Snowflake or webtunnel just for me

Sticky · July 11, 2024, 1:11pm

Hello everyone, how can I configure snowflake or webtunnel on my server just for myself?

atari · July 11, 2024, 1:26pm

With a webtunnel bridge it should be possible if you set

PublishServerDescriptor 0

in your torrc.

General setup instructions: Tor Project | WebTunnel Bridge

Sticky · July 11, 2024, 1:48pm

Thx. WebTunnel a bit hard to set up, snowflake is easier, but does snowflake support a bridge for only one user?

gus · July 12, 2024, 12:54pm

No, this feature is not supported.

Sticky · July 12, 2024, 4:24pm

Can this be added?

gus · July 12, 2024, 4:30pm

It seems the Anti-censorship Team won’t work on this feature:

There is an option of deploying the entire snowflake system (broker, proxy, bridge+snowflake), but it seems a lot of manual work.

In your case, I believe deploying a private obfs4 or webtunnel bridge is easier.

Sticky · July 13, 2024, 3:20pm

Ok, I set up webtunnel, I think. It was easier than it first seemed. But is there a manual that I need to write in the local torrc file to connect via webtunnel?

gus · July 13, 2024, 3:24pm

You need to compile the WebTunnel client and use this torrc:

UseBridges 1
DataDirectory datadir
## change the path to your WebTunnel client /home/user/webtunnel/client
ClientTransportPlugin webtunnel exec ./client

## add your WebTunnel bridge line
Bridge webtunnel 192.0.2.3:1 url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
SocksPort auto
#Log info

Reference:

Sticky · July 13, 2024, 6:07pm

Omg…
I always wondered why not put out a ready-made program, why does the user need to compile something? In general, I expected to see a ready-made client in the TOR Browser folder.
I complied git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/tree/main/main/client didn’t work.
Then cd webtunnel/main/client
Then go build
Then sudo cp client /usr/local/bin/webtunnel
The resulting file does not run on Windows.
What’s next?

gus · July 13, 2024, 6:24pm

Ops, if compiling is an issue, you can download and use Tor Expert Bundle:“The tor expert bundle contains the tor and pluggable transports binaries, bridge strings, and geoip data used in Tor Browser.”

In your torrc, instead of executing “webtunnel-client.exe”, you’ll need to change to use lyrebird, which is a binary containing obfs4, webtunnel and other PTs clients.

It will look like something like this:

UseBridges 1
DataDirectory datadir
ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit,webtunnel exec c:\tor\pluggable_transports\lyrebird.exe 
Bridge webtunnel 192.0.2.3:1 url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
SocksPort auto

Sticky · July 13, 2024, 8:49pm

Now, it totally works! Plus, it works faster than Snowflake. Thank you very much!

It looks like a mistake here: Tor Project | Compile and run WebTunnel from the source

webtunnel 10.0.0.2:443 FINGERPRINT url=https://yourdomain/path

I did according to your example:

Bridge webtunnel 192.0.2.3:1 url=https://qw.er.ty/secretpath

Without FINGERPRINT

Another question is whether you need to somehow configure the BridgeDistribution parameter? Now it is not in my torrc on the server. I have configured only PublishServerDescriptor 0 and my bridge is not published. I’m fine with that.

And yet, I executed sudo journalctl -e -u tor@default, and in the output of the log:

Managed proxy "/usr/local/bin/webtunnel" wrote a STATUS line without TRANSPORT: "TYPE=version IMPLEMENTATION=\"webtunnel\" VERSION=\"0.0.1\""

What to do about it?

Pictor · February 7, 2025, 6:30pm

Hello!

Can I ask a question?

I’m new. I just enabled Tor Package Repository on Linux Mint. Now I use Tor as a proxy server via VPN. I installed obfs4 bridges, but this type of bridges is blocked in my region, so the connection does not occur. Webtunnel bridges work well in the Tor browser. I would like to use them in the Tor service as well. I found the instructions, but I doubt if they are correct. Could you correct them? (for example, do I need to write “Log info” at the end of the torrc file)

```sh
$ git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel
$ cd webtunnel/main/client
$ go build
$ sudo cp client /usr/bin/webtunnel

UseBridges 1
ClientTransportPlugin webtunnel exec /usr/bin/webtunnel
Bridge webtunnel <IP>:<PORT> <FINGERPRINT> url=<URL> ver=0.0.1
SocksPort auto
Log info

And if I manage to install webtunnel bridges, will Tor work as a Socks 5 proxy, or do I need to connect differently?

verbal666 · February 10, 2025, 9:53pm

SOCKSPort 0.0.0.0:9050
SOCKSPolicy accept *

In any torrc you use open a socks5 proxy from any_client to TCP 9050 of your host/server where’s running tor service.

Any client can connect to onion by using socks5(h),

curl url -x socks5h://your_tor_host:9050

Pictor · February 11, 2025, 10:38am

Thank you!
Managed to connect.

verbal666 · February 11, 2025, 12:47pm

Obviously if you use Tor Browser, FF is configured by itsself. You can also add the lines described to make access other clients (curl, other browsers, any service/tool which uses a SOCKS5 proxy… PS. tor can also listen to an HTTP PROXY, not only SOCKS,

HTTPTunnelPort [address:]port|auto [*isolation flags]

Open this port to listen for proxy connections using the "HTTP CONNECT" protocol instead of SOCKS. Set this to 0 if you don’t want to allow "HTTP CONNECT" connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. If multiple entries of this option are present in your configuration file, Tor will perform stream isolation between listeners by default. See SocksPort for an explanation of isolation flags. (Default: 0)

But if you use Tor services/bin you can point any app/tool to SOCKS5 host:port as described to enter onion network

Pictor · February 11, 2025, 1:23pm

I have specified localhost : 9050 in the system proxy server settings. Is this not enough for all applications to access the network via Tor?

verbal666 · February 11, 2025, 4:44pm

Nop!
Not all software/tools uses the environment variables to route their network traffic.
Many tools ignore env at all, others need to be properly configured in their config files.

Anyway, set your lan hosts to point to tor as,

export http_proxy=socks5h://tor_host|localhost:9050
export https_proxy=$http_proxy

or

export http_proxy=http://tor_host|localhost:8080
export https_proxy=$http_proxy

And set torrc as above,

HTTPTunnelPort 0.0.0.0:8080
SOCKSPort 0.0.0.0:9050

And all other tool to point to tor_host|localhost:9050 [socks5] or to tor_host|localhost:9050 [http] inside proxy settings.