simplify testing of client and server

14 files changed, 254 insertions, 38 deletions

diff --git a/.gitignore b/.gitignore
index bb184ea..b21dfe4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-obfsproxy/test_data/*
 obfsproxy/obfsproxy
+obfsclient/obfsclient
 *.swp
 *.swo
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..3552bc0
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,19 @@
+OBFS4_ENDPOINT ?= 
+OBFS4_CERT ?= 
+
+certs:
+	curl -k https://black.riseup.net/ca.crt > /tmp/ca.crt
+	curl -k https://api.black.riseup.net/3/cert > /tmp/cert.pem
+
+build-client:
+	go get ./...
+	go build -o obfsvpn-client ./client
+
+run-client:
+	./obfsvpn-client -c ${OBFS4_CERT}
+
+run-openvpn:
+	./scripts/run-openvpn-client.sh
+
+check:
+	curl https://wtfismyip.com/json
diff --git a/client/main.go b/client/main.go
new file mode 100644
index 0000000..0c7edcc
--- /dev/null
+++ b/client/main.go
@@ -0,0 +1,66 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"os"
+
+	"0xacab.org/leap/obfsvpn"
+	socks5 "github.com/armon/go-socks5"
+)
+
+func main() {
+	// Setup logging.
+	logger := log.New(os.Stderr, "", log.LstdFlags)
+	debug := log.New(io.Discard, "DEBUG ", log.LstdFlags)
+
+	// setup command line flags.
+	var (
+		verbose     bool
+		obfs4Cert   string
+		obfs4Remote string
+		socksPort   string
+		socksHost   string
+	)
+
+	socksPort = "8080"
+	socksHost = "127.0.0.1"
+
+	flags := flag.NewFlagSet(os.Args[0], flag.ContinueOnError)
+	flags.BoolVar(&verbose, "v", verbose, "Enable verbose logging")
+	flags.StringVar(&obfs4Cert, "c", obfs4Cert, "The remote obfs4 certificate")
+	flags.StringVar(&obfs4Remote, "r", obfs4Remote, "The remote obfs4 endpoint (ip:port)")
+	flags.StringVar(&socksPort, "p", socksPort, "The port for the local socks5 proxy (default: 8080)")
+	flags.StringVar(&socksHost, "i", socksHost, "The host for the local socks5 proxy (default: localhost)")
+	err := flags.Parse(os.Args[1:])
+	if err != nil {
+		logger.Fatalf("error parsing flags: %v", err)
+	}
+	// Configure logging.
+	if verbose {
+		debug.SetOutput(os.Stderr)
+	}
+
+	dialer, err := obfsvpn.NewDialerFromCert(obfs4Cert)
+	if err != nil {
+		logger.Fatalf("cannot get dialer: %v", err)
+	}
+
+	socksConf := &socks5.Config{
+		Dial: dialer.Dial,
+	}
+
+	server, err := socks5.New(socksConf)
+	if err != nil {
+		panic(err)
+	}
+
+	addr := net.JoinHostPort(socksHost, socksPort)
+	fmt.Printf("[+] Started socks5 proxy at %s\n", addr)
+	if err := server.ListenAndServe("tcp", addr); err != nil {
+		panic(err)
+	}
+}
diff --git a/client/obfsclient b/client/obfsclient
new file mode 100755
index 0000000..9bd175b
--- /dev/null
+++ b/client/obfsclient
diff --git a/dialer.go b/dialer.go
index 5043aeb..db5d7b4 100644
--- a/dialer.go
+++ b/dialer.go
@@ -76,21 +76,22 @@ func unpackCert(cert string) (*ntor.NodeID, *ntor.PublicKey, error) {
 	return nodeID, pubKey, nil
 }
 
