Bridges are used in the introductory phase to the Tor network and help bypass censorship by first connecting to a server that is not known to be part of the Tor network. Out of all bridge transports, Snowflake sounds perhaps the most promising because it leverages WebRTC and the bridge itself is installable by any user that uses a browser.

Although less popular than the standard OBFS4, Snowflake is perhaps the most convenient since the bridge runs on any browser that has an addon installed. This means extremely low requirements and low commitment necessary on the users that want to help with anonymizing connections via the Tor network.

The following guide will offer some notes on using the Snowflake bridge. It is assumed that Tor is already configured on the network and more details on configuring Tor will not be shared except showing the configuration changes necessary to make Snowflake work.

The following addresses link to browser addons for various browsers:

• Firefox

Once the addon has been installed, the browser itself becomes a bridge and helps other tor users use your browser as a bridge to the Tor network.

In order to use Snowflake as a bridge:

• install the Snowflake client,
  • for Debian, the snowflake-client package is necessary
  • or compile from source

• snowflake_git-1_mips_24kc.ipk for OpenWrt (MIPS32 rel2, for GL-Inet GL-AR750S)
  • the binary snowflake-client is placed at /usr/local/sbin/snowflake-client

Clone the Snowflake source code:

git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git

Change directory to the client:

cd snowflake/client

Get the necessary dependencies and compile:

go get
go build

This results in a binary named client placed in the same directory where the compiling commands have been issued. The binary can be copied to, say, /usr/local/bin/snowflake-client:

cp client /usr/local/bin/snowflake-client

Conveniently, the Snowflake client directory contains a sample Tor configuration file torrc that contains the necessary changes that have to be made. In short, only two lines have to be copied to the Tor configuration file.

Note that the following lines are just the bare minimum to configure Snowflake and it is not a replacement for the entire Tor configuration you might have.

# Bridges must be enabled.
UseBridges 1

# Long line configuring the snowflake bridge.
Bridge snowflake 192.0.2.3:1 2B280B2...

# Using the compiled Snowflake client as a transport client.
ClientTransportPlugin snowflake exec /usr/local/bin/snowflake -log /var/log/snowflake.log

Restart Tor and watch /var/log/snowflake.log as well as the Tor log for activity. Given consensus, Tor should print out that the network has been fully boostraped and is ready to be used.

OpenWrt does not yet bundle the Snowflake bridge transport such that it has to be compiled or cross-compiled on OpenWrt. Aside from low-memory conditions on an OpenWrt router, OpenWrt seems to fail compiling Snowflake such that it has to be cross compiled. Here are some orientative steps for cross-compiling on a Linux system without even having to download the OpenWrt toolchain:

• clone the Snowflake repository:

git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git

• set the environment variables for cross compiling, for instance for mips without an FPU:

export GOARCH=mips
export GOMIPS=softfloat

• compile the client:

cd snowflake/client
go get
go build

• transfer the binary over to OpenWrt,
• make the necessary torrc changes to use Snowflake bridge transport as per the previous sections.
  • note that the configuration might fail initially due to the -log /var/log/snowflake.log parameter being passed to the ClientTransportPlugin and then to snowflake-client and the user running tor not having the permissions to write to /var/log/snowflake.log; the -log /var/log/snowflake.log parameter can be removed from the torrc configuration file to overcome this issue