Switch obfsproxy setup instructions to install the Python version.
George Kadianakis

George Kadianakis commited on 2013-04-12 18:42:35
Zeige 3 geänderte Dateien mit 124 Einfügungen und 109 Löschungen.

... ...
@@ -19,7 +19,19 @@
19 19
     <img src="$(IMGROOT)/obfsproxy_diagram.png" alt="obfsproxy diagram"></a>
20 20
 
21 21
     <p>
22
-    This guide will help you set up an obfuscated bridge on a Debian/Ubuntu system.
22
+    <img width="7%" height="7%" style="float: left;" src="$(IMGROOT)/icon-Obfsproxy.jpg">
23
+    <b> Hey! </b>
24
+    If you are <b>not</b> using Debian or Ubuntu, you better look
25
+    <a href="../projects/obfsproxy-instructions.html.en">at this other guide</a>
26
+    which sets up Obfsproxy from source.
27
+    </p>
28
+    <br><br>
29
+
30
+
31
+    <p>
32
+      This is a <b>Debian/Ubuntu</b> guide for installing the Python
33
+      version of obfsproxy. If you still have the C version, we
34
+      recommend you to upgrade to the Python version!
23 35
     </p>
24 36
 
25 37
     <h3>Step 0: Move to the development version of Tor</h3>
... ...
@@ -27,27 +39,18 @@
27 39
 
28 40
     <p>
29 41
     Add the <a href="<page docs/debian>#development">development Tor
30
-    APT repository</a> and run the specified commands to install tor
31
-    and deb.torproject.org-keyring. You need Tor 0.2.4.x because
42
+    APT repository</a> and run the specified commands to install <code>tor</code>
43
+    and <code>deb.torproject.org-keyring</code>. You need <em>Tor 0.2.4.x</em> because
32 44
     it knows how to automatically report your obfsproxy address to <a
33 45
     href="https://bridges.torproject.org/?transport=obfs2">BridgeDB</a>.
34 46
     </p>
35 47
 
36 48
     <h3>Step 1: Install obfsproxy</h3>
37
-    <br>
38 49
 
39 50
     <pre style="margin: 1.5em 0 1.5em 2em">
40 51
 \# apt-get install obfsproxy
41 52
     </pre>
42 53
 
43
-    <p>
44
-    Obfsproxy requires libevent2. If your distribution
45
-    (e.g. Debian squeeze) doesn't include it,
46
-    you can get the libevent-2.0 package from the <a
47
-    href="http://backports-master.debian.org/Instructions/">backports</a>
48
-    repository.
49
-    </p>
50
-
51 54
     <h3>Step 2: Configure Tor</h3>
52 55
     <br>
53 56
 
... ...
@@ -66,7 +69,7 @@ Exitpolicy reject *:*
66 69
 \## CHANGEME_2 -> provide some email address so we can contact you if there's a problem
67 70
 \#ContactInfo CHANGEME_2
68 71
 
69
-ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed
72
+ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
70 73
     </pre>
71 74
 
72 75
     <p>
... ...
@@ -82,7 +85,7 @@ ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed
82 85
     </p>
83 86
 
84 87
     <pre style="margin: 1.5em 0 1.5em 2em">
85
-service tor restart
88
+\# service tor restart
86 89
     </pre>
87 90
 
88 91
     <p>
... ...
@@ -110,22 +113,24 @@ Nov 05 16:40:48.000 [notice] Bootstrapped 100%: Done.
110 113
     <p>
111 114
     If you're behind a NAT/firewall, you'll need to make your bridge
112 115
     reachable from the outside world &mdash; both on the ORPort and
113
-    the obfsproxy port. The ORPort is whatever you defined in step two
114
-    above. To find your obfsproxy port, check your Tor logs for a line
116
+    the obfsproxy ports. The ORPort is whatever you defined in step two
117
+    above. To find your obfsproxy ports, check your Tor logs for a line
115 118
     similar to this one:
116 119
     </p>
117 120
 
118 121
     <pre style="margin: 1.5em 0 1.5em 2em">
119 122
 Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821
123
+Oct 05 20:00:41.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:42000
120 124
     </pre>
121 125
 
