Should obfs4 have the "managed" line?


In both Whonix Wiki and torrc.example file, it suggests:
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

@JasonJAyalaP asked in T684:

should obfs4 have the “managed” line?

According to Tor manual:

ClientTransportPlugin transport exec path-to-binary [options]

the Tor client launches the pluggable transport proxy executable in path-to-binary using options as its command-line options, and forwards its traffic to it.

However, I did not find much documentation on why managed mode was needed on man obsf4proxy or the Internet.

Could anyone help me with the question please? I am very curious, too.


Could you ask that on tor-dev please?


I asked Yawning via irc:

<iry> in docs, it suggests configure torrc as: ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
<iry> however, i also see people add a "managed" option behind it
<iry> like this:
<iry> ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed
<Yawning> it doesn't matter
<iry> could you please tell me what does this option do to the obfs4proxy? or are there any sources I can find the answer?
<Yawning> it doesn't do anything
<Yawning> people are apparently bolting it on because that's what obfsproxy (python) did
<Yawning> just leave it out
<iry> got you! Thank you very much! would you mind me taking your word as reference to inform others about these?
<Yawning> that's fine


Do we need to take any action, like removing the managed option or explaining it a little be in wiki? I can definitely help with that if it’s necessary.


I’d suggest removing the “managed” part and maybe documenting that it is not needed as obfs4proxy runs by default as a managed pluggable transport (since it’s currently the only supported mode according to the manpage).
I guess the older obsproxy operated in external mode by default and thats why they added it (also managed proxies were supported later than external ones).

What managed and external mean is documented in Proposal-180: Pluggable transports for circumvention.


Yes, if possible to remove, please remove and test if that’s working.


ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

Everything keeps working normally after removing that line entry.
This was successfully tested on 2 separate machines with both running all current & updated Qubes-Whonix (platform is at version 3.2)

Incidentally, does anyone have any idea if there is a limit to the number of bridge line entries in this torrc file? TIA:)

Keep up the great work Patrick & every noble soul on the Qubes / Whonix teams.


Thank you for helping with the test, @2-unglaubig !

I tested myself and it was working well, too.

I have edited both the torrc.example file and the Whonix wiki.

The upcoming anon-connection-wizard will also take care of this issue.

//cc @Patrick


I don’t know if there is a limit, but I don’t think either you’ll hit a limit or should use that many bridges. For a better answer, you need to consult the Tor Project or Tor’s source code.


Thank you Patrick.:grin: You fully answered my “spur of the moment” wondering mind :stuck_out_tongue:

FWIW… I took a peek in the TORRC config files in the stable and now defunct alpha TBB standalone setups - both of them show a “pooled list” of 22 entries.

So I figure I will adopt that number as my upper threshold for all practical purposes and of course a pragmatic approach.:grinning:

THANK YOU IRY :kissing_smiling_eyes: for your “Welcome” :blush: :heart_eyes: