How to install Snowflake

drhirn · December 16, 2022, 8:17am

Which packages do I have to install in Luci to get Snowflake running?

0x556c79 · December 17, 2022, 10:23pm

Which part of it?
There are several packages depending on what you want to install.

drhirn · December 18, 2022, 7:07am

I want users from all over to world be able to use it. Like the Snowflake Browser-Plugin or the Snowflake Docker container I’m already running.

brknkfr · December 18, 2022, 12:32pm

You want to install the snowflake-proxy package.

You install it with opkg update && opkg install snowflake-proxy and then you enable and start it with /etc/init.d/snowflake-proxy enable && /etc/init.d/snowflake-proxy start.

I’d recommend you to open the default ephemeral ports (Default: 32768-60999/udp) on the router, so the snowflake-proxy doesn’t have to do nat holepunching. Turris OS contains snowflake version 2.3.1 which doesn’t allow setting ephemeral ports yet. This will be possible after version 2.4.0.

After installation, I’d recommend observing the snowflake-proxy a little bit, and maybe to disable the -verbose switch in /etc/init.d/snowflake-proxy or/and to add the -capacity switch (default for standalone snowflake-proxy is “unlimited connections” whereas the browser plugin only allows one connection).

Edit: After observing snowflake-proxy on a Turris Omnia with 1 GB memory for a few days, I’d recommend setting -capacity to something between 1 and maybe 20. Depending on all other services running on the router, together snowflake-proxy with a higher capacity value, the load overage of the router can quickly go above 1 …

drhirn · December 18, 2022, 12:52pm

Some hours ago, I installed, enabled and started the package snowflake-proxy via Luci. Just had a look at the logs:

Dec 18 12:39:47 turris snowflake-proxy[1261]: 2022/12/18 12:39:47 sdp offer successfully received.
Dec 18 12:39:47 turris snowflake-proxy[1261]: 2022/12/18 12:39:47 Generating answer...
Dec 18 12:39:49 turris snowflake-proxy[1261]: 2022/12/18 12:39:49 OnDataChannel
Dec 18 12:39:49 turris snowflake-proxy[1261]: 2022/12/18 12:39:49 Connection successful.
Dec 18 12:39:49 turris snowflake-proxy[1261]: 2022/12/18 12:39:49 OnOpen channel
Dec 18 12:39:49 turris snowflake-proxy[1261]: 2022/12/18 12:39:49 connected to relay: wss://snowflake.torproject.net/
Dec 18 12:39:55 turris snowflake-proxy[1261]: 2022/12/18 12:39:55 OnClose channel
Dec 18 12:39:55 turris snowflake-proxy[1261]: 2022/12/18 12:39:55 Traffic throughput (up|down): 404 KB|115 KB -- (274 OnMessages, 351 Sends, over 5 seconds)
Dec 18 12:39:55 turris snowflake-proxy[1261]: 2022/12/18 12:39:55 copy loop ended
Dec 18 12:39:55 turris snowflake-proxy[1261]: 2022/12/18 12:39:55 datachannelHandler ends
Dec 18 12:40:11 turris snowflake-proxy[1261]: 2022/12/18 12:40:11 sdp offer successfully received.
Dec 18 12:40:11 turris snowflake-proxy[1261]: 2022/12/18 12:40:11 Generating answer...
Dec 18 12:40:31 turris snowflake-proxy[1261]: 2022/12/18 12:40:31 Timed out waiting for client to open data channel.
Dec 18 12:41:02 turris snowflake-proxy[1261]: 2022/12/18 12:41:02 sdp offer successfully received.
Dec 18 12:41:02 turris snowflake-proxy[1261]: 2022/12/18 12:41:02 Generating answer...
Dec 18 12:41:22 turris snowflake-proxy[1261]: 2022/12/18 12:41:22 Timed out waiting for client to open data channel.
Dec 18 12:41:52 turris snowflake-proxy[1261]: 2022/12/18 12:41:52 sdp offer successfully received.
Dec 18 12:41:52 turris snowflake-proxy[1261]: 2022/12/18 12:41:52 Generating answer...
Dec 18 12:42:12 turris snowflake-proxy[1261]: 2022/12/18 12:42:12 Timed out waiting for client to open data channel.
Dec 18 12:42:42 turris snowflake-proxy[1261]: 2022/12/18 12:42:42 sdp offer successfully received.
Dec 18 12:42:42 turris snowflake-proxy[1261]: 2022/12/18 12:42:42 Generating answer...
Dec 18 12:43:03 turris snowflake-proxy[1261]: 2022/12/18 12:43:03 Timed out waiting for client to open data channel.
Dec 18 12:43:43 turris snowflake-proxy[1261]: 2022/12/18 12:43:43 sdp offer successfully received.
Dec 18 12:43:43 turris snowflake-proxy[1261]: 2022/12/18 12:43:43 Generating answer...
Dec 18 12:44:03 turris snowflake-proxy[1261]: 2022/12/18 12:44:03 Timed out waiting for client to open data channel.
Dec 18 12:44:44 turris snowflake-proxy[1261]: 2022/12/18 12:44:44 sdp offer successfully received.
Dec 18 12:44:44 turris snowflake-proxy[1261]: 2022/12/18 12:44:44 Generating answer...
Dec 18 12:44:46 turris snowflake-proxy[1261]: 2022/12/18 12:44:46 OnDataChannel
Dec 18 12:44:46 turris snowflake-proxy[1261]: 2022/12/18 12:44:46 Connection successful.
Dec 18 12:44:46 turris snowflake-proxy[1261]: 2022/12/18 12:44:46 OnOpen channel
Dec 18 12:44:46 turris snowflake-proxy[1261]: 2022/12/18 12:44:46 connected to relay: wss://snowflake.torproject.net/
Dec 18 12:45:38 turris snowflake-proxy[1261]: 2022/12/18 12:45:38 OnClose channel
Dec 18 12:45:38 turris snowflake-proxy[1261]: 2022/12/18 12:45:38 Traffic throughput (up|down): 14 KB|14 KB -- (51 OnMessages, 33 Sends, over 51 seconds)
Dec 18 12:45:38 turris snowflake-proxy[1261]: 2022/12/18 12:45:38 copy loop ended
Dec 18 12:45:38 turris snowflake-proxy[1261]: 2022/12/18 12:45:38 datachannelHandler ends
Dec 18 12:45:57 turris snowflake-proxy[1261]: 2022/12/18 12:45:57 sdp offer successfully received.
Dec 18 12:45:57 turris snowflake-proxy[1261]: 2022/12/18 12:45:57 Generating answer...
Dec 18 12:46:17 turris snowflake-proxy[1261]: 2022/12/18 12:46:17 Timed out waiting for client to open data channel.
Dec 18 12:46:57 turris snowflake-proxy[1261]: 2022/12/18 12:46:57 sdp offer successfully received.
Dec 18 12:46:57 turris snowflake-proxy[1261]: 2022/12/18 12:46:57 Generating answer...
Dec 18 12:46:59 turris snowflake-proxy[1261]: 2022/12/18 12:46:59 OnDataChannel
Dec 18 12:46:59 turris snowflake-proxy[1261]: 2022/12/18 12:46:59 Connection successful.
Dec 18 12:46:59 turris snowflake-proxy[1261]: 2022/12/18 12:46:59 OnOpen channel
Dec 18 12:46:59 turris snowflake-proxy[1261]: 2022/12/18 12:46:59 connected to relay: wss://snowflake.torproject.net/

