Help Censored Users, Run a Tor Bridge

Hi Alls,
Can we contribute to help censored people by installing safely a Tor Bridge obfs4 on our Turris Router ?
Witch is the best option ? using LXC or installing directly the binary on Turris OS ?
Is someone have some experience on tor bridge implementation ?

https://community.torproject.org/relay/setup/bridge/

1 Like

tor relay is readily available in Turris OS. opkg update && opkg install tor. Then go through /etc/tor/torrc and check the config. You will probably want to set DataDirectory /srv/tor - by default, it is saved in /var/lib, which (IMO) disappears after reboot, which leads to regenerating the identity of your tor node after each reboot - and the tor network strongly dislikes this.

1 Like

Please note, the tor package does not support setting a separate directory since the init file does not use variables for the storage.

/etc/init.d/tor has /var/lib/tor hardcoded as the data directory for setting up permissions:

...
start_service() {
	mkdir -m 0700 -p /var/lib/tor
	chown -R tor:tor /var/lib/tor

	mkdir -m 0755 -p /var/log/tor
	chown -R tor:tor /var/log/tor
...

You’ll have to update the init file yourself or change the permissions on your desired data location.

I’ll submit a ticket on this, but I wasn’t sure if this was an openwrt package that I should submit an upstream ticket for.

1 Like

Yes, that’s OpenWrt package located in community packages repository.

1 Like

So what is the best option ? LXC Container or Natif Openwrt package ?

Well, the native package would be less resources intensive for sure. Someone else would need to talk to the differences in features or other aspects.

I’d be curious to track how much of my bandwidth is used by the bridge. A quick search didn’t turn up much of use.

Bandwidth usage is configurable. Minimum is around 1 or 2 Mbps upload.

Done in a lxc Debian container for testing

Nov 26 20:08:03 xxxxx Tor[11024]: Heartbeat: Tor’s uptime is 5:58 hours, with 0 circuits open. I’ve sent 4.34 MB and received 5.20 MB.

The strange thing is for the NAT. I just NAT the ORPort and not the obfs4 … in Turris any advice ?

Yes you can set it in torrc file

## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 KB.
## Note that units for these config options are bytes per second, not bits
## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
RelayBandwidthRate 500 KB  # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 800 KB # But allow bursts up to 200KB/s (1600Kbps)
1 Like

And by the way you can monitor the trafic on Torproject directly

1 Like

You can also monitor your bridge with nyx (python3 script)

Ah, too bad the python installed is still 2.

python --version
Python 2.7.18

Nyx works with Python 2.7 and greater, including the Python 3.x series.

https://nyx.torproject.org/#python_requirement

I checked it, and by default, there is no preinstalled Python 2.7. Also, our SW for some time does not depend on it. But, Python 2.7 is still available to install in OpenWrt 19.07, but as well as Python 3.7.12.

root@turris:~# python --version
Python 3.7.12

You should check which packages depend on the old Python version and why it is installed. Anyway, if you try python3 --version, you will see that you have it installed.

On the other hand, with the next version of OpenWrt 21.02, there is only one version of Python.