diff --git a/.gitea/workflows/release-verify.yml b/.gitea/workflows/release-verify.yml
index 553d4cb8..7355af8d 100644
--- a/.gitea/workflows/release-verify.yml
+++ b/.gitea/workflows/release-verify.yml
@@ -32,6 +32,98 @@ jobs:
         # `Could not resolve host`.
         run: echo "46.235.186.67 flights-ui.devwebzavod.ru" | sudo tee -a /etc/hosts
 
+      - name: Set up gost proxy with TIM VPN routing
+        # The customer URL (flights-ui.devwebzavod.ru) is only accessible
+        # through the TIM VPN tunnel via webzavod (Ubuntu jump host).
+        # Set up gost with conditional routing: TIM domains → SSH SOCKS to webzavod.
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.WEBZAVOD_SSH_KEY }}
+        run: |
+          # Install gost if not present
+          if ! command -v gost &> /dev/null; then
+            echo "Installing gost..."
+            curl -fsSL https://github.com/ginuerzh/gost/releases/download/v3.6.0/gost-linux-amd64-v3.6.0.tar.gz | tar -xz -C /tmp
+            sudo mv /tmp/gost-linux-amd64-v3.6.0/gost /usr/local/bin/
+            sudo chmod +x /usr/local/bin/gost
+          fi
+          echo "gost version: $(gost -V)"
+
+          # Set up SSH SOCKS tunnel to webzavod (TIM jump host)
+          # Use the SSH private key from secrets
+          echo "$SSH_PRIVATE_KEY" | base64 -d > /tmp/webzavod_key
+          chmod 600 /tmp/webzavod_key
+          ssh -Nf -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+            -i /tmp/webzavod_key \
+            -D 127.0.0.1:1180 gnezim@192.168.88.58
+          echo "SSH SOCKS tunnel established on port 1180"
+
+          # Create gost config with conditional routing
+          cat > /tmp/gost.yaml <<'EOF'
+services:
+  - name: http-8888
+    addr: "0.0.0.0:8888"
+    handler: { type: http, chain: chain-smart }
+    listener: { type: tcp }
+
+  - name: socks-1081
+    addr: "127.0.0.1:1081"
+    handler: { type: socks5, chain: chain-smart }
+    listener: { type: tcp }
+
+chains:
+  - name: chain-smart
+    hops:
+      - name: tim-via-webzavod
+        addr: 127.0.0.1:1180
+        connector: { type: socks5 }
+        dialer: { type: tcp }
+        bypass: tim-whitelist
+
+      - name: default-socks
+        addr: 127.0.0.1:1080
+        connector: { type: socks5 }
+        dialer: { type: tcp }
+        bypass: tim-blacklist
+
+bypasses:
+  - name: tim-whitelist
+    whitelist: true
+    matchers: &tim_matchers
+      - ".webzavod.ru"
+      - ".devwebzavod.ru"
+      - ".aeroflot.ru"
+      - "webzavod.ru"
+      - "devwebzavod.ru"
+      - "aeroflot.ru"
+      - "46.235.186.67"
+      - "195.209.66.54"
+      - "195.209.82.146"
+      - "46.235.189.158"
+
+  - name: tim-blacklist
+    whitelist: false
+    matchers: *tim_matchers
+EOF
+
+          # Start gost with the config
+          gost -C /tmp/gost.yaml -L :8888 &
+          GOST_PID=$!
+          echo "gost started with PID $GOST_PID"
+
+          # Wait for gost to be ready
+          for i in {1..30}; do
+            if curl -s -x http://127.0.0.1:8888 http://127.0.0.1:8888 > /dev/null 2>&1; then
+              echo "gost is ready"
+              break
+            fi
+            sleep 1
+          done
+
+          # Export proxy environment variables
+          echo "HTTP_PROXY=http://127.0.0.1:8888" >> $GITHUB_ENV
+          echo "ALL_PROXY=socks5h://127.0.0.1:1081" >> $GITHUB_ENV
+          echo "Exported HTTP_PROXY and ALL_PROXY"
+
       - name: Wait for customer URL
         id: wait_customer
         run: scripts/ci/wait-for-url.sh http://flights-ui.devwebzavod.ru/ru-ru/onlineboard 60 5