George Kadianakis commited on 2013-04-12 18:42:35
Zeige 3 geänderte Dateien mit 124 Einfügungen und 109 Löschungen.
... | ... |
@@ -19,7 +19,19 @@ |
19 | 19 |
<img src="$(IMGROOT)/obfsproxy_diagram.png" alt="obfsproxy diagram"></a> |
20 | 20 |
|
21 | 21 |
<p> |
22 |
- This guide will help you set up an obfuscated bridge on a Debian/Ubuntu system. |
|
22 |
+ <img width="7%" height="7%" style="float: left;" src="$(IMGROOT)/icon-Obfsproxy.jpg"> |
|
23 |
+ <b> Hey! </b> |
|
24 |
+ If you are <b>not</b> using Debian or Ubuntu, you better look |
|
25 |
+ <a href="../projects/obfsproxy-instructions.html.en">at this other guide</a> |
|
26 |
+ which sets up Obfsproxy from source. |
|
27 |
+ </p> |
|
28 |
+ <br><br> |
|
29 |
+ |
|
30 |
+ |
|
31 |
+ <p> |
|
32 |
+ This is a <b>Debian/Ubuntu</b> guide for installing the Python |
|
33 |
+ version of obfsproxy. If you still have the C version, we |
|
34 |
+ recommend you to upgrade to the Python version! |
|
23 | 35 |
</p> |
24 | 36 |
|
25 | 37 |
<h3>Step 0: Move to the development version of Tor</h3> |
... | ... |
@@ -27,27 +39,18 @@ |
27 | 39 |
|
28 | 40 |
<p> |
29 | 41 |
Add the <a href="<page docs/debian>#development">development Tor |
30 |
- APT repository</a> and run the specified commands to install tor |
|
31 |
- and deb.torproject.org-keyring. You need Tor 0.2.4.x because |
|
42 |
+ APT repository</a> and run the specified commands to install <code>tor</code> |
|
43 |
+ and <code>deb.torproject.org-keyring</code>. You need <em>Tor 0.2.4.x</em> because |
|
32 | 44 |
it knows how to automatically report your obfsproxy address to <a |
33 | 45 |
href="https://bridges.torproject.org/?transport=obfs2">BridgeDB</a>. |
34 | 46 |
</p> |
35 | 47 |
|
36 | 48 |
<h3>Step 1: Install obfsproxy</h3> |
37 |
- <br> |
|
38 | 49 |
|
39 | 50 |
<pre style="margin: 1.5em 0 1.5em 2em"> |
40 | 51 |
\# apt-get install obfsproxy |
41 | 52 |
</pre> |
42 | 53 |
|
43 |
- <p> |
|
44 |
- Obfsproxy requires libevent2. If your distribution |
|
45 |
- (e.g. Debian squeeze) doesn't include it, |
|
46 |
- you can get the libevent-2.0 package from the <a |
|
47 |
- href="http://backports-master.debian.org/Instructions/">backports</a> |
|
48 |
- repository. |
|
49 |
- </p> |
|
50 |
- |
|
51 | 54 |
<h3>Step 2: Configure Tor</h3> |
52 | 55 |
<br> |
53 | 56 |
|
... | ... |
@@ -66,7 +69,7 @@ Exitpolicy reject *:* |
66 | 69 |
\## CHANGEME_2 -> provide some email address so we can contact you if there's a problem |
67 | 70 |
\#ContactInfo CHANGEME_2 |
68 | 71 |
|
69 |
-ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed |
|
72 |
+ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed |
|
70 | 73 |
</pre> |
71 | 74 |
|
72 | 75 |
<p> |
... | ... |
@@ -82,7 +85,7 @@ ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed |
82 | 85 |
</p> |
83 | 86 |
|
84 | 87 |
<pre style="margin: 1.5em 0 1.5em 2em"> |
85 |
-service tor restart |
|
88 |
+\# service tor restart |
|
86 | 89 |
</pre> |
87 | 90 |
|
88 | 91 |
<p> |
... | ... |
@@ -110,22 +113,24 @@ Nov 05 16:40:48.000 [notice] Bootstrapped 100%: Done. |
110 | 113 |
<p> |
111 | 114 |
If you're behind a NAT/firewall, you'll need to make your bridge |
112 | 115 |
reachable from the outside world — both on the ORPort and |
113 |
- the obfsproxy port. The ORPort is whatever you defined in step two |
|
114 |
- above. To find your obfsproxy port, check your Tor logs for a line |
