telemt/README.md

Telemt - MTProxy on Rust + Tokio

Löst Probleme, bevor andere überhaupt wissen, dass sie existieren / It solves problems before others even realize they exist

[!NOTE]

Fixed TLS ClientHello is now available in Telegram Desktop starting from version 6.7.2: to work with EE-MTProxy, please update your client.

Fixed TLS ClientHello is now available in Telegram Android Client starting from version 12.6.4; official release for iOS is "work in progress".

Telemt is a fast, secure, and feature-rich server written in Rust: it fully implements the official Telegram proxy algo and adds many production-ready improvements such as:

• ME Pool + Reader/Writer + Registry + Refill + Adaptive Floor + Trio-State + Generation Lifecycle;
• Full-covered API w/ management;
• Anti-Replay on Sliding Window;
• Prometheus-format Metrics;
• TLS-Fronting and TCP-Splicing for masking from "prying" eyes.

⚓ Our implementation of TLS-fronting is one of the most deeply debugged, focused, advanced and almost "behaviorally consistent to real": we are confident we have it right - see evidence on our validation and traces

⚓ Our Middle-End Pool is fastest by design in standard scenarios, compared to other implementations of connecting to the Middle-End Proxy: non dramatically, but usual

• Full support for all official MTProto proxy modes:
  • Classic;
  • Secure - with dd prefix;
  • Fake TLS - with ee prefix + SNI fronting;
• Replay attack protection;
• Optional traffic masking: forward unrecognized connections to a real web server, e.g. GitHub 🤪;
• Configurable keepalives + timeouts + IPv6 and "Fast Mode";
• Graceful shutdown on Ctrl+C;
• Extensive logging via trace and debug with RUST_LOG method.

GOTO

• FAQ
• Architecture
• Quick Start Guide
• Config parameters
• Build
• Why Rust?
• Issues
• Roadmap

Quick Start Guide

• Quick Start Guide RU
• Quick Start Guide EN

FAQ

• FAQ RU
• FAQ EN

Build

# Cloning repo
git clone https://github.com/telemt/telemt 
# Changing Directory to telemt
cd telemt
# Starting Release Build
cargo build --release

# Low-RAM devices (1 GB, e.g. NanoPi Neo3 / Raspberry Pi Zero 2):
# release profile uses lto = "thin" to reduce peak linker memory.
# If your custom toolchain overrides profiles, avoid enabling fat LTO.

# Move to /bin
mv ./target/release/telemt /bin
# Make executable
chmod +x /bin/telemt
# Lets go!
telemt config.toml

OpenBSD

• Build and service setup guide: OpenBSD Guide (EN)
• Example rc.d script: contrib/openbsd/telemt.rcd
• Status: OpenBSD sandbox hardening with pledge(2) and unveil(2) is not implemented yet.

Why Rust?

• Long-running reliability and idempotent behavior
• Rust's deterministic resource management - RAII
• No garbage collector
• Memory safety and reduced attack surface
• Tokio's asynchronous architecture

Issues

• ✅ SOCKS5 as Upstream -> added Upstream Management
• ✅ iOS - Media Upload Hanging-in-Loop

Roadmap

• Public IP in links
• Config Reload-on-fly
• Bind to device or IP for outbound/inbound connections
• Adtag Support per SNI / Secret
• Fail-fast on start + Fail-soft on runtime (only WARN/ERROR)
• Zero-copy, minimal allocs on hotpath
• DC Healthchecks + global fallback
• No global mutable state
• Client isolation + Fair Bandwidth
• Backpressure-aware IO
• "Secret Policy" - SNI / Secret Routing :D
• Multi-upstream Balancer and Failover
• Strict FSM per handshake
• Session-based Antireplay with Sliding window, non-broking reconnects
• Web Control: statistic, state of health, latency, client experience...