webtunnel bridges for the telegram distributor
Hello, Russia is extending their Tor block[0]. Currently, they block Fully Encrypted Protocols like obfs4 on some mobile networks[1]. For a while, WebTunnel has been a good alternative, but since June, Roskomnadzor has enumerated some WebTunnel bridges and blocked them by domain name[2]. Bridge operators can bypass this block by creating a new subdomain or using a new domain for their WebTunnel bridge. We are working on multiple solutions for this problem. And one of them is to start distributing WebTunnel bridges over Telegram[3]. In the past, our Telegram distribution bot has proved to be fairly resistant to the attempts to enumerate bridges made by the Russian censor. But to be able to do that, we first need to have enough bridges assigned to that distributor. We are looking for a minimum of 30 bridges assigned to this distributor. If you are in the capacity to host a WebTunnel bridge, please do so! You can follow the documentation on the Community portal[4] and configure your WebTunnel bridge with this option in your torrc: BridgeDistribution telegram Or if you're using our Docker container, you will need to add the lines below to your .env file: OBFS4_ENABLE_ADDITIONAL_VARIABLES=1 OBFS4V_BridgeDistribution=telegram It is ok if your WebTunnel bridge is on the same IP address of another existing WebTunnel bridge as long as is in a different subdomain name, for example www1.example.com. As the censor is blocking the bridges by domain name and not by IP. Please avoid hosting your bridge with Hetzner, Digital Ocean, OVH and do not use Cloudflare DNS, as there are reports of these are being targeted and blocked by DPI[5]. Thank you. [0]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [1]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [2]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [3]https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158 [4]https://community.torproject.org/relay/setup/webtunnel/ [5]https://github.com/net4people/bbs/issues/490 -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
Is there a place to see how many bridges are currently assigned to each distribution method? Jonah On 7/17/25 8:20 AM, meskio via tor-relays wrote:
Hello,
Russia is extending their Tor block[0]. Currently, they block Fully Encrypted Protocols like obfs4 on some mobile networks[1]. For a while, WebTunnel has been a good alternative, but since June, Roskomnadzor has enumerated some WebTunnel bridges and blocked them by domain name[2]. Bridge operators can bypass this block by creating a new subdomain or using a new domain for their WebTunnel bridge.
We are working on multiple solutions for this problem. And one of them is to start distributing WebTunnel bridges over Telegram[3]. In the past, our Telegram distribution bot has proved to be fairly resistant to the attempts to enumerate bridges made by the Russian censor.
But to be able to do that, we first need to have enough bridges assigned to that distributor. We are looking for a minimum of 30 bridges assigned to this distributor. If you are in the capacity to host a WebTunnel bridge, please do so!
You can follow the documentation on the Community portal[4] and configure your WebTunnel bridge with this option in your torrc:
BridgeDistribution telegram
Or if you're using our Docker container, you will need to add the lines below to your .env file: OBFS4_ENABLE_ADDITIONAL_VARIABLES=1 OBFS4V_BridgeDistribution=telegram
It is ok if your WebTunnel bridge is on the same IP address of another existing WebTunnel bridge as long as is in a different subdomain name, for example www1.example.com. As the censor is blocking the bridges by domain name and not by IP.
Please avoid hosting your bridge with Hetzner, Digital Ocean, OVH and do not use Cloudflare DNS, as there are reports of these are being targeted and blocked by DPI[5].
Thank you.
[0]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [1]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [2]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [3]https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158 [4]https://community.torproject.org/relay/setup/webtunnel/ [5]https://github.com/net4people/bbs/issues/490
_______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
Yes, it is here: https://collector.torproject.org/recent/bridge-pool-assignments/
Hi, I assume you'd like a visualization showing how close we are to reaching 30 webtunnel bridges, right? You can extract this info by parsing Onionoo[1], for example: transport distributor count webtunnel email 1 webtunnel telegram 26 webtunnel none 23 webtunnel lox 1 webtunnel settings 180 webtunnel https 120 Thank you for running bridges, Jonah! Gus [1] https://metrics.torproject.org/onionoo.html [2] https://gitlab.torproject.org/-/snippets/221 On Thu, Jul 17, 2025 at 03:44:46PM -0500, Jonah Aragon via tor-relays wrote:
Is there a place to see how many bridges are currently assigned to each distribution method?
Jonah
On 7/17/25 8:20 AM, meskio via tor-relays wrote:
Hello,
Russia is extending their Tor block[0]. Currently, they block Fully Encrypted Protocols like obfs4 on some mobile networks[1]. For a while, WebTunnel has been a good alternative, but since June, Roskomnadzor has enumerated some WebTunnel bridges and blocked them by domain name[2]. Bridge operators can bypass this block by creating a new subdomain or using a new domain for their WebTunnel bridge.
We are working on multiple solutions for this problem. And one of them is to start distributing WebTunnel bridges over Telegram[3]. In the past, our Telegram distribution bot has proved to be fairly resistant to the attempts to enumerate bridges made by the Russian censor.
