Snowflake or webtunnel just for me

Sticky · July 11, 2024, 1:11pm

Hello everyone, how can I configure snowflake or webtunnel on my server just for myself?

atari · July 11, 2024, 1:26pm

With a webtunnel bridge it should be possible if you set

PublishServerDescriptor 0

in your torrc.

General setup instructions: Tor Project | WebTunnel Bridge

Sticky · July 11, 2024, 1:48pm

Thx. WebTunnel a bit hard to set up, snowflake is easier, but does snowflake support a bridge for only one user?

gus · July 12, 2024, 12:54pm

No, this feature is not supported.

Sticky · July 12, 2024, 4:24pm

Can this be added?

gus · July 12, 2024, 4:30pm

It seems the Anti-censorship Team won’t work on this feature:

There is an option of deploying the entire snowflake system (broker, proxy, bridge+snowflake), but it seems a lot of manual work.

In your case, I believe deploying a private obfs4 or webtunnel bridge is easier.

Sticky · July 13, 2024, 3:20pm

Ok, I set up webtunnel, I think. It was easier than it first seemed. But is there a manual that I need to write in the local torrc file to connect via webtunnel?

gus · July 13, 2024, 3:24pm

You need to compile the WebTunnel client and use this torrc:

UseBridges 1
DataDirectory datadir
## change the path to your WebTunnel client /home/user/webtunnel/client
ClientTransportPlugin webtunnel exec ./client

## add your WebTunnel bridge line
Bridge webtunnel 192.0.2.3:1 url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
SocksPort auto
#Log info

Reference:

Sticky · July 13, 2024, 6:07pm

Omg…
I always wondered why not put out a ready-made program, why does the user need to compile something? In general, I expected to see a ready-made client in the TOR Browser folder.
I complied git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/tree/main/main/client didn’t work.
Then cd webtunnel/main/client
Then go build
Then sudo cp client /usr/local/bin/webtunnel
The resulting file does not run on Windows.
What’s next?

gus · July 13, 2024, 6:24pm

Ops, if compiling is an issue, you can download and use Tor Expert Bundle:“The tor expert bundle contains the tor and pluggable transports binaries, bridge strings, and geoip data used in Tor Browser.”

In your torrc, instead of executing “webtunnel-client.exe”, you’ll need to change to use lyrebird, which is a binary containing obfs4, webtunnel and other PTs clients.

It will look like something like this:

UseBridges 1
DataDirectory datadir
ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit,webtunnel exec c:\tor\pluggable_transports\lyrebird.exe 
Bridge webtunnel 192.0.2.3:1 url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
SocksPort auto

Sticky · July 13, 2024, 8:49pm

Now, it totally works! Plus, it works faster than Snowflake. Thank you very much!

It looks like a mistake here: Tor Project | Compile and run WebTunnel from the source

webtunnel 10.0.0.2:443 FINGERPRINT url=https://yourdomain/path

I did according to your example:

Bridge webtunnel 192.0.2.3:1 url=https://qw.er.ty/secretpath

Without FINGERPRINT

Another question is whether you need to somehow configure the BridgeDistribution parameter? Now it is not in my torrc on the server. I have configured only PublishServerDescriptor 0 and my bridge is not published. I’m fine with that.

And yet, I executed sudo journalctl -e -u tor@default, and in the output of the log:

Managed proxy "/usr/local/bin/webtunnel" wrote a STATUS line without TRANSPORT: "TYPE=version IMPLEMENTATION=\"webtunnel\" VERSION=\"0.0.1\""

What to do about it?