Bridges are used in the introductory phase to the Tor network and help bypass censorship by first connecting to a server that is not known to be part of the Tor network. Out of all bridge transports, Snowflake sounds perhaps the most promising because it leverages WebRTC and the bridge itself is installable by any user that uses a browser.
Although less popular than the standard OBFS4, Snowflake is perhaps the most convenient since the bridge runs on any browser that has an addon installed. This means extremely low requirements and low commitment necessary on the users that want to help with anonymizing connections via the Tor network.
The following guide will offer some notes on using the Snowflake bridge. It is assumed that Tor is already configured on the network and more details on configuring Tor will not be shared except showing the configuration changes necessary to make Snowflake work.
The following addresses link to browser addons for various browsers:
Once the addon has been installed, the browser itself becomes a bridge and helps other tor
users use your browser as a bridge to the Tor network.
In order to use Snowflake as a bridge:
snowflake-client
package is necessarysnowflake-client
is placed at /usr/local/sbin/snowflake-client
Clone the Snowflake source code:
git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
Change directory to the client:
cd snowflake/client
Get the necessary dependencies and compile:
go get go build
This results in a binary named client
placed in the same directory where the compiling commands have been issued. The binary can be copied to, say, /usr/local/bin/snowflake-client
:
cp client /usr/local/bin/snowflake-client
Conveniently, the Snowflake client directory contains a sample Tor configuration file torrc
that contains the necessary changes that have to be made. In short, only two lines have to be copied to the Tor configuration file.
Note that the following lines are just the bare minimum to configure Snowflake and it is not a replacement for the entire Tor configuration you might have.
# Bridges must be enabled. UseBridges 1 # Long line configuring the snowflake bridge. Bridge snowflake 192.0.2.3:1 2B280B2... # Using the compiled Snowflake client as a transport client. ClientTransportPlugin snowflake exec /usr/local/bin/snowflake -log /var/log/snowflake.log
Restart Tor and watch /var/log/snowflake.log
as well as the Tor log for activity. Given consensus, Tor should print out that the network has been fully boostraped and is ready to be used.
OpenWrt does not yet bundle the Snowflake bridge transport such that it has to be compiled or cross-compiled on OpenWrt. Aside from low-memory conditions on an OpenWrt router, OpenWrt seems to fail compiling Snowflake such that it has to be cross compiled. Here are some orientative steps for cross-compiling on a Linux system without even having to download the OpenWrt toolchain:
git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
mips
without an FPU:export GOARCH=mips export GOMIPS=softfloat
cd snowflake/client go get go build
torrc
changes to use Snowflake bridge transport as per the previous sections.-log /var/log/snowflake.log
parameter being passed to the ClientTransportPlugin
and then to snowflake-client
and the user running tor
not having the permissions to write to /var/log/snowflake.log
; the -log /var/log/snowflake.log
parameter can be removed from the torrc
configuration file to overcome this issue