[feat] reuse certificate if found in config folder

author: kali kaneko (leap communications) <kali@leap.se> 2021-05-17 12:53:24 +0200
committer: kali kaneko (leap communications) <kali@leap.se> 2021-05-17 17:52:46 +0200
commit: 083f4095319b734f33f3e28a9f3234ff9cf6a7d7 (patch)
tree: d6e81c51862f1a7157d8e1de719e214df579104d /docs/circumvention.rst
parent: 1d0bdcd6d82b1edcb56268198b242a5814a04fd9 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/docs/circumvention.rst b/docs/circumvention.rst
new file mode 100644
index 0000000..8c220cc
--- /dev/null
+++ b/docs/circumvention.rst
@@ -0,0 +1,25 @@
+Censorship Circumvention
+================================================================================
+
+This document contains some advice for using BitmaskVPN for censorship
+circumvention.
+
+Bootstrapping the connection
+-----------------------------
+
+There are two different steps where circumvention can be used: boostrapping the
+connection (getting a certificate and the configuration files) and using an
+obfuscated transport protocol. At the moment RiseupVPN offers obfs4 transport
+"bridges" (you can try them with the `--obfs4` command line argument). For the
+initial bootstrap, there are a couple of techniques that will be attempted.
+
+Getting certificates off-band
+-----------------------------
+
+As a last resort, you can place a valid certificate in the config folder (name
+it after the provider domain). You might have downloaded this cert with Tor,
+using a socks proxy etc...
+
+  ~/.config/leap/riseup.net.pem
+
+When the certificate expires you will need to download a new one.
author	kali kaneko (leap communications) <kali@leap.se>	2021-05-17 12:53:24 +0200
committer	kali kaneko (leap communications) <kali@leap.se>	2021-05-17 17:52:46 +0200
commit	083f4095319b734f33f3e28a9f3234ff9cf6a7d7 (patch)
tree	d6e81c51862f1a7157d8e1de719e214df579104d /docs/circumvention.rst
parent	1d0bdcd6d82b1edcb56268198b242a5814a04fd9 (diff)