Thanks meskio, this helped a lot to clarify things. So I thought of trying to run a bride and a snowflakeproxy on one VM with individual IP addressing in v4 and v6 for each by adding secondary addresses to to the WAN interface. But after compiling the go binary I fail to find out how to tell snowflake which IP to bind to/use. For the bridge this can be achieved with: Address <IPv4> Address <IPv6> OutboundBindAddress <IPv4> OutboundBindAddress <IPv6> (and maybe to be save also set OutboundBindAddressPT, OutboundBindAddressExit and OutboundBindAddressOR) But for snowflake I'm missing the options: Usage of ./proxy: -broker string broker URL (default "https://snowflake-broker.torproject.net/") -capacity uint maximum concurrent clients -keep-local-addresses keep local LAN address ICE candidates -log string log filename -nat-retest-interval duration the time interval in second before NAT type is retested, 0s disables retest. Valid time units are "s", "m", "h". (default 24h0m0s) -relay string websocket relay URL (default "wss://snowflake.bamsoftware.com/") -stun string broker URL (default "stun:stun.stunprotocol.org:3478") -summary-interval duration the time interval to output summary, 0s disables retest. Valid time units are "s", "m", "h". (default 1h0m0s) -unsafe-logging prevent logs from being scrubbed -verbose increase log verbosity Could be solved with VRFs/namespaces but would involve bridging, veths...too snowflaky for me (same goes for containers). So I guess I'll just keep the bridges and make then relays one day. Thanks for all who helped! best fran On 2/7/22 11:12, meskio wrote

Yes, there are many differencies. snowflake does make the traffic look like webrtc (like a video conference) and obfs4 makes the traffic look like random noise. Also the clients use different mechanisms to discover the relays.

If you run both in the same IP address and the censor has a way to discover one but not the other both of them will be blocked at once. So you are making it easier for the censor to discover them and block them. That is why we don't want people to run both in the same IP address.