[tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

Mailing Lists tor-relays
13

New update: In the last few weeks, internal political conflicts and
other events[1] in Turkmenistan have led to another wave of censorship
on Tor and anti-censorship tools. Tor bridges have been one of the few
free alternatives for people in Turkmenistan to connect with the world
and access the open Internet.

I stopped snowflake and now a bridge is running on my dynIP.

## torrc example

BridgeRelay 1
ORPort 127.0.0.1:auto
AssumeReachable 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtORPort auto
Nickname helptm
ContactInfo <please-add-your-email-here>
Log notice file /var/log/tor/notices.log
# If you set BridgeDistribution none, please remember to email
# your bridge line to us: frontdesk@torproject.org
BridgeDistribution none

But I have that in the log :frowning:
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv4 ORPort address 127.0.0.1 does not match the descriptor address 203.0.113.18. If you have a static public IPv4 address, use 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'.
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv6 ORPort address ::1 does not match the descriptor address 2001:db8:1234:1:bbbb:eeee:eeee:ffff. If you have a static public IPv4 address, use 'Address <IPv6>' and 'OutboundBindAddress <IPv6>'. If you are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> NoAdvertise'.

I don't know if I should ignore that or better configure it that way:
ORPort 127.0.0.1:8443 NoListen
ORPort 8443 NoAdvertise
ORPort [::1]:8443 NoListen
ORPort 8443 NoAdvertise

I'm aware of

I hope to get it done with scipting on my Mikrotik, or switch to ipv4 only.

frontdesk@torproject.org has no PGP key, can I send you or meskio the bridgeline?

Bridgeline must be:
Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=abra+kadabra iat-mode=0
But DynIP changes every few days. Do you also give the bridge users myrouter.example.net?

Because of your post in the forum:

should we do this with all running bridges, or only the hidden ones?

ยทยทยท

On Freitag, 21. Juli 2023 18:07:35 CEST gus wrote:

--
Ciao Marco!