obfs4 bridge support

[b1oki]

It would be nice to be able to use the bridge, probably by specifying the path to a file with a list of bridges.
Example:

obfs4 ip:port key iat-mode=0

-- comment from issue #31

Perhaps there is another way to bypass the blocking of the Tor, but this method seems to me the most obvious.

[PeterDaveHello]

What exactly should be done here to support it?

[b1oki]

Include obfs4proxy packet.

If obfs4 enabled, file /etc/tor/torrc should be contain:

ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 ip:port key iat-mode=0
UseBridges 1

I think list of bridges can be filled from an external file. And we can determine by the fact that the parameter with the path to the file with bridges is filled in, whether the use of the bridge is enabled.

[PeterDaveHello]

@b1oki I'm not sure how many of the users here need it so that we should include it by default. Will take a look at the details, especially the effort and impact on image size, and see what can we do for it.

[PeterDaveHello]

Looks like obfs4proxy package only exist in the edge branch right now:

• https://pkgs.alpinelinux.org/packages?name=obfs4proxy&branch=edge

Can't find it in v3.16 branch:

• https://pkgs.alpinelinux.org/packages?name=obfs4proxy&branch=v3.16

Let's add the package in the image first, as it's more advanced usage, I believe that users who needed will be able to mount self-modified config and the bridge list into the container, at least don't need to install the package again.

[b1oki]

Runs on Raspberry, but cannot connect to Relay. Maybe bridges unavailable. Message: "Delaying directory fetches: No running bridges". Tryied bridges from https://torscan-ru.ntc.party/ and https://bridges.torproject.org/bridges/?transport=obfs4. Might @NickiHell help me

[NickiHell]

Runs on Raspberry, but cannot connect to Relay. Maybe bridges unavailable. Message: "Delaying directory fetches: No running bridges". Tryied bridges from https://torscan-ru.ntc.party/ and https://bridges.torproject.org/bridges/?transport=obfs4. Might @NickiHell help me

Add in Dockerfile:
RUN /bin/sh -c apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing obfs4proxy

Add in torrc:

UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 107.189.14.228:2042 755B8D9967A8E9678C18822AB0C2622057A12AA3 cert=lY6L0qguLEylITkmpst6fzjDagpQLX/zKO4bW/WAlEbJaXLdfXq4Hr3leXpc+7oL7mWULA iat-mode=0
Bridge obfs4 208.126.24.214:3030 8EC0FA12703AE80E46C0BE43E1BF00D16E0DB830 cert=/tiNx9L0jTrQlctbY+YoLS82w8qdHPyzukQwa9NiTibtcc2ISbhOhAY5p7Ke76bdsTLTVw iat-mode=0
Bridge obfs4 46.226.106.0:2693 65DA2C6CCC608D538388BA35257B330B1EC68F60 cert=ofziB4sqqQSymILRXtzaDQbhi59LQVYHDajQoG47gN8WR535sGPlBxSITXU9UWw6QFz2AA iat-mode=0
Bridge obfs4 108.61.166.44:443 96589051314BF00CC6A76A153AC17E7549C4B0FC cert=RYFD9oV8tbaZvgeiw1UTL7GpaTRetJSyofgrM+C1n374/rEy/zfSscqFJ6deV6ne5H2EKg iat-mode=0

You can find bridges via https://t.me/GetBridgesBot

[b1oki]

You can find bridges via https://t.me/GetBridgesBot

Thank you, but I think the Country's Firewall is too strong.

Oct 07 09:17:34.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 07 09:17:36.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 07 09:17:38.000 [notice] Bootstrapped 0% (starting): Starting
Oct 07 09:17:38.000 [notice] Starting with guard context "bridges"
Oct 07 09:17:38.000 [notice] Delaying directory fetches: No running bridges
Oct 07 09:20:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:20:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:21:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:22:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:22:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:23:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)

[NickiHell]

You can find bridges via https://t.me/GetBridgesBot

Thank you, but I think the Country's Firewall is too strong.

Oct 07 09:17:34.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 07 09:17:36.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 07 09:17:38.000 [notice] Bootstrapped 0% (starting): Starting
Oct 07 09:17:38.000 [notice] Starting with guard context "bridges"
Oct 07 09:17:38.000 [notice] Delaying directory fetches: No running bridges
Oct 07 09:20:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:20:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:21:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:22:02.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:22:42.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)
Oct 07 09:23:22.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for rendezvous desc)

You're doing something wrong. Bridges should work, it says in the logs that there are no bridges.

[b1oki]

You're doing something wrong. Bridges should work, it says in the logs that there are no bridges

With torrc #ClientTransportPlugin line.

Oct 15 02:18:08.000 [notice] Bootstrapped 0% (starting): Starting
Oct 15 02:18:08.000 [notice] Starting with guard context "bridges"
Oct 15 02:18:08.000 [notice] Delaying directory fetches: No running bridges
Oct 15 02:18:09.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Oct 15 02:18:09.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Oct 15 02:18:09.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Oct 15 02:18:09.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Oct 15 02:18:09.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Oct 15 02:18:09.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Oct 15 02:18:09.000 [notice] new bridge descriptor 'moukari' (fresh):
Oct 15 02:18:09.000 [notice] Bridge 'yourmom13bskd301' has both an IPv4 and an IPv6 address.  Will prefer using its IPv4 address
...
Oct 15 02:18:27.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Oct 15 02:18:28.000 [notice] Bootstrapped 100% (done): Done

[PeterDaveHello]

@b1oki I just found that this could make us harder to do #8, need to reconsider making it available by default or not, as the obfs4proxy package is not really for different platforms, the build for linux/arm64 or linux/arm/v6 platform like Raspberry Pi would be broken.

[PeterDaveHello]

Reference:

• https://pkgs.alpinelinux.org/packages?name=obfs4proxy&branch=edge&arch=aarch64
• https://pkgs.alpinelinux.org/packages?name=obfs4proxy&branch=edge&repo=&arch=armhf

[b1oki]

Run container with bridges on x86_64. For now using volumes. Example:

cat ./bridges.txt
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 x.x.x.x:xxx xxx cert=xxx iat-mode=0
UseBridges 1


docker run -d --restart=always --name tor-socks-proxy -p 0.0.0.0:9100:9150 -v $(pwd)/bridges.txt:/home/bridges.txt ghcr.io/peterdavehello/tor-socks-proxy sh -c "cat /home/bridges.txt >> /etc/tor/torrc; /usr/bin/tor -f /etc/tor/torrc"