naughtysoul/telemt
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
36 Commits 3 Branches 14 Tags
384f927fc36309a98ded4c8a609ed9a6d75ce960
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Alexey 384f927fc3 Update README.md
2026-01-07 19:06:28 +03:00
.github/workflows
Update rust.yml
2025-12-31 06:04:56 +03:00
benches
1.0.0
2025-12-30 05:08:05 +03:00
src
1.0.2.0
2026-01-07 18:16:01 +03:00
.gitignore
Initial commit
2025-12-30 05:00:26 +03:00
Cargo.toml
ET + SM + Crypto Fixes
2026-01-01 23:34:04 +03:00
config.toml
1.0.0
2025-12-30 05:08:05 +03:00
README.md
Update README.md
2026-01-07 19:06:28 +03:00
telemt.service
Create telemt.service
2025-12-31 05:10:18 +03:00

README.md

Telemt - MTProxy on Rust + Tokio

Telemt is a fast, secure, and feature-rich server written in Rust: it fully implements the official Telegram proxy algo and adds many production-ready improvements such as connection pooling, replay protection, detailed statistics, masking from "prying" eyes

GOTO

Features

  • Full support for all official MTProto proxy modes:
    • Classic
    • Secure - with dd prefix
    • Fake TLS - with ee prefix + SNI fronting
  • Replay attack protection
  • Optional traffic masking: forward unrecognized connections to a real web server, e.g. GitHub 🤪
  • Configurable keepalives + timeouts + IPv6 and "Fast Mode"
  • Graceful shutdown on Ctrl+C
  • Extensive logging via trace and debug with RUST_LOG method

Quick Start Guide

This software is designed for Debian-based OS: in addition to Debian, these are Ubuntu, Mint, Kali, MX and many other Linux

  1. Download release
wget https://github.com/telemt/telemt/releases/latest/download/telemt
  1. Move to Bin Folder
mv telemt /bin
  1. Make Executable
chmod +x /bin/telemt
  1. Go to How to use? section for for further steps

How to use?

Telemt via Systemd

0. Check port and generate secrets

The port you have selected for use should be MISSING from the list, when:

netstat -lnp

Generate 16 bytes/32 characters HEX with OpenSSL or another way:

openssl rand -hex 16

OR

xxd -l 16 -p /dev/urandom

OR

python3 -c 'import os; print(os.urandom(16).hex())'

1. Place your config to /etc/telemt.toml

Open nano

nano /etc/telemt.toml

paste your config from Configuration section

then Ctrl+X -> Y -> Enter to save

2. Create service on /etc/systemd/system/telemt.service

Open nano

nano /etc/systemd/system/telemt.service

paste this Systemd Module

[Unit]
Description=Telemt
After=network.target

[Service]
Type=simple
WorkingDirectory=/bin
ExecStart=/bin/telemt /etc/telemt.toml
Restart=on-failure

[Install]
WantedBy=multi-user.target

then Ctrl+X -> Y -> Enter to save

3. In Shell type systemctl start telemt - it must start with zero exit-code

4. In Shell type systemctl status telemt - there you can reach info about current MTProxy status

5. In Shell type systemctl enable telemt - then telemt will start with system startup, after the network is up

Configuration

Minimal Configuration for First Start

port = 443                              # Listening port
show_links = ["tele", "hello"]          # Specify users, for whom will be displayed the links

[users]
tele = "00000000000000000000000000000000" # Replace the secret with one generated before
hello = "00000000000000000000000000000000" # Replace the secret with one generated before

[modes]
classic = false                         # Plain obfuscated mode
secure = false                          # dd-prefix mode
tls = true                              # Fake TLS - ee-prefix

tls_domain = "petrovich.ru"             # Domain for ee-secret and masking
mask = true                             # Enable masking of bad traffic
mask_host = "petrovich.ru"              # Optional override for mask destination
mask_port = 443                         # Port for masking

prefer_ipv6 = false                     # Try IPv6 DCs first if true
fast_mode = true                        # Use "fast" obfuscation variant

client_keepalive = 600                  # Seconds
client_ack_timeout = 300                # Seconds

Advanced

Upstream Manager

To specify upstream, add config.toml to the end:

Bind on IP
[[upstreams]]
type = "direct"
weight = 1
enabled = true
interface = "192.168.1.100" # Change to your outgoing IP
SOCKS4/5 as Upstream
  • Without Auth:
[[upstreams]]
type = "socks5"            # Specify SOCKS4 or SOCKS5
address = "1.2.3.4:1234"   # SOCKS-server Address
weight = 1                 # Set Weight for Scenarios
enabled = true
  • With Auth:
[[upstreams]]
type = "socks5"            # Specify SOCKS4 or SOCKS5
address = "1.2.3.4:1234" # SOCKS-server Address
username = "user"          # Username for Auth on SOCKS-server
password = "pass"          # Password for Auth on SOCKS-server
weight = 1                 # Set Weight for Scenarios
enabled = true

FAQ

Telegram Calls via MTProxy

  • Telegram architecture does NOT allow calls via MTProxy, but only via SOCKS5, which cannot be obfuscated

How does DPI see MTProxy TLS?

  • DPI sees MTProxy in Fake TLS (ee) mode as TLS 1.3
  • the SNI you specify sends both the client and the server;
  • ALPN is similar to HTTP 1.1/2;
  • high entropy, which is normal for AES-encrypted traffic;

Whitelist on IP

  • MTProxy cannot work when there is:
    • no IP connectivity to the target host: Russian Whitelist on Mobile Networks - "Белый список"
    • OR all TCP traffic is blocked
    • OR high entropy/encrypted traffic is blocked: content filters at universities and critical infrastructure
    • OR all TLS traffic is blocked
    • OR specified port is blocked: use 443 to make it "like real"
    • OR provided SNI is blocked: use "officially approved"/innocuous name
  • like most protocols on the Internet;
  • these situations are observed:
    • in China behind the Great Firewall
    • in Russia on mobile networks, less in wired networks
    • in Iran during "activity"

Build

# Cloning repo
git clone https://github.com/telemt/telemt 
# Changing Directory to telemt
cd telemt
# Starting Release Build
cargo build --release
# Move to /bin
mv ./target/release/telemt /bin
# Make executable
chmod +x /bin/telemt
# Lets go!
telemt config.toml

Why Rust?

  • Long-running reliability and idempotent behavior
  • Rusts deterministic resource management - RAII
  • No garbage collector
  • Memory safety and reduced attack surface
  • Tokio's asynchronous architecture

Roadmap

  • Public IP in links
  • Config Reload-on-fly
  • Bind to device or IP for outbound/inbound connections
  • Adtag Support per SNI / Secret
  • Fail-fast on start + Fail-soft on runtime (only WARN/ERROR)
  • Zero-copy, minimal allocs on hotpath
  • DC Healthchecks + global fallback
  • No global mutable state
  • Client isolation + Fair Bandwidth
  • Backpressure-aware IO
  • "Secret Policy" - SNI / Secret Routing :D
  • Multi-upstream Balancer and Failover
  • Strict FSM per handshake
  • Session-based Antireplay with Sliding window, non-broking reconnects
  • Web Control: statistic, state of health, latency, client experience...
Reference in New Issue View Git Blame Copy Permalink
Description
MTProxy for Telegram on Rust + Tokio
aes-ctrasyncmtprotomtproto-proxymtproxynetworkobfuscationprivacyproxyrustrustlssocks5telegramtlstokio
Readme 6.1 MiB
Languages
Rust 98.6%
Python 1.2%
Dockerfile 0.2%