Setting up a Tor Bridge

## Background

- Users in countries that block Tor (China, Iran, etc.)
- High-risk individuals avoiding surveillance
- People whose ISPs block Tor traffic
- Users where using Tor could draw attention
- Whistleblowers and activists in restrictive regions

---

## Domain Name Configuration

Make sure A-record and AAAA-record (IPv6) points to a the vultr instance for your subdomain *or* for @ and www.

---

## Environment

- Using a Debian Bookworm (v12) instance on Vultr
- Install Packages

```bash
apt-get install tor torsocks
```

- Open ports

```bash
sudo ufw allow 9001/tcp
sudo ufw allow 9002/tcp
sudo ufw reload
```

- Edit /etc/tor/torrc by adding the following to the bottom

```bash
RunAsDaemon 1
ORPort 9001
Address tor-bridge.buildintheshade.com
Nickname BuildInTheShade
ExitPolicy reject *:*
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:9902
SafeLogging 1
PublishServerDescriptor 0
```

---

## Start the Server

```bash
sudo systemctl restart tor
```

- Verify ports can be accessed

```bash
tor       5471 debian-tor    6u  IPv4  40403      0t0  TCP 127.0.0.1:9050 (LISTEN)
tor       5471 debian-tor    7u  IPv4  40404      0t0  TCP *:9001 (LISTEN)
tor       5471 debian-tor    8u  IPv6  40405      0t0  TCP *:9001 (LISTEN)
obfs4prox 5472 debian-tor    3u  IPv6  39708      0t0  TCP *:9902 (LISTEN)
```

---

## Testing

On Tor on your desktop

- Go to Settings > Connection
- Go to Add new bridges
- Paste in your Bridge Address
    - My example (non-working anymore, hence it's public now)

```bash
Bridge obfs4 66.42.82.241:9902 91ECD875762F9F3F7325E1E14834A541FE66D403 cert=Fy7i5dcRTChZSJqvfXLAG+YdzIRt9O7367nSLYEVp9XhwUNq8wMWkYyUamZPkMUV2SUrAw iat-mode=0
```