make the obfsproxy bridge debian instructions more likely to work
Roger Dingledine

Roger Dingledine commited on 2012-11-09 21:28:18
Zeige 1 geänderte Dateien mit 34 Einfügungen und 45 Löschungen.

... ...
@@ -2,7 +2,7 @@
2 2
 # Revision: $Revision$
3 3
 # Translation-Priority: 4-optional
4 4
 
5
-#include "head.wmi" TITLE="obfsproxy: Installation instructions" CHARSET="UTF-8"
5
+#include "head.wmi" TITLE="obfsproxy: Setting up an Obfsproxy Bridge on Debian/Ubuntu" CHARSET="UTF-8"
6 6
 
7 7
 <div id="content" class="clearfix">
8 8
   <div id="breadcrumbs">
... ...
@@ -14,7 +14,7 @@
14 14
 
15 15
     <!-- PUT CONTENT AFTER THIS TAG -->
16 16
 
17
-    <h1 id="instructions">Obfsproxy Bridge Instructions on Debian/Ubuntu</h1>
17
+    <h1 id="instructions">Setting up an Obfsproxy Bridge on Debian/Ubuntu</h1>
18 18
 
19 19
     <img src="$(IMGROOT)/obfsproxy_diagram.png" alt="obfsproxy diagram"></a>
20 20
 
... ...
@@ -22,57 +22,47 @@
22 22
     This guide will help you set up an obfuscated bridge on a Debian/Ubuntu system.
23 23
     </p>
24 24
 
25
-    <h3>Step 0: Add Tor repositories to APT</h3>
25
+    <h3>Step 0: Move to the development version of Tor</h3>
26 26
     <br>
27 27
 
28 28
     <p>
29
-    You need
30
-    to <a href="https://www.torproject.org/docs/debian#development">install
31
-    the experimental official Tor Project APT repositories</a>,
32
-    because a fresh version of Tor (0.2.4.x) is required (Older
33
-    versions of Tor don't report their bridge addresses to BridgeDB).
29
+    Add the <a href="<page docs/debian>#development">development Tor
30
+    APT repository</a> and run the specified commands to install tor
31
+    and deb.torproject.org-keyring. You need Tor 0.2.4.x Tor because
32
+    it knows how to automatically report your obfsproxy address to <a
33
+    href="https://bridges.torproject.org/?transport=obfs2">BridgeDB</a>.
34 34
     </p>
35 35
 
36
-    <h3>Step 1: Install Tor and obfsproxy</h3>
36
+    <h3>Step 1: Install obfsproxy</h3>
37 37
     <br>
38 38
 
39
-    <p>
40
-    Now install tor and obfsproxy:
41
-    </p>
42
-
43 39
     <pre style="margin: 1.5em 0 1.5em 2em">
44
-\# apt-get update
45
-\# apt-get install obfsproxy tor
40
+\# apt-get install obfsproxy
46 41
     </pre>
47 42
 
48 43
     <p>
49
-      Note that obfsproxy requires
50
-    libevent2 and your distribution (e.g. Debian stable) might not
51
-    have it in its repos.  You can
52
-    <a href="https://trac.torproject.org/projects/tor/ticket/5009#comment:9">try
53
-    our experimental backport libevent2 debs</a>,
54
-    or <a href="https://trac.torproject.org/projects/tor/ticket/5009#comment:17">build
55
-    libevent2 from source</a>.
44
+    Obfsproxy requires libevent2. If your distribution (e.g. Debian
45
+    squeeze) doesn't include it, you can get it from the <a
46
+    href="http://packages.debian.org/search?keywords=libevent-2.0-5">backports</a>
47
+    repository.
56 48
     </p>
57 49
 
58
-    <h3>Step 2: Set up Tor</h3>
50
+    <h3>Step 2: Configure Tor</h3>
59 51
     <br>
60 52
 
61 53
     <p>
62
-    You will need an appropriate
63
-    Tor <a href="<page docs/faq>#torrc">configuration file</a>
64
-    (usually at <i>/etc/tor/torrc</i>):
54
+    Edit your <i>/etc/tor/torrc</i> to add:
65 55
     </p>
66 56
 
67 57
     <pre style="margin: 1.5em 0 1.5em 2em">
68 58
 SocksPort 0
69
-ORPort auto
59
+ORPort 443 # or some other port if you already run a webserver/skype
70 60
 BridgeRelay 1
71 61
 Exitpolicy reject *:*
72 62
 
73
-\## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like.
63
+\## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like
74 64
 Nickname CHANGEME_1
75
-\## CHANGEME_2 -> If you want others to be able to contact you uncomment this line and put your GPG fingerprint for example.
65
+\## CHANGEME_2 -> provide some email address so we can contact you if there's a problem
76 66
 \#ContactInfo CHANGEME_2
77 67
 
78 68
 ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed
... ...
@@ -82,11 +72,12 @@ ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed
82 72
     Don't forget to edit the <i>CHANGEME</i> fields!
83 73
     </p>
84 74
 
85
-    <h3>Step 3: Launch Tor and verify that it works</h3>
75
+    <h3>Step 3: Launch Tor and verify that it bootstraps</h3>
86 76
     <br>
87 77
 
88 78
     <p>
89
-    Restart Tor for the the new configuration file to be in effect:
79
+    Restart Tor to use the new configuration file.
80
+    (Preface with sudo if needed.)
90 81
     </p>
91 82
 
92 83
     <pre style="margin: 1.5em 0 1.5em 2em">
... ...
@@ -112,10 +103,16 @@ Nov 05 16:40:48.000 [notice] Bootstrapped 100%: Done.
112 103
     100%.
113 104
     </p>
114 105
 
106
+    <h3>Step 4: Set up port forwarding if needed</h3>
107
+    <br>
108
+
115 109
     <p>
116
-    Now you need to find the address on which obfsproxy is
117
-    listening. To do this, check your Tor logs for a line similar to
118
-    this one:
110
+    If you're behind a NAT/firewall, you'll need to make your bridge
111
+    reachable from the outside world &mdash; both on the ORPort and
112
+    the obfsproxy port. The ORPort is whatever you defined in step two
113
+    above. To find your obfsproxy port, check your Tor logs for a line
114
+    similar to this one:
115
+    </p>
119 116
 
120 117
     <pre style="margin: 1.5em 0 1.5em 2em">
121 118
 Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821
... ...
@@ -123,17 +120,9 @@ Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:268
123 120
 
124 121
     <p>
125 122
     The last number, in this case <i>26821</i>, is the TCP port number
126
-    that your clients should point their obfsproxy to. So for example,
127
-    if your public IP is 1.2.3.4, your clients should put <i>Bridge
128
-    obfs2 1.2.3.4:26821</i> in their configuration file.
129
-    </pre>
130
-    </p>
131
-
132
-    <p>
133
-    <img width="7%" height="7%" style="float: left;" src="$(IMGROOT)/icon-Obfsproxy.jpg">
134
-    <b>Don't forget!</b> If you are behind a NAT, you should <b>port
135
-    forward</b> the port that obfsproxy is listening on. In the
136
-    example above you would have to forward port <i>26821</i>.
123
+    that you need to forward through your firewall. (This port is randomly
124
+    chosen the first time Tor starts, but Tor will cache and reuse the
125
+    same number in future runs.)
137 126
     </p>
138 127
 
139 128
   </div>
140 129