Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #31103

Closed (moved)
Open
Opened Jul 08, 2019 by Philipp Winter@phw

Support ORPort picking a random port that persists across restarts

A bridge's transport port and OR port are semi-secret. We don't want a bridge to listen on port 9001 because it would facilitate Internet-wide scanning: a censor could scan the entire IPv4 address space for port 9001 and block all bridges they discover this way. We therefore encourage operators to not set ServerTransportListenAddr, which makes Tor pick a random port and write it to its state file, so it persists across restarts. Bridge operators can then whitelist this port in their firewall configuration.

Bridge operators may welcome a similar option for ORPort. However, when setting ORPort to auto, Tor attempts to find a new port each time it starts. This means that operators would have to re-configure their firewalls after each restart.

In the short term, we should instruct operators to pick their own ports and explicitly set them for both ORPort and ServerTransportListenAddr but in the long term we may want ORPort to be able to pick a random port and save it to Tor's state file.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#31103