-// NewDialerCert creates a dialer from a node certificate.
-func NewDialerCert(cert string) (*Dialer, error) {
+// NewDialerFromCert creates a dialer from a node certificate.
+func NewDialerFromCert(cert string) (*Dialer, error) {
 	nodeID, publicKey, err := unpackCert(cert)
 
 	if err != nil {
 		return nil, err
 	}
-	return &Dialer{
+	d := &Dialer{
 		NodeID:    nodeID,
 		PublicKey: publicKey,
-	}, nil
+	}
+	return d, nil
 }
 
-// NewDialerArgs creates a dialer from existing pluggable transport arguments.
-func NewDialerArgs(args pt.Args) (*Dialer, error) {
+// NewDialerFromArgs creates a dialer from existing pluggable transport arguments.
+func NewDialerFromArgs(args pt.Args) (*Dialer, error) {
 	cf, err := (&obfs4.Transport{}).ClientFactory("")
 	if err != nil {
 		return nil, err
diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 0000000..ef9e4c6
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,124 @@
+# Developing
+
+These are notes to test the different components separately while developing.
+
+## Server-side proxy
+
+### 1. Compile and run obfserver
+
+First, we're going to set up the server-side proxy. Do note that we will skip
+the part that generates the obfs4 keys (we will use the `obfsproxy/test_data`
+folder for testing).
+
+`LHOST` is the local IP of the server (in case it's different than the public IP).
+`RHOST` is the OpenVPN gateway IP.
+
+```
+export LHOST=10.10.1.10:4430     # this is our obfs4 endpoint (private network; if your public IP is exposed directly you should use the IP:PORT here instead).
+export RHOST=163.172.126.44:443  # this is the GW IP (each obfsproxy is routing to only one openvpn GW).
+
+cd server && make build
+sudo ./server -addr $(LHOST) -vpn $(RHOST) -state test_data -c test_data/obfs4.json
+```
+
+### 2. Run `obfsclient` to start a socks5 proxy in localhost
+
+It will start a local socks5 proxy, to where we will connect with `openvpn`.
+For now, this is `TCP` only. By default, the socks5 proxy will listen in `127.0.0.1:8080`.
+
+```
+make build-client
+make run-client OBFS4_CERT=8nuAbPJwFrKc/29KcCfL5LBuEWxQrjBASYXdUbwcm9d9pKseGK4r2Tg47e23+t6WghxGGw
+```
+
+### 3. Get certificates for the riseup gateways.
+
+```
+make certs
+```
+
+You should have certificates in `/tmp/cert.pem`, and the ca file in `/tmp/ca.crt`.
+
+
+### 4. Run the `openvpn` client using the local `socks5` proxy.
+
+The `openvpn` binary needs to be invoked with the `OBFS4_ENDPOINT` as the
+`--remote`, and the local `socks5` port as the `--proxy`.
+
+In this example, we pass the `OBFS4_ENDPOINT` variable via the `Makefile`:
+
+```
+make run-openvpn OBFS4_ENDPOINT=2.2.2.2
+```
+
+If everything went well, now you should be connected to the gateway remote, and
+all routes set up.
+
+
+```
+❯ make run-openvpn OBFS4_ENDPOINT=2.2.2.2
+./scripts/run-openvpn-client.sh
++ sudo openvpn --verb 3 --tls-cipher DHE-RSA-AES128-SHA --cipher AES-128-CBC --auth-nocache --proto tcp --dev tun --client --tls-client --remote-cert-tls server --tls-version-min 1.2 --ca /tmp/ca.crt --cert /tmp/cert.pem --key /tmp/cert.pem --pull-filter ignore ifconfig-ipv6 --pull-filter ignore route-ipv6 --socks-proxy 127.0.0.1 8080 --remote 2.2.2.2 443 --route 2.2.2.2 255.255.255.255 net_gateway
+2022-05-21 03:41:35 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
+2022-05-21 03:41:35 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
+2022-05-21 03:41:35 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA'
+2022-05-21 03:41:35 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:8080
+2022-05-21 03:41:35 Socket Buffers: R=[131072->131072] S=[16384->16384]
+2022-05-21 03:41:35 Attempting to establish TCP connection with [AF_INET]127.0.0.1:8080 [nonblock]