122 126
     <p>
123
-    The last number, in this case <i>26821</i>, is the TCP port number
124
-    that you need to forward through your firewall. (This port is randomly
125
-    chosen the first time Tor starts, but Tor will cache and reuse the
126
-    same number in future runs.) If you want to change the number, use
127
-    Tor 0.2.4.7-alpha or later, and set "ServerTransportListenAddr obfs2
128
-    0.0.0.0:26821" in your torrc.
127
+    The last number in each line, in this case <i>26821</i> and
128
+    <i>42000</i>, is the TCP port number that you need to forward
129
+    through your firewall. (The ports are randomly chosen the first
130
+    time Tor starts, but Tor will cache and reuse the same number in
131
+    future runs.) If you want to change the number, use Tor
132
+    0.2.4.7-alpha or later, and set something similar to
133
+    "ServerTransportListenAddr obfs2 0.0.0.0:26821" in your torrc.
129 134
     </p>
130 135
 
131 136
   </div>
... ...
@@ -19,141 +19,145 @@
19 19
     <img src="$(IMGROOT)/obfsproxy_diagram.png" alt="client torrc"></a>
20 20
 
21 21
       <p>
22
-    <img width="7%" height="7%" style="float: left;" src="$(IMGROOT)/icon-Obfsproxy.jpg">
23
-    <b> Hey! </b>
24
-    Are you looking for the guide on how to set up an obfuscated
25
-    bridge on a Debian system?
26
-    <a href="../projects/obfsproxy-debian-instructions.html.en">Check
27
-    this out</a>.
22
+        This is a guide for installing the Python version of obfsproxy. If
23
+        you still have the C version, we recommend you to upgrade to the
24
+        Python version!
28 25
       </p>
29
-    <br><br>
30 26
 
31
-    <h3>Step 1: Install dependencies, obfsproxy, and Tor</h3>
27
+    <h3>Step 0: Install dependencies</h3>
32 28
     <br>
33 29
 
34 30
     <p>
35
-    You will need a C compiler (<em>gcc</em>), the <em>autoconf</em>
36
-    and <em>autotools</em> build system, the <em>git</em> revision
37
-    control system, <em>pkg-config</em> and <em>libtool</em>,
38
-    <em>libevent-2</em> and its headers, and the development headers of
39
-    <em>OpenSSL</em>.
40
-     </p>
41
-
31
+      To setup obfsproxy you will need <code>git</code>, <code>Python</code>
32
+      (>= 2.7), <code>Twisted</code> and some common Python modules
33
+      (<code>setuptools</code>, <code>argparse</code> and <code>PyCrypto</code>)
34
+      . If you use Debian testing (or unstable), or a version of
35
+      Ubuntu newer than Oneiric, this is easy:
42 36
     <p>
43
-    On Debian testing or Ubuntu oneiric, you could do: <br>
44
-    <tt># apt-get install autoconf autotools-dev gcc git pkg-config libtool libevent-2.0-5 libevent-dev libevent-openssl-2.0-5 libssl-dev</tt>
45
-    </p>
37
+
38
+    <tt># apt-get install git python2.7 python-setuptools python-crypto python-twisted python-argparse</tt>
46 39
 
47 40
     <p>
48
-    If you're on a more stable Linux, you can either <a
49
-    href="https://trac.torproject.org/projects/tor/ticket/5009#comment:9">try
50
-    our experimental backport libevent2 debs</a> or <a
51
-    href="https://trac.torproject.org/projects/tor/ticket/5009#comment:17">build
52
-    libevent2 from source</a>.
41
+      You will also need a recent version of Tor (>= 0.2.4.1). We recommend you use
42
+      <a href="<page docs/debian>#development">Tor's experimental repositories for Debian/Ubuntu</a>
43
+      or
44
+      <a href="https://gitweb.torproject.org/tor.git">install Tor from git</a>.
53 45
     </p>
54 46
 
55
-    <p>
56
-    Clone obfsproxy from its git repository:<br>
57
-    <tt>$ git clone https://git.torproject.org/obfsproxy.git</tt> <br>
47
+    <h3>Step 1: Install pyptlib</h3>
48
+    <br>
58 49
 
59
-    The above command should create and populate a directory named
60
-    'obfsproxy' in your current directory.
50
+    <p>
51
+      You will also need pyptlib, a small library developed by the Tor
52
+      Project for writing pluggable transports.
61 53
     </p>
62 54
 
