I lost 3 IP which were running the last Tor & Obfs4 bridge. When I changed to a new VPS and ran a obfs4proxy, its IP was blocked after tens of hours. I am sure those IP were blocked because of connecting Obfs4 bridges. Please check what’s happening. Both software versions are the last on my PC and VPS.
The GFW also masquerades as a user enumerating obfs4proxy via email, etc. Your obfs4proxy may have been hit.
No, I set my obfs4 bridges as private ones (“PublishServerDescriptor 0”). Nobody know my private bridges more. I am sure those bridges were recognized by GFW when I used them on my Tor Broswer Alpha directly.
I wonder if it could be a replay attack. Would it help to have an
iptables rule that only accepts input from one particular IP address, yours?
There are some reports of China blocking random looking protocols (like obfs4): Sharing a modified Shadowsocks as well as our thoughts on the cat-and-mouse game · Issue #136 · net4people/bbs · GitHub
Maybe you are hitting that kind of censorship.
I have installed the last version of Obfs4proxy on my Ubuntu VPS. The only one thing I can do is waiting for your rescue. It’s a bad news that GFW can recognize Obfs4 and block IP, I have used it for 5 years more. And, in fact, Shadowsocks (I tried Google’s Outline) could not avoid being blocked since 2015, so I give it up.
It’s impossible for me because my IP always change, Sorry.
Could you also add to your torrc:
I have done it but don’t have enough courage to test Obfs4 bridge recently. I can’t lose more IP so still wait the updating
The operator of GFW must be keen on obfs4 bridge distributors, spending much time requesting bridges with different IPs, then block them. However they ignored normal (or Vanilla) bidges, for example, I can always get unblocked guard relays (or bridges) by scanning Tor network with this tool: GitHub - ValdikSS/tor-relay-scanner: Tor Relay availability checker, for using it as a bridge in countries with censorship .
My friend, both of my Obfs4 bridges were established by myself and set as private. GFW operators can not find them from public websites, only some technologies like “Deep Flow Inspection” or “Deep Packet Inspection” can do. It means GFW can inspect Obfs4 bridges and block IP when I connect them in China.