+2022-05-21 03:41:35 TCP connection established with [AF_INET]127.0.0.1:8080
+2022-05-21 03:41:35 TCP_CLIENT link local: (not bound)
+2022-05-21 03:41:35 TCP_CLIENT link remote: [AF_INET]127.0.0.1:8080
+2022-05-21 03:41:35 TLS: Initial packet from [AF_INET]127.0.0.1:8080, sid=61e85660 36666a7a
+2022-05-21 03:41:35 VERIFY OK: depth=1, O=Riseup Networks, OU=https://riseup.net, CN=Riseup Networks Root CA
+2022-05-21 03:41:35 VERIFY KU OK
+2022-05-21 03:41:35 Validating certificate extended key usage
+2022-05-21 03:41:35 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
+2022-05-21 03:41:35 VERIFY EKU OK
+2022-05-21 03:41:35 VERIFY OK: depth=0, CN=mouette.riseup.net, O=Riseup Networks, L=Seattle, ST=WA, C=US
+2022-05-21 03:41:36 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES128-SHA, 4096 bit RSA
+2022-05-21 03:41:36 [mouette.riseup.net] Peer Connection Initiated with [AF_INET]127.0.0.1:8080
+2022-05-21 03:41:37 SENT CONTROL [mouette.riseup.net]: 'PUSH_REQUEST' (status=1)
+2022-05-21 03:41:37 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.41.0.1,redirect-gateway def1,route-ipv6 2000::/3,tun-ipv6,route-gateway 10.41.0.1,topology subnet,ping 10,ping-restart 30,socket-flags TCP_NODELAY,ifconfig-ipv6 2001:db8:123::100d/64 2001:db8:123::1,ifconfig 10.41.0.15 255.255.248.0,peer-id 0,cipher AES-256-GCM'
+2022-05-21 03:41:37 Pushed option removed by filter: 'route-ipv6 2000::/3'
+2022-05-21 03:41:37 Pushed option removed by filter: 'ifconfig-ipv6 2001:db8:123::100d/64 2001:db8:123::1'
+2022-05-21 03:41:37 OPTIONS IMPORT: timers and/or timeouts modified
+2022-05-21 03:41:37 OPTIONS IMPORT: --socket-flags option modified
+2022-05-21 03:41:37 Socket flags: TCP_NODELAY=1 succeeded
+2022-05-21 03:41:37 OPTIONS IMPORT: --ifconfig/up options modified
+2022-05-21 03:41:37 OPTIONS IMPORT: route options modified
+2022-05-21 03:41:37 OPTIONS IMPORT: route-related options modified
+2022-05-21 03:41:37 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
+2022-05-21 03:41:37 OPTIONS IMPORT: peer-id set
+2022-05-21 03:41:37 OPTIONS IMPORT: adjusting link_mtu to 1626
+2022-05-21 03:41:37 OPTIONS IMPORT: data channel crypto options modified
+2022-05-21 03:41:37 Data Channel: using negotiated cipher 'AES-256-GCM'
+2022-05-21 03:41:37 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
+2022-05-21 03:41:37 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
+2022-05-21 03:41:37 net_route_v4_best_gw query: dst 0.0.0.0
+2022-05-21 03:41:37 net_route_v4_best_gw result: via 192.168.1.1 dev eth0
+2022-05-21 03:41:37 ROUTE_GATEWAY 192.168.1.1/255.255.255.0
+2022-05-21 03:41:37 TUN/TAP device tun0 opened
+2022-05-21 03:41:37 net_iface_mtu_set: mtu 1500 for tun0
+2022-05-21 03:41:37 net_iface_up: set tun0 up
+2022-05-21 03:41:37 net_addr_v4_add: 10.41.0.15/21 dev tun0
+2022-05-21 03:41:37 net_route_v4_add: 127.0.0.1/32 via 192.168.18.1 dev [NULL] table 0 metric -1
+2022-05-21 03:41:37 net_route_v4_add: 0.0.0.0/1 via 10.41.0.1 dev [NULL] table 0 metric -1
+2022-05-21 03:41:37 net_route_v4_add: 128.0.0.0/1 via 10.41.0.1 dev [NULL] table 0 metric -1
+2022-05-21 03:41:37 net_route_v4_add: 2.2.2.2/32 via 192.168.1.1 dev [NULL] table 0 metric -1
+2022-05-21 03:41:37 Initialization Sequence Completed
+```
+
+You should verify that your exit IP has changed:
+
+
+```
+curl https://wtfismyip.com/json
+{
+    "YourFuckingIPAddress": "51.159.55.86",
+    "YourFuckingLocation": "Paris, IDF, France",
+    "YourFuckingHostname": "51-159-55-86.rev.poneytelecom.eu",
+    "YourFuckingISP": "Scaleway",
+    "YourFuckingTorExit": false,
+    "YourFuckingCountryCode": "FR"
+}
+```
diff --git a/go.mod b/go.mod
index 7ea5ce8..65a7ab2 100644
--- a/go.mod
+++ b/go.mod
@@ -4,14 +4,15 @@ go 1.17
 
