naughtysoul/telemt
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
45c7347e2282ceeaac7880d20a23c719c384dd88
telemt/README.md
Alexey 45c7347e22 Update README.md
2025-12-31 05:29:09 +03:00

3.3 KiB
Raw Blame History

Telemt - MTProxy on Rust + Tokio

Telemt is a fast, secure, and feature-rich server written in Rust: it fully implements the official Telegram proxy algo and adds many production-ready improvements such as connection pooling, replay protection, detailed statistics, masking from "prying" eyes

GOTO

Features

  • Full support for all official MTProto proxy modes:
    • Classic
    • Secure - with dd prefix
    • Fake TLS - with ee prefix + SNI fronting
  • Replay attack protection
  • Optional traffic masking: forward unrecognized connections to a real web server, e.g. GitHub 🤪
  • Configurable keepalives + timeouts + IPv6 and "Fast Mode"
  • Graceful shutdown on Ctrl+C
  • Extensive logging via trace and debug with RUST_LOG method

Quick Start Guide

Build

# Cloning repo
git clone https://github.com/telemt/telemt 
# Changing Directory to telemt
cd telemt
# Starting Release Build
cargo build --release
# Move to /bin
mv ./target/release/telemt /bin
# Make executable
chmod +x /bin/telemt
# Lets go!
telemt config.toml

How to use?

Telemt via Systemd

  1. Place your config to /etc/telemt.toml
  2. Create service on /etc/systemd/system/telemt.service
[Unit]
Description=Telemt
After=network.target

[Service]
Type=simple
WorkingDirectory=/bin
ExecStart=/bin/telemt /etc/telemt.toml
Restart=on-failure

[Install]
WantedBy=multi-user.target
  1. In Shell type systemctl start telemt - it must start with zero exit-code
  2. In Shell type systemctl status telemt - there you can reach info about current MTProxy status
  3. In Shell type systemctl enable telemt - then telemt will start with system startup, after the network is up

FAQ

Telegram Calls via MTProxy

  • Telegram architecture does NOT allow calls via MTProxy, but only via SOCKS5, which cannot be obfuscated

How does DPI see MTProxy TLS?

  • DPI sees MTProxy in Fake TLS mode as TLS
  • the SNI you specify sends both the client and the server;
  • ALPN is similar to HTTP 1.1/2;
  • high entropy, which is normal for AES-encrypted traffic;

Whitelist on IP

  • MTProxy cannot work when there is:
    • no IP connectivity to the target host
    • OR all TCP traffic is blocked
    • OR all TLS traffic is blocked,
  • like most protocols on the Internet;
  • this situation is observed in China behind the Great Chinese Firewall and in Russia on mobile networks

Why Rust?

  • Long-running reliability and idempotent behavior
  • Rusts deterministic resource management - RAII
  • No garbage collector
  • Memory safety and reduced attack surface
  • Tokio's asynchronous architecture

Roadmap

  • Public IP in links
  • Config Reload-on-fly
  • Bind to device or IP for outbound/inbound connections
  • Adtag Support per SNI / Secret
  • Fail-fast on start + Fail-soft on runtime (only WARN/ERROR)
  • Zero-copy, minimal allocs on hotpath
  • DC Healthchecks + global fallback
  • No global mutable state
  • Client isolation + Fair Bandwidth
  • Backpressure-aware IO
  • "Secret Policy" - SNI / Secret Routing :D
  • Multi-upstream Balancer and Failover
  • Strict FSM per handshake
  • Session-based Antireplay with Sliding window, non-broking reconnects
  • Web Control: statistic, state of health, latency, client experience...
Reference in New Issue View Git Blame Copy Permalink