

All this after 24h of running the bridge

Now i have done the port forwarding and i can see this message in the log, hopefuly in 1-2h i can check again the bridgedb.

12:05:57 [NOTICE] Self-testing indicates your ORPort XXXX:2024 is reachable from the outside. Excellent. Publishing server descriptor.

So is it seems both ports need to be exposed in the internet

Yes, the tor daemon expect to have the ORPort reachable and will give an error if is not. You can add AssumeReachable 1 to your torrc so it will assume the ORPort is reachable, will skip this check and publish the bridge descriptor. Doing that you can run a bridge without publishing the ORPort.

We plan to make this the recommended way to run bridges but haven’t updated the documentation yet: Recommend not exposing OrPort for bridges (#129) · Issues · The Tor Project / Anti-censorship / Team · GitLab

Thanks, I will do that right away because my feeling is that censors discovery my bridge using the vanilla port (ORport) and ban the entire class so obfs4 becomes obsolete

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.