diff --git a/cmd/bitmask-linux/cmd/connect.go b/cmd/bitmask-linux/cmd/connect.go
index 8a1fef8e721bec951cfbc79f18d30e68478463d6..028a2c6e52d499377272818a3247d8160ec38f57 100644
--- a/cmd/bitmask-linux/cmd/connect.go
+++ b/cmd/bitmask-linux/cmd/connect.go
@@ -4,9 +4,13 @@ Copyright © 2023 atanarjuat@riseup.net
 package cmd
 
 import (
+	"encoding/json"
+	"fmt"
 	"sync"
 
+	"0xacab.org/leap/bitmask-core/models"
 	"0xacab.org/leap/bitmask-core/pkg/localproxy"
+	"0xacab.org/leap/bitmask-core/pkg/storage"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
@@ -19,20 +23,43 @@ var connectCmd = &cobra.Command{
 
 If the configured profile uses a bridge, this command will start the bridge
 in the background`,
-	Args: cobra.MatchAll(cobra.ExactArgs(3), cobra.OnlyValidArgs),
+	Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
 	Run: func(cmd *cobra.Command, args []string) {
 		name := args[0]
 
-		// TODO get by bridge name
-		bridge := args[1]
-		cert := args[2]
+		bridgeName := args[0]
+
+		bridge, err := storage.MaybeGetBridgeByName(bridgeName)
+		if err != nil {
+			log.Fatal().Err(err).Msg("")
+		}
+
+		_type := bridge.Type
+		fmt.Println(_type)
+		// TODO check _type == "obfs4", "obfs4-kcp" etc
+
+		var apiBridge models.APIBridge
+
+		if err := json.Unmarshal([]byte(bridge.Raw), &apiBridge); err != nil {
+			log.Fatal().Err(err).Msg("")
+		}
+
+		bridgeAddr := fmt.Sprintf("%s:%d", apiBridge.IPAddr, apiBridge.Port)
+		bridgeCert := apiBridge.Options.(map[string]interface{})["cert"].(string)
+
+		fmt.Println("host:", bridgeAddr)
+		fmt.Println("cert:", bridgeCert)
+
+		// TODO: convert socks5 to transparent proxy -------------------------------------
+
+		fmt.Println(apiBridge)
 
 		// This is a quick-n-dirty way of synchronizing the proxy and the openvpn session.
 		var wg sync.WaitGroup
 
 		wg.Add(1)
 		go func() {
-			if err := localproxy.StartLocalProxy(bridge, cert); err != nil {
+			if err := localproxy.StartLocalProxy(bridgeAddr, bridgeCert); err != nil {
 				log.Fatal().Err(err).Msg("")
 			}
 
diff --git a/cmd/bitmask-linux/cmd/new.go b/cmd/bitmask-linux/cmd/new.go
index b04502c17a794a41dc27a6084b0c7f6462000a0d..040388fc55a583028ef347fe394dad476e3258dd 100644
--- a/cmd/bitmask-linux/cmd/new.go
+++ b/cmd/bitmask-linux/cmd/new.go
@@ -71,6 +71,8 @@ func tunnelNew(profileName string) error {
 	cfg.Host = host
 	cfg.Introducer = introd
 	cfg.Proxy = proxy
+	cfg.ResolveWithDoH = false
+	cfg.SkipUTLS = true
 
 	api := bootstrap.NewAPI(cfg)
 	// TODO pass cc override
diff --git a/pkg/bootstrap/api.go b/pkg/bootstrap/api.go
index dd753df8c3afc062c67fa26c9c0c5a61f0543bc2..27590536dac0a461e4a86849c701bf240d6e1746 100644
--- a/pkg/bootstrap/api.go
+++ b/pkg/bootstrap/api.go
@@ -29,6 +29,8 @@ type Config struct {
 	Proxy string
 	// ResolveWithDoH indicates whether we should use a DoH resolver.
 	ResolveWithDoH bool
+	// SkipUTLS
+	SkipUTLS bool
 }
 
 func NewConfig() *Config {
@@ -73,7 +75,8 @@ func NewAPI(cfg *Config) *API {
 	if cfg.Host != "" {
 		// if we're specifying a host, we also restrict schemes to https
 		log.Debug().Msg("Enforcing https for user supplied host")
-		transportConfig = transportConfig.WithHost(cfg.Host).WithSchemes([]string{"https"})
+		// TODO handle no-tls
+		transportConfig = transportConfig.WithHost(cfg.Host).WithSchemes([]string{"http"})
 	}
 
 	client := client.NewHTTPClientWithConfig(nil, transportConfig)
@@ -115,10 +118,14 @@ func NewAPI(cfg *Config) *API {
 		}
 	}
 
-	// This is either the fallback of the client override methods tried above,
-	// or the regular case.
-	log.Info().Msg("Using uTLS client with direct connection")
-	api.httpClient = uTLSClient(cfg.Host, cfg.ResolveWithDoH)
+	if cfg.SkipUTLS {
+		api.httpClient = &http.Client{}
+	} else {
+		// This is either the fallback of the client override methods tried above,
+		// or the regular case.
+		log.Info().Msg("Using uTLS client with direct connection")
+		api.httpClient = uTLSClient(cfg.Host, cfg.ResolveWithDoH)
+	}
 	return api
 }
 
diff --git a/pkg/localproxy/localproxy.go b/pkg/localproxy/localproxy.go
index c463e99c0a1237970c98857e065b4f4b2daf91a4..a8b18aca89d28424157d3f52f6e0e07a98ec825d 100644
--- a/pkg/localproxy/localproxy.go
+++ b/pkg/localproxy/localproxy.go
@@ -16,7 +16,8 @@ func StartLocalProxy(remoteaddr, cert string) error {
 	c := client.NewClient(
 		ctx, false,
 		LocalProxyAddr, // fixed for now, but should make configurable
-		remoteaddr, cert,
+		// remoteaddr, // FIXME: this needs to be added for transparent proxy
+		cert,
 	)
 	if _, err := c.Start(); err != nil {
 		return err