This looks ok, doesn’t it?
Didn’t open any ports. Is there a large advantage in doing this?

freshdax · December 18, 2022, 2:02pm

How do I implement this exactly?
Should I just remove the -verbose and does -capacity need its own line?

If a limit is set, what would be a good value that does not fill up my connections?
Omnia 1GB (2016) low configuration (adblock, banIP, collectd, SQM)

best regards

brknkfr · December 18, 2022, 3:18pm

Just add the -capacity parameter to /etc/init.d/snowflake-proxy. In my case, I added -capacity 5 for now for testing and removed -verbose parameter. Right now, I’m still fiddling to find an appropriate value …

#!/bin/sh /etc/rc.common

START=99

USE_PROCD=1
NAME=snowflake-proxy
PROG=/usr/bin/$NAME

start_service() {
	procd_open_instance
	procd_set_param command "$PROG" -capacity 5
	procd_set_param stdout 1
	procd_set_param stderr 1
	procd_set_param user snowflake
	procd_set_param group snowflake
	procd_set_param respawn
	[ -x /sbin/ujail ] && {
		procd_add_jail snowflake-proxy ronly
		procd_add_jail_mount /etc/ssl/certs
		procd_set_param no_new_privs 1
	}
	procd_close_instance
}

brknkfr · December 18, 2022, 3:21pm

When you open the ports, it will work “better” for most users. See https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/NAT-matching for further explanations.

drhirn · December 18, 2022, 3:37pm

I’m not very firm with firewall rules. But you mean (in Luci terms) adding an accept traffic rule from WAN on udp-Ports 32768-60999 to “this device”?

