summaryrefslogtreecommitdiff
path: root/docs/circumvention.rst
blob: 7e22d03caf4cbca5343cf16f40b7c6422d733aea (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

Censorship Circumvention
================================================================================

This document contains some advice for using BitmaskVPN (or any of its
derivatives) for censorship circumvention.

Bootstrapping the connection
-----------------------------

There are two different steps where circumvention can be used: boostrapping the
connection (getting a certificate and the configuration files) and using an
obfuscated transport protocol. 

For the initial bootstrap, there are a couple of techniques that will be
attempted. If this fails, please open an issue with the relevant log
information.

Obfuscated bridges
-----------------------------

At the moment RiseupVPN offers obfs4 transport "bridges" (you can try them with
the `--obfs4` command line argument, or by checking the "use obfs4 bridges"
checkbox on the preferences panel.

If you know you need bridges but the current ones do not work for you, please
get in contact. We're interested in learning what are the specific censorship
measures being deployed in your concrete location, and we could work together
to enable new bridges.

Getting certificates off-band
-----------------------------

As a last resort, you can place a valid certificate in the config folder (name
it after the provider domain). You might have downloaded this cert with Tor,
using a socks proxy etc...

  ~/.config/leap/riseup.net.pem

When the certificate expires you will need to download a new one.

Help us improve circumvention!
------------------------------

We're very interested in working with people on the field to assess the
effectiveness of these (and possibly other) measures. If you want to help us
with these task, please write to us or feel free to open a new, confidential
issue, with details of what is working and what not:

* Are the obfs4 bridges working from your location?
* Do they work with the desktop app, android app, none of them? One but not the other?
* At the moment, Riseup has 2 different obfs4 bridges: does it work with one, both, or none?
* Does setting a certificate manually work for you?
* Were things working before and not anymore?
* Are the failures intermittent, even with the same ISP?
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 11:56:47 +0000