 require (
 	git.torproject.org/pluggable-transports/goptlib.git v1.0.0
+	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
 	// Do not update obfs4 past e330d1b7024b, a backwards incompatible change was
 	// made that will break negotiation.
 	gitlab.com/yawning/obfs4.git v0.0.0-20210511220700-e330d1b7024b
-	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
 )
 
 require (
 	github.com/dchest/siphash v1.2.1 // indirect
 	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
 	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
 )
diff --git a/go.sum b/go.sum
index cff2b51..482ab37 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
 git.torproject.org/pluggable-transports/goptlib.git v1.0.0 h1:ElTwFFPKf/tA6x5nuIk9g49JZzS4T5WN+eTQTjqd00A=
 git.torproject.org/pluggable-transports/goptlib.git v1.0.0/go.mod h1:YT4XMSkuEXbtqlydr9+OxqFAyspUv0Gr9qhM3B++o/Q=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/dchest/siphash v1.2.1 h1:4cLinnzVJDKxTCl9B01807Yiy+W7ZzVHj/KIroQRvT4=
 github.com/dchest/siphash v1.2.1/go.mod h1:q+IRvb2gOSrUnYoPqHiyHXS0FOBBOdl6tONBlVnOnt4=
 github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo=
@@ -8,12 +10,8 @@ github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
 gitlab.com/yawning/bsaes.git v0.0.0-20190805113838-0a714cd429ec/go.mod h1:BZ1RAoRPbCxum9Grlv5aeksu2H8BiKehBYooU2LFiOQ=
-gitlab.com/yawning/edwards25519-extra.git v0.0.0-20211229043746-2f91fcc9fbdb h1:qRSZHsODmAP5qDvb3YsO7Qnf3TRiVbGxNG/WYnlM4/o=
-gitlab.com/yawning/edwards25519-extra.git v0.0.0-20211229043746-2f91fcc9fbdb/go.mod h1:gvdJuZuO/tPZyhEV8K3Hmoxv/DWud5L4qEQxfYjEUTo=
 gitlab.com/yawning/obfs4.git v0.0.0-20210511220700-e330d1b7024b h1:w/f20IHUkUYEp+xYgpKz4Bs78zms0DbjPZCep5lc0xA=
 gitlab.com/yawning/obfs4.git v0.0.0-20210511220700-e330d1b7024b/go.mod h1:OM1ngEp5brdANPox+rqk2AGTLQvzobyB5Dwm3vu3CgM=
-gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d h1:tJ8F7ABaQ3p3wjxwXiWSktVDgjZEXkvaRawd2rIq5ws=
-gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d/go.mod h1:9GcM8QNU9/wXtEEH2q8bVOnPI7FtIF6VVLzZ1l6Hgf8=
 gitlab.com/yawning/utls.git v0.0.12-1/go.mod h1:3ONKiSFR9Im/c3t5RKmMJTVdmZN496FNyk3mjrY1dyo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
diff --git a/listener.go b/listener.go
index 82db98c..30ad401 100644
--- a/listener.go
+++ b/listener.go
@@ -28,8 +28,9 @@ type ListenConfig struct {
 	StateDir   string
 }
 