|
116 |
+ the obfsproxy ports. The ORPort is whatever you defined in step two |
|
117 |
+ above. To find your obfsproxy ports, check your Tor logs for a line |
|
115 | 118 |
similar to this one: |
116 | 119 |
</p> |
117 | 120 |
|
118 | 121 |
<pre style="margin: 1.5em 0 1.5em 2em"> |
119 | 122 |
Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821 |
123 |
+Oct 05 20:00:41.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:42000 |
|
120 | 124 |
</pre> |
121 | 125 |
|
122 | 126 |
<p> |
123 |
- The last number, in this case <i>26821</i>, is the TCP port number |
|
124 |
- that you need to forward through your firewall. (This port is randomly |
|
125 |
- chosen the first time Tor starts, but Tor will cache and reuse the |
|
126 |
- same number in future runs.) If you want to change the number, use |
|
127 |
- Tor 0.2.4.7-alpha or later, and set "ServerTransportListenAddr obfs2 |
|
128 |
- 0.0.0.0:26821" in your torrc. |
|
127 |
+ The last number in each line, in this case <i>26821</i> and |
|
128 |
+ <i>42000</i>, is the TCP port number that you need to forward |
|
129 |
+ through your firewall. (The ports are randomly chosen the first |
|
130 |
+ time Tor starts, but Tor will cache and reuse the same number in |
|
131 |
+ future runs.) If you want to change the number, use Tor |
|
132 |
+ 0.2.4.7-alpha or later, and set something similar to |
|
133 |
+ "ServerTransportListenAddr obfs2 0.0.0.0:26821" in your torrc. |
|
129 | 134 |
</p> |
130 | 135 |
|
131 | 136 |
</div> |
... | ... |
@@ -19,141 +19,145 @@ |
19 | 19 |
<img src="$(IMGROOT)/obfsproxy_diagram.png" alt="client torrc"></a> |
20 | 20 |
|
21 | 21 |
<p> |
22 |
- <img width="7%" height="7%" style="float: left;" src="$(IMGROOT)/icon-Obfsproxy.jpg"> |
|
23 |
- <b> Hey! </b> |
|
24 |
- Are you looking for the guide on how to set up an obfuscated |
|
25 |
- bridge on a Debian system? |
|
26 |
- <a href="../projects/obfsproxy-debian-instructions.html.en">Check |
|
27 |
- this out</a>. |
|
22 |
+ This is a guide for installing the Python version of obfsproxy. If |
|
23 |
+ you still have the C version, we recommend you to upgrade to the |
|
24 |
+ Python version! |
|
28 | 25 |
</p> |
29 |
- <br><br> |
|
30 | 26 |
|
31 |
- <h3>Step 1: Install dependencies, obfsproxy, and Tor</h3> |
|
27 |
+ <h3>Step 0: Install dependencies</h3> |
|
32 | 28 |
<br> |
33 | 29 |
|
34 | 30 |
<p> |
35 |
- You will need a C compiler (<em>gcc</em>), the <em>autoconf</em> |
|
36 |
- and <em>autotools</em> build system, the <em>git</em> revision |
|
37 |
- control system, <em>pkg-config</em> and <em>libtool</em>, |
|
38 |
- <em>libevent-2</em> and its headers, and the development headers of |
|
39 |
- <em>OpenSSL</em>. |
|
40 |
- </p> |
|
41 |
- |
|
31 |
+ To setup obfsproxy you will need <code>git</code>, <code>Python</code> |
|
32 |
+ (>= 2.7), <code>Twisted</code> and some common Python modules |
|
33 |
+ (<code>setuptools</code>, <code>argparse</code> and <code>PyCrypto</code>) |
|
34 |
+ . If you use Debian testing (or unstable), or a version of |
|
35 |
+ Ubuntu newer than Oneiric, this is easy: |
|
42 | 36 |
<p> |
43 |
- On Debian testing or Ubuntu oneiric, you could do: <br> |
|
44 |
- <tt># apt-get install autoconf autotools-dev gcc git pkg-config libtool libevent-2.0-5 libevent-dev libevent-openssl-2.0-5 libssl-dev</tt> |
|
45 |
- </p> |
|
37 |
+ |
|
38 |
