SHOW:
|
|
- or go back to the newest paste.
| 1 | How to get an obfsproxy-enabled tor bridge running on a torcloud EC2 amazon server. | |
| 2 | ||
| 3 | Version 0.2 by .koolfy | |
| 4 | _________________________________ | |
| 5 | ||
| 6 | ||
| 7 | ||
| 8 | ||
| 9 | 1- build and install obfsproxy | |
| 10 | ------------------------------ | |
| 11 | ||
| 12 | > get necessary tools to compile source code | |
| 13 | $ sudo apt-get install autoconf autotools-dev gcc pkg-config libtool git-core devscripts | |
| 14 | ||
| 15 | - | >fetch the .deb files that are not included it ubuntu's deps |
| 15 | + | >fetch the .deb files that are not included it ubuntu's repos |
| 16 | $ dget http://gaffer.ptitcanardnoir.org/intrigeri/tmp/libevent_2.0.16-stable-1~bpo60+1/libevent_2.0.16-stable-1~bpo60+1_i386.changes | |
| 17 | ||
| 18 | > install those in the right order | |
| 19 | $ sudo dpkg -i libevent-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb | |
| 20 | $ sudo dpkg -i libevent-core-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb | |
| 21 | $ sudo dpkg -i libevent-extra-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb | |
| 22 | $ sudo dpkg -i libevent-pthreads-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb | |
| 23 | ||
| 24 | > we also need newer libssl packages | |
| 25 | $ wget http://mirror.pnl.gov/ubuntu//pool/main/o/openssl/libssl0.9.8_0.9.8o-5ubuntu1.2_i386.deb | |
| 26 | $ wget http://mirror.pnl.gov/ubuntu//pool/main/o/openssl/libssl-dev_0.9.8o-5ubuntu1.2_i386.deb | |
| 27 | $ sudo dpkg -i libssl0.9.8_0.9.8o-5ubuntu1.2_i386.deb | |
| 28 | $ sudo apt-get install zlib1g-dev | |
| 29 | $ sudo dpkg -i libssl-dev_0.9.8o-5ubuntu1.2_i386.deb | |
| 30 | $ sudo dpkg -i libssl0.9.8_0.9.8o-7ubuntu1_i386.deb | |
| 31 | $ sudo dpkg -i libevent-openssl-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb | |
| 32 | $ sudo dpkg -i libevent-dbg_2.0.16-stable-1~bpo60+1_i386.deb | |
| 33 | $ sudo dpkg -i libevent-dev_2.0.16-stable-1~bpo60+1_i386.deb | |
| 34 | ||
| 35 | > get obfsproxy's source code | |
| 36 | $ git clone https://git.torproject.org/obfsproxy.git | |
| 37 | $ cd obfsproxy/ | |
| 38 | $ ./autogen.sh && ./configure && make | |
| 39 | $ sudo make install | |
| 40 | $ cd | |
| 41 | ||
| 42 | > obfsproxy is now built and installed in the system | |
| 43 | ||
| 44 | ||
| 45 | ||
| 46 | 2- modify torrc | |
| 47 | --------------- | |
| 48 | ||
| 49 | $ sudo vim /etc/tor/torrc | |
| 50 | ||
| 51 | > add this line at the end of the file : | |
| 52 | ||
| 53 | ServerTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed | |
| 54 | ||
| 55 | > save and close the file. | |
| 56 | ||
| 57 | ||
| 58 | ||
| 59 | ||
| 60 | -2b Until https://trac.torproject.org/projects/tor/ticket/5104 is fixed (mainly affects torcloud images) | |
| 61 | ----------------------------------------------------------------------- | |
| 62 | ||
| 63 | > we need to do a workaround directly in tor's source code, so we get it | |
| 64 | $ git clone git://git.torproject.org/tor.git | |
| 65 | $ cd tor | |
| 66 | $ vim src/or/transports.c | |
| 67 | ||
| 68 | > find the "router_get_advertised_or_port(options)" expression (it should be located at line 1122) and replace it with "9001" | |
| 69 | > if your ORListenAddress is set to 0.0.0.0:SOMETHING in your /etc/tor/torrc, replace "9001" with "SOMETHING" | |
| 70 | ||
| 71 | > and now we build our modified tor | |
| 72 | $ sh autogen.sh | |
| 73 | $ ./configure --disable-asciidoc | |
| 74 | $ make | |
| 75 | ||
| 76 | > be sure to remove every old tor component from the system before we install our modified one in its place | |
| 77 | $ cat /usr/share/tor/tor-service-defaults-torrc | |
| 78 | ||
| 79 | > put everything this command outputs at the end of your /etc/tor/torrc file. | |
