Obfs4 ports explained

SirNeo · August 19, 2024, 5:22am

I will continue thread from here and the mailing list from here

Without ORPORT exposed to the internet i got this

11:49:55 [WARN] Your server has not managed to confirm reachability for its ORPort(s) at XXX:2024. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address,
/etc/hosts file, etc.

And on bridges.torproject.org/status?id=bridgeid i received the “no resources for the given id”

All this after 24h of running the bridge

Now i have done the port forwarding and i can see this message in the log, hopefuly in 1-2h i can check again the bridgedb.

12:05:57 [NOTICE] Self-testing indicates your ORPort XXXX:2024 is reachable from the outside. Excellent. Publishing server descriptor.

So is it seems both ports need to be exposed in the internet

meskio · August 19, 2024, 10:59am

Yes, the tor daemon expect to have the ORPort reachable and will give an error if is not. You can add AssumeReachable 1 to your torrc so it will assume the ORPort is reachable, will skip this check and publish the bridge descriptor. Doing that you can run a bridge without publishing the ORPort.

We plan to make this the recommended way to run bridges but haven’t updated the documentation yet: Recommend not exposing OrPort for bridges (#129) · Issues · The Tor Project / Anti-censorship / Team · GitLab

SirNeo · August 19, 2024, 12:54pm

Thanks, I will do that right away because my feeling is that censors discovery my bridge using the vanilla port (ORport) and ban the entire class so obfs4 becomes obsolete