+ <tt># apt-get install git python2.7 python-setuptools python-crypto python-twisted python-argparse</tt> |
|
46 | 39 |
|
47 | 40 |
<p> |
48 |
- If you're on a more stable Linux, you can either <a |
|
49 |
- href="https://trac.torproject.org/projects/tor/ticket/5009#comment:9">try |
|
50 |
- our experimental backport libevent2 debs</a> or <a |
|
51 |
- href="https://trac.torproject.org/projects/tor/ticket/5009#comment:17">build |
|
52 |
- libevent2 from source</a>. |
|
41 |
+ You will also need a recent version of Tor (>= 0.2.4.1). We recommend you use |
|
42 |
+ <a href="<page docs/debian>#development">Tor's experimental repositories for Debian/Ubuntu</a> |
|
43 |
+ or |
|
44 |
+ <a href="https://gitweb.torproject.org/tor.git">install Tor from git</a>. |
|
53 | 45 |
</p> |
54 | 46 |
|
55 |
- <p> |
|
56 |
- Clone obfsproxy from its git repository:<br> |
|
57 |
- <tt>$ git clone https://git.torproject.org/obfsproxy.git</tt> <br> |
|
47 |
+ <h3>Step 1: Install pyptlib</h3> |
|
48 |
+ <br> |
|
58 | 49 |
|
59 |
- The above command should create and populate a directory named |
|
60 |
- 'obfsproxy' in your current directory. |
|
50 |
+ <p> |
|
51 |
+ You will also need pyptlib, a small library developed by the Tor |
|
52 |
+ Project for writing pluggable transports. |
|
61 | 53 |
</p> |
62 | 54 |
|
55 |
+ <tt>$ git clone https://git.torproject.org/pluggable-transports/pyptlib.git</tt><br> |
|
56 |
+ <tt>$ cd pyptlib && python setup.py install</tt><br><br> |
|
57 |
+ |
|
63 | 58 |
<p> |
64 |
- Compile obfsproxy: <br> |
|
65 |
- <tt>$ cd obfsproxy</tt> <br> |
|
66 |
- <tt>$ ./autogen.sh && ./configure && make</tt> <br> |
|
59 |
+ You might need to run the <em>python setup.py install</em> |
|
60 |
+ command as root. If you don't want to run it as root, you can |
|
61 |
+ use <em>python setup.py install --user</em> which will install pyptlib |
|
62 |
+ just for the current user. |
|
67 | 63 |
</p> |
68 | 64 |
|
65 |
+ <h3>Step 2: Install and test obfsproxy</h3> |
|
66 |
+ <br> |
|
67 |
+ |
|
69 | 68 |
<p> |
70 |
- Optionally, <strong>as root</strong> install obfsproxy in your |
|
71 |
- system: <br> |
|
72 |
- <tt># make install</tt> |
|
69 |
+ Now it's time to fetch obfsproxy and test that it works: |
|
73 | 70 |
</p> |
74 | 71 |
|
72 |
+ <tt>$ git clone https://git.torproject.org/pluggable-transports/obfsproxy.git</tt><br> |
|
73 |
+ <tt>$ cd obfsproxy</tt><br> |
|
74 |
+ <tt>$ python obfsproxy/test/tester.py</tt><br><br> |
|
75 |
+ |
|
75 | 76 |
<p> |
76 |
- If you prefer not to install obfsproxy as root, you can instead |
|
77 |
- just modify the Transport lines in your torrc file (explained below) |
|
78 |
- to point to your obfsproxy binary. |
|
77 |
+ If you got a message reporting that all tests finished successfully, |
|
78 |
+ then obfsproxy works for you. Time to run the setup.py script so that |
|
79 |
+ obfsproxy gets installed in your system: |
|
79 | 80 |
</p> |
80 | 81 |
|
82 |
+ <tt># python setup.py install</tt><br><br> |
|
83 |
+ |
|
81 | 84 |
<p> |
82 |
- You will need Tor 0.2.3.11-alpha or later. |
|
85 |
+ You will probably want to run the setup.py script as root so that obfsproxy gets installed in /usr/local/bin. |
|
83 | 86 |
</p> |
84 | 87 |
|
85 |
- <hr> |
|
86 |
- |
|
87 |
- <h3 id="client_instructions">Step 2a: If you're the client...</h3> |
|
88 |
+ <h3>Step 3: Setup tor</h3> |
|
88 | 89 |
<br> |
