On Fri, Sep 7, 2018 at 1:20 AM Fredrik Strömberg wrote:
> Using Pluggable Transports seem like a good solution. Simply divert
> WireGuard traffic to a local UDP port, which then sends it using a
> Pluggable Transport over the Internet to the other WireGuard peer.
>
> StarBrilliant: You indicated t
> "BC" == Brian Candler writes:
BC> OK, so what about changing wireguard to use TCP and TLS on port 443?
Using udp/443 for one end could allow making it look like quic.
You'd need non-wg traffic on the port to reply like a quic server would.
-JimC
--
James Cloos OpenPGP: 0x997A9F
Hey SB,
Thanks for the detailed post and insights.
Indeed obfuscation is an extremely useful tool. WireGuard itself is
derived from an exfiltration mechanism of mine, and so I've written
quite a few different obfuscation modules for that. When the core
WireGuard engineering becomes a bit more rel
On Thu, 6 Sep 2018 17:19:57 +0200
Fredrik Strömberg wrote:
>> First of all, censorship circumvention is an important societal
>> problem to solve. It is also clearly outside of the scope of
>> WireGuard. Any suggested protocol change with that motive will
>> increase the complexity of the code ba
Domain fronting seems like the stealthiest option to me (and if anyone has a
reliable way to
detect domain fronting, I would love to hear about it!). But that doesn?t get
you UDP (and NAT
traversal); perhaps VOIP/WebRTC mimicry could work?
I think this is a game you can't win against a suitabl
Hi everyone,
First of all, censorship circumvention is an important societal
problem to solve. It is also clearly outside of the scope of
WireGuard. Any suggested protocol change with that motive will
increase the complexity of the code base, which increases the risk of
vulnerabilities. This would
> The userspace daemon would:
>- 'Clean' Wireguard [handshake/data] packets
The objective of cleaning as described seems to be to make the protocol
indistinguishable from exchanging random payloads. But are there any common
protocols of commercial importance that are so inscrutable? If I saw
Hi,
I've been thinking about this issue as well and I agree it's an
important one to solve. However, Wireguard's key selling points are its
performance, simple configuration and minimal code size and I don't
think we can compromise this. So I was wondering if a userspace program
which obfuscates
Hi,
(TL;DR: Please seriously consider preventing WG from being blocked,
for 2/3 of the world's Internet users. No need to break compatibility,
be friendly to PT plugins is a possible solution.)
I have been using WG for months. I understand the fact that Wireguard
wants to keep its protocol simple