MTProxy for Telegram on Rust + Tokio

aes-ctr async mtproto mtproto-proxy mtproxy network obfuscation privacy proxy rust rustls socks5 telegram tls tokio

Go to file

TWRoman 63cfc067f6 Changes in README and Docs		2026-04-07 20:00:23 +03:00
.cargo	security: harden handshake/masking flows and add adversarial regressions	2026-03-16 20:04:41 +04:00
.github	Rename test.yml to check.yml	2026-04-06 11:19:35 +03:00
benches	Update crypto_bench.rs	2026-03-21 15:48:28 +03:00
contrib	systemd contrib, add sysuser & tmpfiles configs, fix service	2026-03-12 12:47:03 +05:00
docs	Changes in README and Docs	2026-04-07 20:00:22 +03:00
src	Round-bounded Retries + Bounded Retry-Round Constant	2026-04-07 19:19:40 +03:00
tools	Zabbix template: disable intermediate data storage	2026-04-07 11:55:51 +03:00
.dockerignore	Add Docker build context ignore file	2026-03-18 12:36:48 +03:00
.gitignore	feat: enhance quota user lock management and testing	2026-03-18 23:55:08 +04:00
AGENTS.md	Refactor and enhance security in proxy and handshake modules	2026-03-18 01:40:38 +04:00
CODE_OF_CONDUCT.md	Update CODE_OF_CONDUCT.md	2026-03-22 11:48:06 +03:00
CONTRIBUTING.md	Update CONTRIBUTING.md	2026-03-29 01:51:51 +03:00
Cargo.lock	Bump	2026-04-07 19:28:05 +03:00
Cargo.toml	Bump	2026-04-07 19:28:05 +03:00
Dockerfile	Update Dockerfile	2026-03-24 22:36:20 +03:00
IMPLEMENTATION_PLAN.md	Implementation plan + Phase 1 finished	2026-04-02 20:08:47 +04:00
LICENSE	Update LICENSE	2026-04-06 13:21:16 +03:00
LICENSING.md	Update LICENSING.md	2026-03-14 15:59:21 +03:00
README.md	Changes in README and Docs	2026-04-07 20:00:23 +03:00
README.ru.md	Changes in README and Docs	2026-04-07 20:00:23 +03:00
ROADMAP.md	Update ROADMAP.md	2026-02-18 19:04:39 +03:00
config.toml	Update metrics configuration to support custom listen address	2026-03-17 12:58:40 +05:00
docker-compose.yml	fix(docker): expose port 9091 and allow external API access	2026-03-19 15:54:01 +03:00
install.sh	Update install.sh - fix "Permission denied (os error 13)"	2026-04-06 14:33:02 +03:00

README.md

Telemt - MTProxy on Rust + Tokio

Löst Probleme, bevor andere überhaupt wissen, dass sie existieren / It solves problems before others even realize they exist

[!NOTE]

Fixed TLS ClientHello is now available in Telegram Desktop starting from version 6.7.2: to work with EE-MTProxy, please update your client.

Fixed TLS ClientHello is now available in Telegram Android Client starting from version 12.6.4; official release for iOS is "work in progress".

Telemt is a fast, secure, and feature-rich server written in Rust: it fully implements the official Telegram proxy algo and adds many production-ready improvements such as:

ME Pool + Reader/Writer + Registry + Refill + Adaptive Floor + Trio-State + Generation Lifecycle;
Full-covered API w/ management;
Anti-Replay on Sliding Window;
Prometheus-format Metrics;
TLS-Fronting and TCP-Splicing for masking from "prying" eyes.

⚓ Our implementation of TLS-fronting is one of the most deeply debugged, focused, advanced and almost "behaviorally consistent to real": we are confident we have it right - see evidence on our validation and traces

⚓ Our Middle-End Pool is fastest by design in standard scenarios, compared to other implementations of connecting to the Middle-End Proxy: non dramatically, but usual

Full support for all official MTProto proxy modes:
- Classic;
- Secure - with dd prefix;
- Fake TLS - with ee prefix + SNI fronting;
Replay attack protection;
Optional traffic masking: forward unrecognized connections to a real web server, e.g. GitHub 🤪;
Configurable keepalives + timeouts + IPv6 and "Fast Mode";
Graceful shutdown on Ctrl+C;
Extensive logging via trace and debug with RUST_LOG method.

GOTO

FAQ
Architecture
Quick Start Guide
Config parameters
Build
Why Rust?
Issues
Roadmap

Quick Start Guide

FAQ

Build

# Cloning repo
git clone https://github.com/telemt/telemt 
# Changing Directory to telemt
cd telemt
# Starting Release Build
cargo build --release

# Low-RAM devices (1 GB, e.g. NanoPi Neo3 / Raspberry Pi Zero 2):
# release profile uses lto = "thin" to reduce peak linker memory.
# If your custom toolchain overrides profiles, avoid enabling fat LTO.

# Move to /bin
mv ./target/release/telemt /bin
# Make executable
chmod +x /bin/telemt
# Lets go!
telemt config.toml

OpenBSD

Build and service setup guide: OpenBSD Guide (EN)
Example rc.d script: contrib/openbsd/telemt.rcd
Status: OpenBSD sandbox hardening with pledge(2) and unveil(2) is not implemented yet.

Why Rust?

Long-running reliability and idempotent behavior
Rust's deterministic resource management - RAII
No garbage collector
Memory safety and reduced attack surface
Tokio's asynchronous architecture

Issues

✅ SOCKS5 as Upstream -> added Upstream Management
✅ iOS - Media Upload Hanging-in-Loop

Roadmap

Public IP in links
Config Reload-on-fly
Bind to device or IP for outbound/inbound connections
Adtag Support per SNI / Secret
Fail-fast on start + Fail-soft on runtime (only WARN/ERROR)
Zero-copy, minimal allocs on hotpath
DC Healthchecks + global fallback
No global mutable state
Client isolation + Fair Bandwidth
Backpressure-aware IO
"Secret Policy" - SNI / Secret Routing :D
Multi-upstream Balancer and Failover
Strict FSM per handshake
Session-based Antireplay with Sliding window, non-broking reconnects
Web Control: statistic, state of health, latency, client experience...