89 | 90 |
|
90 | 91 |
<p> |
91 |
- First, you need to learn the address of a bridge that supports |
|
92 |
- obfsproxy. If you don't know any, try asking a friend to set one |
|
93 |
- up for you. Then the appropriate lines to your <a href="<page |
|
94 |
- docs/faq>#torrc">tor configuration file</a>: |
|
92 |
+ Edit your /etc/tor/torrc to add: |
|
95 | 93 |
</p> |
96 | 94 |
|
97 | 95 |
<p> |
98 |
- <tt>UseBridges 1</tt> <br> |
|
99 |
- <tt>Bridge obfs2 128.31.0.34:1051</tt> <br> |
|
100 |
- <tt>ClientTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed</tt> |
|
101 |
- </p> |
|
96 |
+ <tt>SocksPort 0</tt><br> |
|
97 |
+ <tt>ORPort 443 # or some other port if you already run a webserver/skype</tt><br> |
|
98 |
+ <tt>BridgeRelay 1</tt><br> |
|
99 |
+ <tt>Exitpolicy reject *:*</tt><br><br> |
|
102 | 100 |
|
103 |
- <p> |
|
104 |
- Don't forget to replace <em>128.31.0.34:1051</em> with the IP address |
|
105 |
- and port that the bridge's obfsproxy is listening on. |
|
106 |
- </p> |
|
101 |
+ <tt>## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like</tt><br> |
|
102 |
+ <tt>#Nickname CHANGEME_1</tt><br> |
|
103 |
+ <tt>## CHANGEME_2 -> provide some email address so we can contact you if there's a problem</tt><br> |
|
104 |
+ <tt>#ContactInfo CHANGEME_2</tt><br><br> |
|
107 | 105 |
|
108 |
- <p> <br> |
|
109 |
- <img src="$(IMGROOT)/sidenav-arrow.png"> |
|
110 |
- <strong>Congratulations!</strong> Your traffic should now be |
|
111 |
- obfuscated by obfsproxy. You are done! You can now start using Tor. |
|
106 |
+ <tt>ServerTransportPlugin obfs2,obfs3 exec /usr/local/bin/obfsproxy managed</tt><br> |
|
112 | 107 |
</p> |
113 | 108 |
|
114 |
- <br> <br> <br> <br> |
|
115 |
- |
|
116 |
- <hr> |
|
117 |
- |
|
118 |
- <br> <br> <br> <br> |
|
109 |
+ <p> |
|
110 |
+ Don't forget to uncomment and edit the CHANGEME fields. Also, |
|
111 |
+ if you didn't install obfsproxy as root, you might have to |
|
112 |
+ change its path. |
|
113 |
+ </p> |
|
119 | 114 |
|
120 |
- <h3 id="bridge_instructions">Step 2b: If you're the bridge...</h3> |
|
115 |
+ <h3>Step 4: Launch Tor and verify that it bootstraps</h3> |
|
121 | 116 |
<br> |
122 | 117 |
|
123 | 118 |
<p> |
124 |
- Configure your Tor to <a href="<page docs/bridges>#RunningABridge">be |
|
125 |
- a bridge</a> (e.g. by setting "ORPort 9001" and "BridgeRelay 1"). Then |
|
126 |
- add this new line to your <a href="<page docs/faq>#torrc">tor |
|
127 |
- configuration file</a>: |
|
119 |
+ Restart Tor to use the new configuration file. (Preface with sudo if |
|
120 |
+ needed.) |
|
128 | 121 |
</p> |
129 | 122 |
|
123 |
+ <tt># service tor restart</tt><br><br> |
|
124 |
+ |
|
130 | 125 |
<p> |
131 |
- <tt>ServerTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed</tt> |
|
126 |
+ Now check /var/log/tor/log and you should see something like this: |
|
132 | 127 |
</p> |
133 | 128 |
|
134 |
- <p> |
|
135 |
- Launch Tor using this configuration file. You can do this by using |
|
136 |
- your favorite init script, or by pointing the Tor binary to the |
|
137 |
- torrc file: |
|
138 |
- <p> |
|
129 |
+ <tt>Nov 05 16:40:45.000 [notice] We now have enough directory information to build circuits.</tt><br> |
|
130 |
+ <tt>Nov 05 16:40:45.000 [notice] Bootstrapped 80%: Connecting to the Tor network.</tt><br> |
|
131 |
+ <tt>Nov 05 16:40:46.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.</tt><br> |
