Hello, have a few questions about the standalone snowflake proxy.
The machine I’m trying to run the standalone snowflake proxy on is behind a router that allows port forwarding but otherwise functions as a restrictive NAT. The proxy’s log has “NAT Type : restricted” at the beginning and would periodically timeout (“Timed out waiting for client to open data channel”).
Could the timeouts be because of the restricted NAT? Is it possible to forward some port(s) to workaround this and to avoid the timeouts?
Is it not advisable to share the same public IP address with an obfs4 bridge? I’ve read that all ports on the same IP could get blocked by firewalls such as the GFW which means that both the bridge and the proxy will be blocked if either is detected by the GFW.
Could the timeouts be because of the restricted NAT?
The timeout is normal. Snowflake proxies contact the broker asking for clients, if no client is around asking for a proxy it will timeout and contact again the broker. This is how webrtc works.
Is it possible to forward some port(s) to workaround this and to avoid the timeouts?
No, the webrtc connection uses unpredictable port numbers. You can not open them ahead of time.
Is it not advisable to share the same public IP address with an obfs4 bridge? I’ve read that all ports on the same IP could get blocked by firewalls such as the GFW which means that both the bridge and the proxy will be blocked if either is detected by the GFW.
Yes, is better to don’t share the same IP, as you say the censors might block everything once they find a bridge.
Figured out that if I forward all udp packets for the whole ephemeral range (default is 32768 to 60999 for most Linux boxes) on the router, NAT type becomes unrestricted and the proxy starts to get SDP offers at a much faster rate.
Still have some questions with iptables setting, will start a new topic for it.