55
+    <tt>$ git clone https://git.torproject.org/pluggable-transports/pyptlib.git</tt><br>
56
+    <tt>$ cd pyptlib && python setup.py install</tt><br><br>
57
+
63 58
     <p>
64
-    Compile obfsproxy: <br>
65
-    <tt>$ cd obfsproxy</tt> <br>
66
-    <tt>$ ./autogen.sh && ./configure && make</tt> <br>
59
+      You might need to run the <em>python setup.py install</em>
60
+      command as root. If you don't want to run it as root, you can
61
+      use <em>python setup.py install --user</em> which will install pyptlib
62
+      just for the current user.
67 63
     </p>
68 64
 
65
+    <h3>Step 2: Install and test obfsproxy</h3>
66
+    <br>
67
+
69 68
     <p>
70
-    Optionally, <strong>as root</strong> install obfsproxy in your
71
-    system: <br>
72
-    <tt># make install</tt>
69
+      Now it's time to fetch obfsproxy and test that it works:
73 70
     </p>
74 71
 
72
+    <tt>$ git clone https://git.torproject.org/pluggable-transports/obfsproxy.git</tt><br>
73
+    <tt>$ cd obfsproxy</tt><br>
74
+    <tt>$ python obfsproxy/test/tester.py</tt><br><br>
75
+
75 76
     <p>
76
-    If you prefer not to install obfsproxy as root, you can instead
77
-    just modify the Transport lines in your torrc file (explained below)
78
-    to point to your obfsproxy binary.
77
+      If you got a message reporting that all tests finished successfully,
78
+      then obfsproxy works for you. Time to run the setup.py script so that
79
+      obfsproxy gets installed in your system:
79 80
     </p>
80 81
 
82
+    <tt># python setup.py install</tt><br><br>
83
+
81 84
     <p>
82
-    You will need Tor 0.2.3.11-alpha or later.
85
+    You will probably want to run the setup.py script as root so that obfsproxy gets installed in /usr/local/bin.
83 86
     </p>
84 87
 
85
-    <hr>
86
-
87
-    <h3 id="client_instructions">Step 2a: If you're the client...</h3>
88
+    <h3>Step 3: Setup tor</h3>
88 89
     <br>
89 90
 
90 91
       <p>
91
-    First, you need to learn the address of a bridge that supports
92
-    obfsproxy. If you don't know any, try asking a friend to set one
93
-    up for you. Then the appropriate lines to your <a href="<page
94
-    docs/faq>#torrc">tor configuration file</a>:
92
+        Edit your /etc/tor/torrc to add:
95 93
       </p>
96 94
 
97 95
       <p>
98
-    <tt>UseBridges 1</tt> <br>
99
-    <tt>Bridge obfs2 128.31.0.34:1051</tt> <br>
100
-    <tt>ClientTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed</tt>
101
-    </p>
96
+        <tt>SocksPort 0</tt><br>
97
+        <tt>ORPort 443 # or some other port if you already run a webserver/skype</tt><br>
98
+        <tt>BridgeRelay 1</tt><br>
99
+        <tt>Exitpolicy reject *:*</tt><br><br>
102 100
 
103
-    <p>
104
-    Don't forget to replace <em>128.31.0.34:1051</em> with the IP address
105
-    and port that the bridge's obfsproxy is listening on.
106
-    </p>
101
+        <tt>## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like</tt><br>
102
+        <tt>#Nickname CHANGEME_1</tt><br>
103
+        <tt>## CHANGEME_2 -> provide some email address so we can contact you if there's a problem</tt><br>
104
+        <tt>#ContactInfo CHANGEME_2</tt><br><br>
107 105
 
108
-    <p> <br>
109
-    <img src="$(IMGROOT)/sidenav-arrow.png">
110
-    <strong>Congratulations!</strong> Your traffic should now be
111
-    obfuscated by obfsproxy. You are done! You can now start using Tor.
106
+        <tt>ServerTransportPlugin obfs2,obfs3 exec /usr/local/bin/obfsproxy managed</tt><br>
112 107
       </p>
113 108
 
114
-    <br> <br> <br> <br>
115
-
116
-    <hr>
117
-
118
-    <br> <br> <br> <br>
109
+      <p>
110
+        Don't forget to uncomment and edit the CHANGEME fields. Also,
111
+        if you didn't install obfsproxy as root, you might have to
112
+        change its path.
113
+      </p>
119 114
 
120
-    <h3 id="bridge_instructions">Step 2b: If you're the bridge...</h3>
115
+      <h3>Step 4: Launch Tor and verify that it bootstraps</h3>
121 116
       <br>
122 117
 