|
132 |
+ <tt>Nov 05 16:40:46.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.</tt><br> |
|
133 |
+ <tt>Nov 05 16:40:48.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.</tt><br> |
|
134 |
+ <tt>Nov 05 16:40:48.000 [notice] Bootstrapped 100%: Done.</tt><br><br> |
|
139 | 135 |
|
140 | 136 |
<p> |
141 |
- <img src="$(IMGROOT)/obfs-spawn_tor_bridge.png" alt="spawn tor" height="117" width="879"></a> |
|
137 |
+ If Tor is earlier in the bootstrapping phase, wait until it gets to 100%. |
|
142 | 138 |
</p> |
143 | 139 |
|
144 |
- <p> |
|
145 |
- Next, find the TCP port opened by obfsproxy. Look in your log file |
|
146 |
- for a line similar to this one: <br> |
|
147 |
- <img src="$(IMGROOT)/obfs-log_checking.png" alt="bridge torrc" width="437" height="14"></a> |
|
140 |
+ <h2>Step 5: Set up port forwarding if needed</h2> |
|
148 | 141 |
<br> |
149 |
- The last number, in this case <em>34545</em>, is the TCP port |
|
150 |
- number that your clients should point their obfsproxy to. |
|
142 |
+ |
|
143 |
+ <p> |
|
144 |
+ If you're behind a NAT/firewall, you'll need to make your bridge |
|
145 |
+ reachable from the outside world — both on the ORPort and the |
|
146 |
+ obfsproxy port. The ORPort is whatever you defined in step two |
|
147 |
+ above. To find your obfsproxy port, check your Tor logs for two |
|
148 |
+ lines similar to these: |
|
151 | 149 |
</p> |
152 | 150 |
|
151 |
+ <tt>Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821</tt><br> |
|
152 |
+ <tt>Oct 05 20:00:42.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:40172</tt><br><br> |
|
153 |
+ |
|
153 | 154 |
<p> |
154 |
- <img src="$(IMGROOT)/sidenav-arrow.png"> |
|
155 |
- <strong>Congratulations!</strong> Tell your clients to point their |
|
156 |
- obfsproxy to your IP address and to port <em>34545</em>. |
|
155 |
+ The last number in each line, in this case 26821 and 40172, are the |
|
156 |
+ TCP port numbers that you need to forward through your |
|
157 |
+ firewall. (This port is randomly chosen the first time Tor starts, |
|
158 |
+ but Tor will cache and reuse the same number in future runs.) If you |
|
159 |
+ want to change the number, use Tor 0.2.4.7-alpha or later, and set |
|
160 |
+ "ServerTransportListenAddr obfs2 0.0.0.0:26821" in your torrc. |
|
157 | 161 |
</p> |
158 | 162 |
|
159 | 163 |
<br> |
... | ... |
@@ -91,12 +91,18 @@ |
91 | 91 |
|
92 | 92 |
<h2><a class="anchor" href="#instructions">Installation Instructions</a></h2> |
93 | 93 |
|
94 |
- <p>To set up an obfsproxy bridge, or to build |
|
95 |
- it from source, see the separate <a href="<page |
|
96 |
- projects/obfsproxy-instructions>#instructions">Obfsproxy Installation |
|
97 |
- Instructions</a> page. |
|
94 |
+ <p> |
|
95 |
+ To set up an obfsproxy bridge on a Debian/Ubuntu machine, see the separate |
|
96 |
+ <a href="<page projects/obfsproxy-debian-instructions>#instructions">Obfsproxy Debian/Ubuntu Installation Instructions</a> |
|
97 |
+ page. |
|
98 |
+ </p> |
|
99 |
+ <p> |
|
100 |
+ To set up obfsproxy from source, see the separate |
|
101 |
+ <a href="<page projects/obfsproxy-instructions>#instructions">Obfsproxy Installation Instructions</a> |
|
102 |
+ page. |
|
98 | 103 |
</p> |
99 | 104 |
|
105 |
+ |
|
100 | 106 |
</div> |
101 | 107 |
<!-- END MAINCOL --> |
102 | 108 |
<div id = "sidecol"> |
103 | 109 |