+// NewListenConfig
 // perhaps this is redundant, but using the same json format than ss for debug.
-// kali: feel free to remove this if/when we make sure unwrapping the cert is enough for us.
+
 func NewListenConfig(nodeIDStr, privKeyStr, pubKeyStr, seedStr, stateDir string) (*ListenConfig, error) {
 	var err error
 	var seed [ntor.KeySeedLength]byte
diff --git a/obfsproxy/leap-vpn.sh b/scripts/run-openvpn-client.sh
index 4fb09c3..a70fcdc 100755
--- a/obfsproxy/leap-vpn.sh
+++ b/scripts/run-openvpn-client.sh
@@ -1,13 +1,16 @@
 #!/bin/sh
+set -x
 sudo openvpn \
     --verb 3 \
     --tls-cipher DHE-RSA-AES128-SHA \
     --cipher AES-128-CBC \
+    --auth-nocache \
+    --proto tcp \
     --dev tun --client --tls-client \
     --remote-cert-tls server --tls-version-min 1.2 \
     --ca /tmp/ca.crt --cert /tmp/cert.pem --key /tmp/cert.pem \
-    --proto tcp4 \
-    --remote localhost 4430 \
-    --socks-proxy localhost 4430 \
-    --route $GW 255.255.255.255 net_gateway \
-    --persist-tun
+    --pull-filter ignore ifconfig-ipv6 \
+    --pull-filter ignore route-ipv6 \
+    --socks-proxy 127.0.0.1 8080 \
+    --remote $OBFS4_ENDPOINT 443 \
+    --route $OBFS4_ENDPOINT 255.255.255.255 net_gateway
diff --git a/obfsproxy/Makefile b/server/Makefile
index 8694349..853469b 100644
--- a/obfsproxy/Makefile
+++ b/server/Makefile
@@ -1,18 +1,11 @@
 RHOST=163.172.126.44:443
 LHOST="10.0.0.209:443"
 
+build:
+	go build
+
 run:
 	sudo ./obfsproxy -addr ${LHOST} -vpn ${RHOST} -state test_data -c test_data/obfs4.json 
 
-certs:
-	curl -k https://black.riseup.net/ca.crt > /tmp/ca.crt
-	curl -k https://api.black.riseup.net/3/cert > /tmp/cert.pem
-
-check:
-	curl https://wtfismyip.com/json
-
 stop:
 	pkill -9 obfsproxy
-
-obfsproxy:
-	go build
diff --git a/obfsproxy/main.go b/server/main.go
index 5e56789..5427184 100644
--- a/obfsproxy/main.go
+++ b/server/main.go
@@ -14,7 +14,7 @@ import (
 	"os/signal"
 
 	"0xacab.org/leap/obfsvpn"
-	"git.torproject.org/pluggable-transports/goptlib.git"
+	pt "git.torproject.org/pluggable-transports/goptlib.git"
 )
 
 const transportName = "obfs4"
@@ -35,10 +35,10 @@ func main() {
 	// Setup command line flags.
 	var (
 		verbose  bool
-		addr     string = "[::1]:0"
 		vpnAddr  string
 		cfgFile  string
 		stateDir string
+		addr     = "[::1]:0"
 	)
 	flags := flag.NewFlagSet(os.Args[0], flag.ContinueOnError)
 	flags.BoolVar(&verbose, "v", verbose, "Enable verbose logging")
@@ -56,6 +56,7 @@ func main() {
 		logger.Fatal("must specify -vpn")
 	}
 
