fabianfrz
commented
5 years ago If you want to make your instance a bridge, there is already a checkbox in the relay area. Or are you talking about the client side config?
Closed ghost closed 1 year ago
fabianfrz
commented
5 years ago If you want to make your instance a bridge, there is already a checkbox in the relay area. Or are you talking about the client side config?
ghost
commented
5 years ago Franz, that is not what I meant. I mean using bridges, not becoming one: https://tor.stackexchange.com/questions/3924/how-to-add-obfs3-bridges-in-torrc
At the moment there is no support for that whatsoever, so anyone using the tor plugin in opnsense, somewhere where DPI or stateful packet filtering actively blocks it, won't be able to use the service.
https://blog.torproject.org/obfsproxy-next-step-censorship-arms-race https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt
ghost
commented
5 years ago A somewhat quick workaround would be to allow a custom config snippet. You do need the obfsproxy port, though.
fabianfrz
commented
5 years ago depends on python 2.7 so no (https://www.freshports.org/security/py-obfsproxy-tor/) and I will also not add custom config blocks because they may break the config.
Another pluggable transport (if you know one) may be a better idea. I do not want to add any deprecated software to my plugins.
ghost
commented
5 years ago I agree re py27.
Yes, you can use this: https://github.com/Yawning/obfs4
It's actually the favored transport, as it uses djb's elligator, and is backwards compatible. elligator makes the entire curve indistinguishable from random data, both the exchange and ciphertext.
It depends on Go, and there seems to be an existent port: https://www.freshports.org/security/obfs4proxy-tor/
fabianfrz
commented
5 years ago sounds good, @fichtner there is a FreeBSD port needed.
mrPsycho
commented
2 years ago hello,
as far as i understand there are some changes... and ports updated.
also i left message on forum: https://forum.opnsense.org/index.php?topic=26029.msg125548#msg125548
mrPsycho
commented
2 years ago atm using /usr/local/opnsense/service/templates/OPNsense/Tor/torrc to make stable config (till new upgrade)
OPNsense-bot
commented
1 year ago This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
I don't see any spot in the UI to add bridges. I'm running stable. This would be nice to have since bridges serve a rather important purpose and help increase the safety of a Tor circuit somewhat (besides the censorship "bypass").