123 118
       <p>
124
-    Configure your Tor to <a href="<page docs/bridges>#RunningABridge">be
125
-    a bridge</a> (e.g. by setting "ORPort 9001" and "BridgeRelay 1"). Then
126
-    add this new line to your <a href="<page docs/faq>#torrc">tor
127
-    configuration file</a>:
119
+        Restart Tor to use the new configuration file. (Preface with sudo if
120
+        needed.)
128 121
       </p>
129 122
 
123
+      <tt># service tor restart</tt><br><br>
124
+
130 125
       <p>
131
-    <tt>ServerTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed</tt>
126
+        Now check /var/log/tor/log and you should see something like this:
132 127
       </p>
133 128
 
134
-    <p>
135
-    Launch Tor using this configuration file. You can do this by using
136
-    your favorite init script, or by pointing the Tor binary to the
137
-    torrc file:
138
-    <p>
129
+      <tt>Nov 05 16:40:45.000 [notice] We now have enough directory information to build circuits.</tt><br>
130
+      <tt>Nov 05 16:40:45.000 [notice] Bootstrapped 80%: Connecting to the Tor network.</tt><br>
131
+      <tt>Nov 05 16:40:46.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.</tt><br>
132
+      <tt>Nov 05 16:40:46.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.</tt><br>
133
+      <tt>Nov 05 16:40:48.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.</tt><br>
134
+      <tt>Nov 05 16:40:48.000 [notice] Bootstrapped 100%: Done.</tt><br><br>
139 135
 
140 136
       <p>
141
-    <img src="$(IMGROOT)/obfs-spawn_tor_bridge.png" alt="spawn tor" height="117" width="879"></a>
137
+        If Tor is earlier in the bootstrapping phase, wait until it gets to 100%.
142 138
       </p>
143 139
 
144
-    <p>
145
-    Next, find the TCP port opened by obfsproxy. Look in your log file
146
-    for a line similar to this one: <br>
147
-    <img src="$(IMGROOT)/obfs-log_checking.png" alt="bridge torrc" width="437" height="14"></a>
140
+      <h2>Step 5: Set up port forwarding if needed</h2>
148 141
       <br>
149
-    The last number, in this case <em>34545</em>, is the TCP port
150
-    number that your clients should point their obfsproxy to.
142
+
143
+      <p>
144
+        If you're behind a NAT/firewall, you'll need to make your bridge
145
+        reachable from the outside world — both on the ORPort and the
146
+        obfsproxy port. The ORPort is whatever you defined in step two
147
+        above. To find your obfsproxy port, check your Tor logs for two
148
+        lines similar to these:
151 149
       </p>
152 150
 
151
+      <tt>Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821</tt><br>
152
+      <tt>Oct 05 20:00:42.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:40172</tt><br><br>
153
+
153 154
       <p>
154
-    <img src="$(IMGROOT)/sidenav-arrow.png">
155
-    <strong>Congratulations!</strong> Tell your clients to point their
156
-    obfsproxy to your IP address and to port <em>34545</em>.
155
+        The last number in each line, in this case 26821 and 40172, are the
156
+        TCP port numbers that you need to forward through your
157
+        firewall. (This port is randomly chosen the first time Tor starts,
158
+        but Tor will cache and reuse the same number in future runs.) If you
159
+        want to change the number, use Tor 0.2.4.7-alpha or later, and set
160
+        "ServerTransportListenAddr obfs2 0.0.0.0:26821" in your torrc.
157 161
       </p>
158 162
 
159 163
     <br>
... ...
@@ -91,12 +91,18 @@
91 91
 
92 92
     <h2><a class="anchor" href="#instructions">Installation Instructions</a></h2>
93 93
 
94
-   <p>To set up an obfsproxy bridge, or to build
95
-   it from source, see the separate <a href="<page
96
-   projects/obfsproxy-instructions>#instructions">Obfsproxy Installation
97
-   Instructions</a> page.
94
+   <p>
95
+   To set up an obfsproxy bridge on a Debian/Ubuntu machine, see the separate
96
+   <a href="<page projects/obfsproxy-debian-instructions>#instructions">Obfsproxy Debian/Ubuntu Installation Instructions</a>
97
+   page.
98
+   </p>
99
+   <p>
100
+   To set up obfsproxy from source, see the separate
101
+   <a href="<page projects/obfsproxy-instructions>#instructions">Obfsproxy Installation Instructions</a>
102
+   page.
98 103
  </p>
99 104
 
105
+
100 106
   </div>
101 107
   <!-- END MAINCOL -->
102 108
   <div id = "sidecol">
103 109