freshdax · December 18, 2022, 3:38pm

Currently the ports are closed but the proxy seems to communicate very well…

Dec 18 15:25:12 turris snowflake-proxy[6202]: 2022/12/18 15:25:12 Timed out waiting for client to open data channel.
Dec 18 15:26:02 turris snowflake-proxy[6202]: 2022/12/18 15:26:02 sdp offer successfully received.
Dec 18 15:26:02 turris snowflake-proxy[6202]: 2022/12/18 15:26:02 Generating answer…
Dec 18 15:26:08 turris snowflake-proxy[6202]: 2022/12/18 15:26:08 OnDataChannel
Dec 18 15:26:08 turris snowflake-proxy[6202]: 2022/12/18 15:26:08 Connection successful.
Dec 18 15:26:08 turris snowflake-proxy[6202]: 2022/12/18 15:26:08 OnOpen channel
Dec 18 15:26:09 turris snowflake-proxy[6202]: 2022/12/18 15:26:09 sdp offer successfully received.
Dec 18 15:26:09 turris snowflake-proxy[6202]: 2022/12/18 15:26:09 Generating answer…
Dec 18 15:26:09 turris snowflake-proxy[6202]: 2022/12/18 15:26:09 connected to relay: wss://snowflake.torproject.net/
Dec 18 15:26:34 turris snowflake-proxy[6202]: 2022/12/18 15:26:34 Timed out waiting for client to open data channel.
Dec 18 15:26:44 turris snowflake-proxy[6202]: 2022/12/18 15:26:44 sdp offer successfully received.
Dec 18 15:26:44 turris snowflake-proxy[6202]: 2022/12/18 15:26:44 Generating answer…
Dec 18 15:27:00 turris snowflake-proxy[6202]: 2022/12/18 15:27:00 copy loop ended
Dec 18 15:27:00 turris snowflake-proxy[6202]: 2022/12/18 15:27:00 OnClose channel
Dec 18 15:27:00 turris snowflake-proxy[6202]: 2022/12/18 15:27:00 Traffic throughput (up|down): 13 MB|1 MB – (4333 OnMessages, 11673 Sends, over 1523 seconds)
Dec 18 15:27:00 turris snowflake-proxy[6202]: 2022/12/18 15:27:00 datachannelHandler ends
Dec 18 15:27:09 turris snowflake-proxy[6202]: 2022/12/18 15:27:09 Timed out waiting for client to open data channel.
Dec 18 15:27:39 turris snowflake-proxy[6202]: 2022/12/18 15:27:39 sdp offer successfully received.
Dec 18 15:27:39 turris snowflake-proxy[6202]: 2022/12/18 15:27:39 Generating answer…
Dec 18 15:27:59 turris snowflake-proxy[6202]: 2022/12/18 15:27:59 Timed out waiting for client to open data channel.
Dec 18 15:28:09 turris snowflake-proxy[6202]: 2022/12/18 15:28:09 sdp offer successfully received.
Dec 18 15:28:09 turris snowflake-proxy[6202]: 2022/12/18 15:28:09 Generating answer…
Dec 18 15:28:14 turris snowflake-proxy[6202]: 2022/12/18 15:28:14 OnDataChannel
Dec 18 15:28:14 turris snowflake-proxy[6202]: 2022/12/18 15:28:14 Connection successful.
Dec 18 15:28:14 turris snowflake-proxy[6202]: 2022/12/18 15:28:14 OnOpen channel
Dec 18 15:28:14 turris snowflake-proxy[6202]: 2022/12/18 15:28:14 sdp offer successfully received.
Dec 18 15:28:14 turris snowflake-proxy[6202]: 2022/12/18 15:28:14 Generating answer…
Dec 18 15:28:15 turris snowflake-proxy[6202]: 2022/12/18 15:28:15 connected to relay: wss://snowflake.torproject.net/

freshdax · December 18, 2022, 3:40pm

Thank you very much, I will set the value like this!

brknkfr · December 18, 2022, 3:43pm

Yes. After setting the firewall rules and restarting snowflake-proxy you will hopefully see a message saying NAT type: unrestricted in the logs (logread | grep snowflake-proxy).

drhirn · December 18, 2022, 3:46pm

WebRTC: DataChannel.OnOpen
NAT Type measurement: unknown -> unrestricted = unrestricted
WebRTC: DataChannel.OnClose
NAT type: unrestricted

Thanks a lot!

brknkfr · December 18, 2022, 3:49pm

When there will be version 2.4.0+ in the Turris OS OpenWRT repo, you’ll be able to specify the port range with the parameter -ephemeral-ports-range <minport:maxport>.

freshdax · December 18, 2022, 4:50pm

if I replace -verbose with -capacity 5 then absolutely nothing happens in the log…

Spieler5 · December 18, 2022, 4:52pm

@brknkfr thanks for your help here

Where can I see that my Snowflake is being used or has been used?

freshdax · December 18, 2022, 4:53pm

how exactly did you create the rule, specific points to note or leave most on arbitrary?
After setting the firewall rule and restarting it is still restricted…

freshdax · December 18, 2022, 4:59pm

Here is an example from my log!
To prefilter use “logread | grep snowflake-proxy”

drhirn · December 18, 2022, 5:08pm

No advanced settings

freshdax · December 18, 2022, 5:15pm

Thank you, have the same settings and once completely restarted.
Got the -verbose setting again but still no message in the log whether restricted or unrestricted.

However, seems to run quite well:

Dec 18 17:11:27 turris snowflake-proxy[6208]: 2022/12/18 17:11:27 Traffic throughput (up|down): 47 MB|6 MB – (14358 OnMessages, 40676 Sends, over 2013 seconds).

Will watch the whole thing