Advertisement
Guest User

obfsproxy tor bridge on torcloud

a guest
Feb 14th, 2012
262
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. How to get an obfsproxy-enabled tor bridge running on a torcloud EC2 amazon server.
  2.  
  3. Version 0.2 by .koolfy
  4. _________________________________
  5.  
  6.  
  7.  
  8.  
  9. 1- build and install obfsproxy
  10. ------------------------------
  11.  
  12. > get necessary tools to compile source code
  13. $ sudo apt-get install autoconf autotools-dev gcc pkg-config libtool git-core devscripts
  14.  
  15. >fetch the .deb files that are not included it ubuntu's repos
  16. $ dget http://gaffer.ptitcanardnoir.org/intrigeri/tmp/libevent_2.0.16-stable-1~bpo60+1/libevent_2.0.16-stable-1~bpo60+1_i386.changes
  17.  
  18. > install those in the right order
  19. $ sudo dpkg -i libevent-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb
  20. $ sudo dpkg -i libevent-core-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb
  21. $ sudo dpkg -i libevent-extra-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb
  22. $ sudo dpkg -i libevent-pthreads-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb
  23.  
  24. > we also need newer libssl packages
  25. $ wget http://mirror.pnl.gov/ubuntu//pool/main/o/openssl/libssl0.9.8_0.9.8o-5ubuntu1.2_i386.deb
  26. $ wget http://mirror.pnl.gov/ubuntu//pool/main/o/openssl/libssl-dev_0.9.8o-5ubuntu1.2_i386.deb
  27. $ sudo dpkg -i libssl0.9.8_0.9.8o-5ubuntu1.2_i386.deb
  28. $ sudo apt-get install zlib1g-dev
  29. $ sudo dpkg -i libssl-dev_0.9.8o-5ubuntu1.2_i386.deb
  30. $ sudo dpkg -i libssl0.9.8_0.9.8o-7ubuntu1_i386.deb
  31. $ sudo dpkg -i libevent-openssl-2.0-5_2.0.16-stable-1~bpo60+1_i386.deb
  32. $ sudo dpkg -i libevent-dbg_2.0.16-stable-1~bpo60+1_i386.deb
  33. $ sudo dpkg -i libevent-dev_2.0.16-stable-1~bpo60+1_i386.deb
  34.  
  35. > get obfsproxy's source code
  36. $ git clone https://git.torproject.org/obfsproxy.git
  37. $ cd obfsproxy/
  38. $ ./autogen.sh && ./configure && make
  39. $ sudo make install
  40. $ cd
  41.  
  42. > obfsproxy is now built and installed in the system
  43.  
  44.  
  45.  
  46. 2- modify torrc
  47. ---------------
  48.  
  49. $ sudo vim /etc/tor/torrc
  50.  
  51. > add this line at the end of the file :
  52.  
  53. ServerTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed
  54.  
  55. > save and close the file.
  56.  
  57.  
  58.  
  59.  
  60. -2b Until https://trac.torproject.org/projects/tor/ticket/5104 is fixed (mainly affects torcloud images)
  61. -----------------------------------------------------------------------
  62.  
  63. > we need to do a workaround directly in tor's source code, so we get it
  64. $ git clone git://git.torproject.org/tor.git
  65. $ cd tor
  66. $ vim src/or/transports.c
  67.  
  68. > find the "router_get_advertised_or_port(options)" expression (it should be located at line 1122) and replace it with "9001"
  69. > if your ORListenAddress is set to 0.0.0.0:SOMETHING in your /etc/tor/torrc, replace "9001" with "SOMETHING"
  70.  
  71. > and now we build our modified tor
  72. $ sh autogen.sh
  73. $ ./configure --disable-asciidoc
  74. $ make
  75.  
  76. > be sure to remove every old tor component from the system before we install our modified one in its place
  77. $ cat /usr/share/tor/tor-service-defaults-torrc
  78.  
  79. > put everything this command outputs at the end of your /etc/tor/torrc file.