+	// TODO this needs to be configurable if we switch to UDP mode for OpenVPN.
 	tcpVPNAddr, err := net.ResolveTCPAddr("tcp", vpnAddr)
 	log.Println("target:", tcpVPNAddr)
 	if err != nil {
@@ -83,11 +84,16 @@ func main() {
 	// Setup graceful shutdown.
 	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt)
 
-	listenConfig, err := obfsvpn.NewListenConfig(cfg.NodeID, cfg.PrivateKey, cfg.PublicKey, cfg.DRBGSeed, stateDir)
+	listenConfig, err := obfsvpn.NewListenConfig(
+		cfg.NodeID, cfg.PrivateKey, cfg.PublicKey,
+		cfg.DRBGSeed,
+		stateDir)
 	if err != nil {
-		logger.Fatalf("error creating listener from config: %v", err)
+		logger.Fatalf("Error creating listener from config: %v", err)
 	}
-	log.Println("DEBUG:", listenConfig)
+
+	logger.Printf("DEBUG: %v", listenConfig)
+
 	ln, err := listenConfig.Listen(ctx, "tcp", addr)
 	if err != nil {
 		logger.Fatalf("error binding to %s: %v", addr, err)
@@ -109,7 +115,8 @@ func main() {
 		OrAddr: tcpVPNAddr,
 	}
 
-	logger.Printf("listening on %s…", ln.Addr())
+	logger.Printf("Listening on %s…", ln.Addr())
+
 	for {
 		conn, err := ln.Accept()
 		if err != nil {
@@ -121,12 +128,12 @@ func main() {
 	}
 }
 
-// obfsConn is a connection to the obfs4 client that we have accepted. we will dial to the remote contained in info
+// proxyConn is a connection to the obfs4 client that we have accepted. we will dial to the remote contained in info
 func proxyConn(ctx context.Context, info *pt.ServerInfo, obfsConn net.Conn, logger, debug *log.Logger) {
 	defer func() {
 		err := obfsConn.Close()
 		if err != nil {
-			debug.Printf("error closing connection: %v", err)
+			debug.Printf("Error closing connection: %v", err)
 		}
 	}()
 
@@ -172,8 +179,8 @@ func proxyConn(ctx context.Context, info *pt.ServerInfo, obfsConn net.Conn, logg
 	}
 }
 
-// a stock copy loop. let's not dwell too much on who's client and who's server
-
+// CopyLoop is a standard copy loop. We don't care too much who's client and
+// who's server
 func CopyLoop(left net.Conn, right net.Conn) error {
 
 	fmt.Println("--> Entering copy loop.")
diff --git a/obfsproxy/main_test.go b/server/main_test.go
index cdead61..ecbb364 100644
--- a/obfsproxy/main_test.go
+++ b/server/main_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 )
 
+/*
 type testWriter struct {
 	t      *testing.T
 	prefix string
@@ -15,6 +16,7 @@ func (w testWriter) Write(p []byte) (int, error) {
 	w.t.Logf("%s%s", w.prefix, p)
 	return len(p), nil
 }
+*/
 
 func TestMain(m *testing.M) {
 	runProxy := flag.Bool("runproxy", false, "Start the command instead of running the tests")
diff --git a/server/test_data/obfs4.json b/server/test_data/obfs4.json
new file mode 100644
index 0000000..eb4a1e8
--- /dev/null
+++ b/server/test_data/obfs4.json
@@ -0,0 +1 @@
+{"node-id":"f27b806cf27016b29cff6f4a7027cbe4b06e116c","private-key":"540bd146653b484bd84c5ec646f6ba8232ec1ec2d91320b4fd50ced640d9e139","public-key":"50ae30404985dd51bc1c9bd77da4ab1e18ae2bd93838ededb7fade96821c461b","drbg-seed":"b96054e02220e45ecd128a63ba64771c7b4a2bfb0aeda045","iat-mode":0}