## Checking if Bitmask/Riseup infrastructure is censored in your country
This document is about measuring availability of Riseup servers and openVPN protocol **without use of obfuscation or Tor**.
This document assumes the reader has a running setup of Docker
### A Word Of Caution
Accessing `riseup.net` or Riseup gateways may be illegal in your country.
If you suspect this to be the case, weight the risks, plan risk mitigation, and proceed.
We say a big Thank You to all testers who check if our infrastructure is censored.
### Simple Check
Let's start by trying to access `black.riseup.net`, a server hosting our [Menshen]() API.
Menshen's primary use is to dispense [gateways and obfs bridges] (circumvention documentation link).
We will not only connect to it, but also cross-check how it is resolved across multiple DNS providers.
To automate the testing, we use [Ooni probe](), more specifically `miniooni`.
Unfortunately, not all tests we need to run can be performed on traditional miniooni.
To enable OpenVPN testing, Leap forked ooni probe, but [merge request]() is not yet merged.
For your convenience, we made a docker container [ainghazal/miniooni-unofficial](https://hub.docker.com/r/ainghazal/miniooni-unofficial) which contains everything that we will need.
It is a [single-executable]() container, and it is used almost like a normal miniooni binary.
#### Run a connection test against `black.riseup.net`:
`docker run ainghazal/miniooni-unofficial web_connectivity -y -n -i https://black.riseup.net`
##### Breakdown
*`docker run ainghazal/miniooni-unofficial` - Run our container. All that follows is arguments to miniooni.
*`web_connectivity` - a test to run. This one performs DNS and connection checks.
*`-y` - Answer `yes` to prompts. It confirms that you know the risks involved.
*`-n` - Do not submit results to Ooni data collector.
*`-i <input>` - Test input. For `web_connectivity`, it is an address to test connection to.
*`https://black.riseup.net` - address of our Menshen. We try to connect to it.
#### Sending a report
If you feel comfortable sharing the report with Ooni community (and by extension, LEAP), re-run with `-n` flag omitted.
If Ooni itself is censored in your country, <insertmethodforstashingresultsandsendingovertor>
### OpenVPN check
Sometimes either OpenVPN protocol itself or Riseup gateways in particular can be censored.
To figure out the exact situation with your ISP, we made miniooni talk OpenVPN, and also defined a roster of gateways to test connecting to.
`docker run ainghazal/miniooni-unofficial oonirun -y -n -i https://raw.githubusercontent.com/ainghazal/vpn-test-lists/main/oonirun/010-riseup-us.json`
#### Breakdown
*`docker run ainghazal/miniooni-unofficial` - See previous secton
*`oonirun` - we have a custom test to run (see below)
*`-y` - See previous section
*`-n` - See previous section
*`-i <input>` - Test input. For `oonirun`, it is a json specification of the test
*`https://raw.githubusercontent.com/ainghazal/vpn-test-lists/main/oonirun/010-riseup-us.json` - our test spec.
#### (Optional) A Closer Look
You can open `https://raw.githubusercontent.com/ainghazal/vpn-test-lists/main/oonirun/010-riseup-us.json` in your browser.
There, one can see that we perform an `openvpn` test (possible in [our fork](), not in vanilla) against a number of Gateways.
We also specify certificates to use for TLS.
#### Sending a report
See previous section
### Conclusion
Again, thank you for participating in censorship monitoring.
Thanks to you we can bring freedom of information to more people.