1. 下载并安装 Tor
yum install tor -y
2. 安装 obfs4
通过python进行编译安装:
- (1)安装 所需依赖软件模块:
yum install make automake gcc python-pip python-devel libyaml-devel
- (2)安装 obfs4proxy:
pip install obfsproxy
通过go进行编译安装:
- (1)下载go的obfs4项目:
git clone http://www.github.com/Yawning/obfs4
-
(2)进入obfs4目录进行编译:
go build -o obfs4proxy/obfs4proxy ./obfs4proxy
- (3)复制bofs4proxy到系统工作目录下:
cp ./obfs4proxy/obfs4proxy /usr/bin/obfs4proxy
3. 配置 Tor Bridges
- 编辑 /etc/tor/torrc:
vim /etc/tor/torrc
- 定义一个 ORPort,不作为出口节点,设置成 Bridge:
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
ORPort 4443
Exitpolicy reject *:*
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto
PublishServerDescriptor 0
- 重启tor服务:
systemctl restart tor
-
查看tor服务状态
systemctl status tor
4. 使用网桥
- 查看日志文件,命令:
cat /var/log/tor/notices.log
内容如下:
[notice] Your Tor server's identity key fingerprint is 'Unnamed 530FA95A79B9145D315F15F01215BE2F3BE921EB'
[notice] Your Tor bridge's hashed identity key fingerprint is 'Unnamed 83D1AC9EC2F15D7024278461DC91A8B2E9BBF43A'
[notice] Registered server transport 'obfs4' at '[::]:46396'
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
[notice] Bootstrapped 100%: Done
[notice] Now checking whether ORPort <redacted>:4443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent.
注意:记住输出中 obfs4 监听的端口(本例中是 46396)。并且还能找到你的 server identity fingerprint(本例中是 530FA95A79B9145D315F15F01215BE2F3BE921EB),也复制下来。
在 /var/lib/tor/pt_state/obfs4_bridgeline.txt
文件中可以看到类似如下的内容:
Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=oG6a3K7CtearIloUp2OCUk60oNMgw+jVgCNhGumMkODS659UEgRRx7yxZuoEo9Crp9GGXg iat-mode=0
- 根据日志中的信息获得最终的网桥配置:
obfs4 <IP ADDRESS>:46396 530FA95A79B9145D315F15F01215BE2F3BE921EB cert=oG6a3K7CtearIloUp2OCUk60oNMgw+jVgCNhGumMkODS659UEgRRx7yxZuoEo9Crp9GGXg iatmode=0
5.将网桥配置信息填入Tor浏览器中,如下图
6.防火墙firewalld放行端口
- 编辑防火墙公共配置/etc/firewalld/zones/public.xml文件,命令:
vim /etc/firewalld/zones/public.xml
内容如下(本例ORPort端口 => 4443, obfs4端口 => 46396):
<port protocol="tcp" port="ORPort端口"/>
<port protocol="udp" port="ORPort端口"/>
<port protocol="tcp" port="obfs4端口"/>
<port protocol="udp" port="obfs4端口"/>
- 使防火墙配置生效,命令:
firewall-cmd --complete-reload
7. 最后附上官方Tor浏览器下载地址
https://www.torproject.org/download/