API tools faq
paste
Advertisement
Guest User

Setting Up an Obfuscated Tor Bridge

a guest
Feb 12th, 2012
2,488
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.17 KB | None | 0 0
raw download clone embed print report
  1. As of this week, in the run up to the anniversary of the Islamic Revolution, Iran has imposed more draconian censorship of the internet than usual. It is unknown as of this time if this is due to Iran finally launching their new "National Internet," which is a glorified intranet, or if it is specific to deep packet inspection that is killing known forms of encrypted connections. As a direct result of this, the ability for Iranians to use Tor has essentially been cut off. Here are some graphics to demonstrate from the Tor Project:
  2.  
  3. http://metrics.torproject.org/direct-users.png?nocutoff=off&start=2011-11-12&events=on&dpi=72&end=2012-05-10&country=ir
  4.  
  5. https://metrics.torproject.org/bridge-users.png?start=2011-11-12&dpi=72&end=2012-05-10&country=ir
  6.  
  7. A Tor Bridge allowed people to connect to the Tor Network when a country or ISP had blacklisted all the known Tor nodes. Iran upped their abilities to block access as shown by above. Those at the Tor Project have created a tool to obfuscate or Bridge connections, thus still allowing Iranians to connect to Tor at the moment. The following are a handful of instructions to setup Tor and a Tor Bridge if you desire to do so. At the moment, the only option involves using Linux, which may seem daunting for any of you who haven't used it. But, it's actually quite simple. [NOTE: It makes more sense to do this on a machine that you have connected to the net via ethernet rather than a wireless connection.]
  8.  
  9. I.) - Installing Linux -
  10.  
  11. 1.) If you are a Windows user, installing Ubuntu Linux is now a breeze. You can do it with a utility called Wubi. It's a point-and-click program that you run from within Windows and, if you don't want Ubuntu on your system anymore, will remove it for you via clicking the program again. Setting a 16 gig install will be more than enough. The download link, in addition to instructions on to how to use the program, can be found here:
  12.  
  13. http://www.ubuntu.com/download/ubuntu/windows-installer
  14.  
  15. 2.) After you have installed Ubuntu Linux via Wubi, reboot your machine, select "Ubuntu" in the menu that appears and login.
  16.  
  17. 3.) Open a Terminal window by typing "CTRL-ALT-T". Inside the terminal window type "sudo -s". Enter your password and you will have full root privileges. While this is generally not the recommended way to tweak Ubuntu, it will make things easier for these instructions.
  18.  
  19. 4.) Next, you should upgrade your Ubuntu distro to the latest version. Thus, in the terminal window, type "apt-get update". When that is finished, type "apt-get dist-upgrade" and say yes to the install. This could take a bit of time. But, it's worth doing.
  20.  
  21. II.) -Installing Tor-
  22.  
  23. In order to help people in Iran, you will need to install the Development version of Tor. Here are the steps.
  24.  
  25. 1.) In your open terminal window, type "nano /etc/apt/sources.list". Then, add the following lines at the bottom of the file:
  26.  
  27. deb http://deb.torproject.org/torproject.org oneiric main
  28. deb http://deb.torproject.org/torproject.org experimental-oneiric main
  29.  
  30. 3.) To close Nano and save the file, type "CTRL-X". You'll be prompted for the file name, where you can just press "Enter" and then select "Y" to overwrite it.
  31.  
  32. 4.) At the prompt in the terminal window, enter the next following lines one by one:
  33.  
  34. gpg --keyserver keys.gnupg.net --recv 886DDD89
  35. gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
  36. apt-get update
  37. apt-get install tor tor-geoipdb
  38.  
  39. III.) - Installing Obfsproxy -
  40.  
  41. This is the software that will allow you to run the obfuscated bridge.
  42.  
  43. 1.) Type the following line in your open terminal window:
  44.  
  45. apt-get install autoconf autotools-dev gcc git pkg-config libtool libevent-2.0-5 libevent-dev libevent-openssl-2.0-5 libssl-dev
  46.  
  47. 2.) When that is finished, type the following line in your terminal window:
  48.  
  49. git clone https://git.torproject.org/obfsproxy.git
  50. cd obfsproxy
  51. ./autogen.sh && ./configure && make
  52. make install
  53.  