  80. (It would be wise to write a comment like "#this is from /usr/share/tor/tor-service-defaults-torrc" before those lines to know where they are from, and remember to remove them when you use the apt-get provided tor package again.)
  81.  
  82. $ sudo apt-get remove tor
  83.  
  84. $ sudo make install
  85.  
  86.  
  87.  
  88. -3 launch tor with obfsproxy
  89. -------------------------
  90.  
  91.  
  92. > IF https://trac.torproject.org/projects/tor/ticket/5104 IS NOT FIXED AND YOU HAD TO RECOMPILE TOR
  93. $ sudo tor -f /etc/tor/torrc
  94.  
  95.  
  96. > if you didn't mess with Tor and still use the one provided by apt-get, simply use
  97. $ sudo /etc/init.d/tor restart
  98.  
  99.  
  100. > see /var/log/tor/log or arm's output and look for both lines :
  101.  
  102. 18:44:55 [WARN] Registered server transport 'obfs2' at '0.0.0.0:<PORT>'
  103. 18:44:55 [NOTICE] Guessed our IP address as <IP> (source: <SOMETHING>).
  104.  
  105. Your bridge should be reachable at <IP>:<PORT>
  106.  
  107.  
  108. -4 configure amazon's firewall to forward the right port
  109. --------------------------------------------------------
  110.  
  111. > go to your EC2 dashboard via the amazon web interface
  112. https://console.aws.amazon.com/ec2/login!doAuthenticate#s=SignUp
  113.  
  114. > on the left menu, click on "Security Groups"
  115. > click on "tor-cloud-servers"
  116.  
  117. > on the frame at the bottom of the screen, click on the tab called "Inbound"
  118. > under "Custom TPC rule" on the "port range" line, write the port number of your obfsproxy instance (<PORT> on the section -3)
  119. > click on the "Add Rule" button
  120. > click on the "Apply rule change" button.
  121.  
  122. Do this every time your obfsproxy port changes.
  123.  
  124.  
  125. -4 test if your bridge is reachable through obfsproxy
  126. -----------------------------------------------------
  127.  
  128. > get obfsproxy's Tor Browser Bundle here
  129. https://www.torproject.org/projects/obfsproxy
  130.  
  131. > extract the content, and remove every
  132. bridge obfs2 <IP>:<PORT>
  133.  
  134. > entry already present on your data/tor/torrc file
  135.  
  136. > write one and only one line with the <IP>:<PORT> of YOUR obfsproxy bridge (see section 3-)
  137. bridge obfs2 <IP>:<PORT>
  138.  
  139.  
  140. > launch the bundle, vidalia should stard and try to connect to the tor network through your obfsproxy bridge. If it succeeds and the browser launches and works as it should, your obfsproxy bridge works. If vidalia's connection to the tor network stalls, something is wrong.
  141.  
  142.  
  143.  
  144.  
  145. IMPORTANT NOTES
  146. _______________
  147.  
  148.  
  149. This is not a definitive howto.
  150. This is an explanation on how to set up an obfsproxy bridge on torcloud images RIGHT NOW, immediately.
  151. As the time of writing this, there is no stable obfsproxy package in ubuntu's repos, and bug #5104 is not fixed.
  152. This means that you have to build obfsproxy manually, and maybe even tor (to workaround bug #5104). Thus neither obfsproxy nor tor softwares will be able to upgrade themselves via apt-get.
  153.  
  154. If you go down that road, be sure to do so manually and regularly, as it's very important that you bridge runs the lastest version of both obfsproxy and tor software.
  155.  
  156.  
  157. If when you read this obfsproxy is available through apt-get on torcloud images and bug #5104 is fixed in tor, please avoind building anything manually and use apt-get install instead.
  158.  
  159.  
  160.  
  161. If you have any question, or problem, come to irc.oftc.net/6667 channel #tor and ask for help.
Advertisement
RAW Paste Data Copied
Advertisement