summaryrefslogtreecommitdiff
path: root/docs/circumvention.rst
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2021-05-17 12:53:24 +0200
committerkali kaneko (leap communications) <kali@leap.se>2021-05-17 17:52:46 +0200
commit083f4095319b734f33f3e28a9f3234ff9cf6a7d7 (patch)
treed6e81c51862f1a7157d8e1de719e214df579104d /docs/circumvention.rst
parent1d0bdcd6d82b1edcb56268198b242a5814a04fd9 (diff)
[feat] reuse certificate if found in config folder
Diffstat (limited to 'docs/circumvention.rst')
-rw-r--r--docs/circumvention.rst25
1 files changed, 25 insertions, 0 deletions
diff --git a/docs/circumvention.rst b/docs/circumvention.rst
new file mode 100644
index 0000000..8c220cc
--- /dev/null
+++ b/docs/circumvention.rst
@@ -0,0 +1,25 @@
+Censorship Circumvention
+================================================================================
+
+This document contains some advice for using BitmaskVPN for censorship
+circumvention.
+
+Bootstrapping the connection
+-----------------------------
+
+There are two different steps where circumvention can be used: boostrapping the
+connection (getting a certificate and the configuration files) and using an
+obfuscated transport protocol. At the moment RiseupVPN offers obfs4 transport
+"bridges" (you can try them with the `--obfs4` command line argument). For the
+initial bootstrap, there are a couple of techniques that will be attempted.
+
+Getting certificates off-band
+-----------------------------
+
+As a last resort, you can place a valid certificate in the config folder (name
+it after the provider domain). You might have downloaded this cert with Tor,
+using a socks proxy etc...
+
+ ~/.config/leap/riseup.net.pem
+
+When the certificate expires you will need to download a new one.