by YuriVoinov

Snowflake

Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.

How to pass Snowflake

Snowflake (including plugin) uses connect to domain

snowflake.freehaven.net

to bootstrap.

Transparent proxy without special rule to prevent bump (splice) to this domain will prevent connecting.

So SSL-Bump proxy must be configured to splice initial connection from Snowflake to bridges:

# SSL-bump rules
acl DiscoverSNIHost at_step SslBump1
# Splice specified servers
acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/acl.url.nobump"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all

Add this to acl.url.nobump:

# Snowflake
snowflake\.freehaven\.net

This is minimal access requires Snowflake to connect.

How to block Snowflake

To block Snowflake by any reason it is enough to do not do actions described above.


CategoryConfigExample

ConfigExamples/Strange/Snowflake (last edited 2022-03-16 21:04:49 by YuriVoinov)