Running a Snowflake on Debian 11

时间:2025-02-04 16:18:20

Running a Snowflake

1. Install golang

wget https://go.dev/dl/go1.21.4.linux-amd64.tar.gz
sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.21.4.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
source ~/.bashrc
go version
ed2k://|file|go1.21.4.linux-amd64.tar.gz|66615271|E68373CE54C547E2D9BEF41297231176|/ 

2. Install Snowflake

git clone https://git.torproject.org/pluggable-transports/snowflake.git
git branch -a
git checkout remotes/origin/renovate/github.com-aws-aws-sdk-go-v2-config-1.x
cd snowflake/proxy
go build

 3. Run

./proxy --verbose

You should see output indicating that the pr0xy is running and communicating with the broker.

4. create a systemd service.

sudo vim /etc/systemd/system/snowflake-proxy.service

[Unit]
Description=Snowflake Network
After=network.target

[Service]
ExecStart=/home/linuxuser/snowflake/proxy/proxy
Restart=always
User=linuxuser
WorkingDirectory=/home/linuxuser/snowflake/proxy

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable snowflake-proxy
sudo systemctl start snowflake-proxy

sudo systemctl status snowflake-proxy

5. Set firewall

sudo ufw allow 3478/udp
sudo ufw allow 443/udp
sudo ufw allow 10000:60000/udp
sudo ufw reload
sudo iptables -I INPUT 7 -p udp --dport 10000:60000 -j ACCEPT
sudo iptables -I OUTPUT 10 -p udp --sport 10000:60000 -j ACCEPT
sudo /sbin/iptables -L OUTPUT -v --line-numbers
sudo /sbin/iptables -L INPUT -v --line-numbers
sudo apt-get install netfilter-persistent
sudo netfilter-persistent save
# sudo iptables-save | sudo tee /etc/iptables/rules.v4

6. Verify

journalctl -u snowflake-proxy -f

curl -4 ifconfig.me 

webrtc test page

sudo iftop -i enp1s0 -P

7. Troubleshooting

  • Verify the process is running (ps aux | grep proxy)
  • Check logs for errors (journalctl -u snowflake-proxy)
  • Run it manually for debugging (./proxy -verbose)
  • Confirm UDP port binding (ss -lunp | grep proxy)
  • Allow UDP traffic through firewall
  • Try running it with -relay to see the assigned port


$ netstat -tulnp

an entry looked like:
udp        0      0 0.0.0.0:41730           0.0.0.0:*                           50767/proxy 


"Config Bridge" -> "snowflake" -> "Provide a Bridge I know" 
snowflake x.x.x.x:41730
# x.x.x.x is your VPS IP address

$ sudo iftop -i enp1s0 -P    # Adjust "enp1s0" based on your network interface

sudo iptables -t nat -L PREROUTING --line-numbers -v -n

sudo iptables -A OUTPUT -p udp --sport 34672 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 34672 -j ACCEPT

sudo iptables -A OUTPUT -p tcp --sport 34662 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 34662 -j ACCEPT

sudo /sbin/iptables -L OUTPUT -v --line-numbers
sudo /sbin/iptables -L INPUT -v --line-numbers

sudo apt-get install netfilter-persistent
sudo netfilter-persistent save

相关文章