| 80 | (It would be wise to write a comment like "#this is from /usr/share/tor/tor-service-defaults-torrc" before those lines to know where they are from, and remember to remove them when you use the apt-get provided tor package again.) | |
| 81 | ||
| 82 | $ sudo apt-get remove tor | |
| 83 | ||
| 84 | $ sudo make install | |
| 85 | ||
| 86 | ||
| 87 | ||
| 88 | -3 launch tor with obfsproxy | |
| 89 | ------------------------- | |
| 90 | ||
| 91 | ||
| 92 | > IF https://trac.torproject.org/projects/tor/ticket/5104 IS NOT FIXED AND YOU HAD TO RECOMPILE TOR | |
| 93 | $ sudo tor -f /etc/tor/torrc | |
| 94 | ||
| 95 | ||
| 96 | > if you didn't mess with Tor and still use the one provided by apt-get, simply use | |
| 97 | $ sudo /etc/init.d/tor restart | |
| 98 | ||
| 99 | ||
| 100 | > see /var/log/tor/log or arm's output and look for both lines : | |
| 101 | ||
| 102 | 18:44:55 [WARN] Registered server transport 'obfs2' at '0.0.0.0:<PORT>' | |
| 103 | 18:44:55 [NOTICE] Guessed our IP address as <IP> (source: <SOMETHING>). | |
| 104 | ||
| 105 | Your bridge should be reachable at <IP>:<PORT> | |
| 106 | ||
| 107 | ||
| 108 | -4 configure amazon's firewall to forward the right port | |
| 109 | -------------------------------------------------------- | |
| 110 | ||
| 111 | > go to your EC2 dashboard via the amazon web interface | |
| 112 | https://console.aws.amazon.com/ec2/login!doAuthenticate#s=SignUp | |
| 113 | ||
| 114 | > on the left menu, click on "Security Groups" | |
| 115 | > click on "tor-cloud-servers" | |
| 116 | ||
| 117 | > on the frame at the bottom of the screen, click on the tab called "Inbound" | |
| 118 | > under "Custom TPC rule" on the "port range" line, write the port number of your obfsproxy instance (<PORT> on the section -3) | |
| 119 | > click on the "Add Rule" button | |
| 120 | > click on the "Apply rule change" button. | |
| 121 | ||
| 122 | Do this every time your obfsproxy port changes. | |
| 123 | ||
| 124 | ||
| 125 | -4 test if your bridge is reachable through obfsproxy | |
| 126 | ----------------------------------------------------- | |
| 127 | ||
| 128 | > get obfsproxy's Tor Browser Bundle here | |
| 129 | https://www.torproject.org/projects/obfsproxy | |
| 130 | ||
| 131 | > extract the content, and remove every | |
| 132 | bridge obfs2 <IP>:<PORT> | |
| 133 | ||
| 134 | > entry already present on your data/tor/torrc file | |
| 135 | ||
| 136 | > write one and only one line with the <IP>:<PORT> of YOUR obfsproxy bridge (see section 3-) | |
| 137 | bridge obfs2 <IP>:<PORT> | |
| 138 | ||
| 139 | ||
| 140 | > launch the bundle, vidalia should stard and try to connect to the tor network through your obfsproxy bridge. If it succeeds and the browser launches and works as it should, your obfsproxy bridge works. If vidalia's connection to the tor network stalls, something is wrong. | |
| 141 | ||
| 142 | ||
| 143 | ||
| 144 | ||
| 145 | IMPORTANT NOTES | |
| 146 | _______________ | |
| 147 | ||
| 148 | ||
| 149 | This is not a definitive howto. | |
| 150 | This is an explanation on how to set up an obfsproxy bridge on torcloud images RIGHT NOW, immediately. | |
| 151 | As the time of writing this, there is no stable obfsproxy package in ubuntu's repos, and bug #5104 is not fixed. | |
| 152 | This means that you have to build obfsproxy manually, and maybe even tor (to workaround bug #5104). Thus neither obfsproxy nor tor softwares will be able to upgrade themselves via apt-get. | |
| 153 | ||
| 154 | If you go down that road, be sure to do so manually and regularly, as it's very important that you bridge runs the lastest version of both obfsproxy and tor software. | |
| 155 | ||
| 156 | ||
| 157 | If when you read this obfsproxy is available through apt-get on torcloud images and bug #5104 is fixed in tor, please avoind building anything manually and use apt-get install instead. | |
| 158 | ||
| 159 | ||
| 160 | ||
| 161 | If you have any question, or problem, come to irc.oftc.net/6667 channel #tor and ask for help. |