But to be able to do that, we first need to have enough bridges assigned to that distributor. We are looking for a minimum of 30 bridges assigned to this distributor. If you are in the capacity to host a WebTunnel bridge, please do so!
You can follow the documentation on the Community portal[4] and configure your WebTunnel bridge with this option in your torrc:
BridgeDistribution telegram
Or if you're using our Docker container, you will need to add the lines below to your .env file: OBFS4_ENABLE_ADDITIONAL_VARIABLES=1 OBFS4V_BridgeDistribution=telegram
It is ok if your WebTunnel bridge is on the same IP address of another existing WebTunnel bridge as long as is in a different subdomain name, for example www1.example.com. As the censor is blocking the bridges by domain name and not by IP.
Please avoid hosting your bridge with Hetzner, Digital Ocean, OVH and do not use Cloudflare DNS, as there are reports of these are being targeted and blocked by DPI[5].
Thank you.
[0]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [1]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [2]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [3]https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158 [4]https://community.torproject.org/relay/setup/webtunnel/ [5]https://github.com/net4people/bbs/issues/490
_______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
-- The Tor Project Community Team Lead
Or if you're using our Docker container, you will need to add the lines below to your .env file: OBFS4_ENABLE_ADDITIONAL_VARIABLES=1 OBFS4V_BridgeDistribution=telegram
For WebTunnel docker container, please edit your .env and include: WEBTUNNEL_ENABLE_ADDITIONAL_VARIABLES=1 WEBTUNNELV_BridgeDistribution=telegram After you update your .env file, restart: docker compose down docker compose up -d Gus -- The Tor Project Community Team Lead
@gus when editing .env like that, docker-compose.yml also needs this two extra lines in environment (considering https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtu... is used) environment: - WEBTUNNEL_ENABLE_ADDITIONAL_VARIABLES=1 - WEBTUNNELV_BridgeDistribution=$WEBTUNNELV_BridgeDistribution
We reached the objective, right now there are 39 webtunnel bridges. Thank you for the amazing response and setting up the bridges that fast. This doesn't mean we don't need more bridges, more are welcome and will help users. But now we can enable the distribution of webtunnel bridges over telegram, and we'll do it in the coming days. Quoting gus via tor-relays (2025-07-18 15:21:40)
Hi, I assume you'd like a visualization showing how close we are to reaching 30 webtunnel bridges, right?
You can extract this info by parsing Onionoo[1], for example:
transport distributor count webtunnel email 1 webtunnel telegram 26 webtunnel none 23 webtunnel lox 1 webtunnel settings 180 webtunnel https 120
Thank you for running bridges, Jonah! Gus
[1] https://metrics.torproject.org/onionoo.html [2] https://gitlab.torproject.org/-/snippets/221
On Thu, Jul 17, 2025 at 03:44:46PM -0500, Jonah Aragon via tor-relays wrote:
Is there a place to see how many bridges are currently assigned to each distribution method?
Jonah
On 7/17/25 8:20 AM, meskio via tor-relays wrote:
Hello,
Russia is extending their Tor block[0]. Currently, they block Fully Encrypted Protocols like obfs4 on some mobile networks[1]. For a while, WebTunnel has been a good alternative, but since June, Roskomnadzor has enumerated some WebTunnel bridges and blocked them by domain name[2]. Bridge operators can bypass this block by creating a new subdomain or using a new domain for their WebTunnel bridge.
We are working on multiple solutions for this problem. And one of them is to start distributing WebTunnel bridges over Telegram[3]. In the past, our Telegram distribution bot has proved to be fairly resistant to the attempts to enumerate bridges made by the Russian censor.
But to be able to do that, we first need to have enough bridges assigned to that distributor. We are looking for a minimum of 30 bridges assigned to this distributor. If you are in the capacity to host a WebTunnel bridge, please do so!
You can follow the documentation on the Community portal[4] and configure your WebTunnel bridge with this option in your torrc:
BridgeDistribution telegram
Or if you're using our Docker container, you will need to add the lines below to your .env file: OBFS4_ENABLE_ADDITIONAL_VARIABLES=1 OBFS4V_BridgeDistribution=telegram
It is ok if your WebTunnel bridge is on the same IP address of another existing WebTunnel bridge as long as is in a different subdomain name, for example www1.example.com. As the censor is blocking the bridges by domain name and not by IP.
Please avoid hosting your bridge with Hetzner, Digital Ocean, OVH and do not use Cloudflare DNS, as there are reports of these are being targeted and blocked by DPI[5].
Thank you.
[0]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [1]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [2]https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [3]https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158 [4]https://community.torproject.org/relay/setup/webtunnel/ [5]https://github.com/net4people/bbs/issues/490
_______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
-- The Tor Project Community Team Lead
-- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
participants (5)
-
atari -
atari …
-
gus -
Jonah Aragon -
meskio