  54. IV.) - Configuring the Bridge -
  55.  
  56. Now you need to edit the torrc file to run the bridge:
  57.  
  58. 1.) In your open terminal window, type "nano /etc/tor/torrc", go to the bottom of the file, and add the following lines (note: choose a unique name for your Bridge where "YourBridgeName" appears):
  59.  
  60. ORPort 9001
  61. Nickname YourBridgeName
  62. BridgeRelay 1
  63. ServerTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed
  64.  
  65. 2.) To close Nano and save the file, type "CTRL-X". You'll be prompted for the file name, where you can just press "Enter" and then select "Y" to overwrite it.
  66.  
  67. 3.) Now you need to restart Tor to read the new settings. In your terminal, type "/etc/init.d/tor restart".
  68.  
  69. 4.) Now you need to get the port number where your obfuscated bridge is running. In your terminal type "nano /var/log/tor/log". Next, type "CTRL-W" and enter "Registered server transport" as your search string. You should go to a line that has an address that contains something like "0.0.0.0:34545" at the end. The numbers after the colon will likely be different. But, those numbers that will be where "34545" is located is the number of your bridge port. Right it down or copy it to a textfile, as you will need this later. (Note: If, by chance, you do not find such an entry in your Tor log, type "/etc/init.d/tor restart" again and continue checking the log until it comes up. On some machines, I had to restart Tor 1 or 2 times before the port number we need showed up in the log).
  70.  
  71. 5.) There is an application dock on the left hand side of your desktop. Open Firefox from there and go to http://www.cmyip.com. Write down or copy your IP address that is displayed in your web browsers.
  72.  
  73. 6.) The Tor Bridge address that people will need to know in order to b able to connect to Tor via your machine from Iran is your IP address plus the port number that you wrote down via step 4. It would appear as YourIPAddress:ObfuscatedBridgePort (for example, '25.12.123.212:34545'). Send an e-mail to "tor-assistants at torproject.org" with your IP Address and Obfuscated Bridge Port as described in Step 5.
  74.  
  75. V.) - Set Up Firewall Rules -
  76.  
  77. It is always a good idea to set up a firewall for a machine running 24/7. This is fairly simple in Ubuntu.
  78.  
  79. 1.) From your terminal window, type "apt-get install gufw". This will install a GUI Firewall Setup.
  80.  
  81. 2.) Type "gufw &" from your terminal window. In the window that comes up, click on the padlock icon in the lower right hand corner. You will be prompted for your password.
  82.  
  83. 3.) Click the "+" button in the lower left hand side of the gufw window. This brings up the window to add rules. Click on the "simple" tab. In the spot where you can enter text, type "9001" and click the "add" button. Then, type the number of your Obfuscated Bridge Port that you got from Step 4 in Section IV in the same spot and click "Add." Then close the window.
  84.  
  85. 4.) From the main gufw window, in the pulldown menu next to incoming, select "deny."
  86.  
  87. VI.) - Setting up your Router
  88.  
  89. It is my assumption that almost all of you are going to be connecting to the net via a router nowadays. If that is the case, you will likely have to enable port forwarding in your router's setup. The interface is a bit different for all. But, generally, you can connect to it by opening Firefox and going to either "192.168.1.1" or "192.168.2.1" as the web address. Here are the steps.
  90.  
  91. 1.) First get your local IP address. From your open terminal window, type "ifconfig". If you are connected via an ethernet connection, your local IP address will be in the section for "eth0" most likely. If you are using a wireless connection, it will likely be in "wlan0." The address you are look for will be something like "192.168.1.2". It will follow a header called "inet addr:".
  92.  
  93. 2.) In the port forwarding section for your router (on some routers, it's called "virtual servers"), add port "9001" as an inbound port and set it to point to your local IP address plus the same port number (for example "192.168.1.2 9001"). Do the exact same thing for the Obfuscated Tor Bridge Port you got from Section IV, Step 4.
  94.  
  95. From here, you should have a running and functional Obfuscated Tor Bridge. If anyone runs into any trouble, please drop me a line. I'm trying to make this tutorial as beginner friendly as possible.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!