Turkmenistan Censorship
Hello, I have been emailing with a user of my bridge who is located in Turkmenistan. They contacted me to say that their ISP has blocked my bridge(s) and to request I rotate either the domain name, IP address, or both. Has anyone else found a solution seems to work in this scenario? I'm happy to request a new public IP from my VPS provider but I'd like to avoid purchasing new domain names every few months. Maybe the best option is to buy a cheap domain and setup a "private" bridge that isn't distributed except manually? This bridge is using Webtunnel which the user says is usually harder for their ISP to detect. Should I switch to Lyrebird? Thanks
Am 11.01.2026 um 03:56:08 Uhr schrieb Dan via tor-relays:
Has anyone else found a solution seems to work in this scenario? I'm happy to request a new public IP from my VPS provider but I'd like to avoid purchasing new domain names every few months.
Wouldn't a residential ISP with temporary IPv4 (or IPv6 if the user can use that) be the best solution here? As it is a bridge, you do no have to deal with abuse. You can then use various dyndns domains to point to it. -- kind regards Marco Send unsolicited bulk mail to 1768100168muell@cartoonies.org
Dan via tor-relays <tor-relays@lists.torproject.org>:
Has anyone else found a solution seems to work in this scenario? I'm happy to request a new public IP from my VPS provider but I'd like to avoid purchasing new domain names every few months.
Unfortunately for Turkmenistan there is not really any generic solution because the default policy is to block everything and then allow some traffic to pass through. It is also possible that the blocking is not specifically targeting the address of that VPS, but rather the whole network of the provider was blocked. This can happen because Turkmentelecom detected that too much traffic was generated with that network and that they suspect it may be used to establish secure communication. In that case, asking for a different IP address will not solve the problem. There are periods during which the censorship is softened which could explain why your bridge has worked until now. I would suggest that you try to determine how the censorship has been done first but you may encounter difficulties with finding someone competent enough to do this in the country. I could have a look at it if you send me the details.
Am 11.01.2026 um 22:10:41 Uhr schrieb Mzungu via tor-relays:
Unfortunately for Turkmenistan there is not really any generic solution because the default policy is to block everything and then allow some traffic to pass through.
Do they allow general CDNs like Cloudflare or Azure? If so, it would be possible to host the bridges there. -- Gruß Marco Send unsolicited bulk mail to 1768165841muell@cartoonies.org
Am 12.01.2026 um 11:36:39 Uhr schrieb Mzungu:
Marco Moock via tor-relays <tor-relays@lists.torproject.org>:
Do they allow general CDNs like Cloudflare or Azure?
No, they are entirely filtered but a few specific addresses.
Ok, but how do the people can then reach the bridges? Are they whitelisted unintended or are they running on addresses that were used by former sites that werde allowed? -- Gruß Marco Send unsolicited bulk mail to 1768214199muell@cartoonies.org
Marco Moock via tor-relays <tor-relays@lists.torproject.org>:
Ok, but how do the people can then reach the bridges? Are they whitelisted unintended or are they running on addresses that were used by former sites that werde allowed?
Both options are possible. Sometimes some networks are found to be completely reachable and the reason for why this happens is unknown. The censors in Turkmenistan are also known for charging big sums to provide unfiltered access or whitelist certain things, occasionally the whitelisting is globally applied on all accesses.
This bug affecting all three of my WebTunnel machines does go on. Any update in the works to fix this? Gerry
On Monday, January 12th, 2026 at 4:35 AM, Marco Moock via tor-relays <tor-relays@lists.torproject.org> wrote:
Do they allow general CDNs like Cloudflare or Azure?
If so, it would be possible to host the bridges there.
I have confirmed with the user that they cannot access a simple site I just deployed and proxied through Cloudflare. I'm going to ask them if they have a list of sites/services that are allowed to hopefully determine if the censorship is done via a block list or an allow list. If it's an allow list, I don't think there's much I can do.
participants (4)
-
Dan -
gerard@bulger.co.uk -
Marco Moock -
Mzungu