53

How do you mask Wireguard traffic?

posted
*
by
Avatar
MigratingtoLemmy@lemmy.world
in
Avatar
selfhosted@lemmy.world
26 comments
hidereport

ChatGPT led me to tunsafe however the project seems to be abandoned?

I’m trying to find ways to convert wireguard traffic into plain HTTPS so as to not trigger some advanced DPI. So far, I have come across udp2raw and updtunnel which convert the traffic to TCP, but AFAIK the SSL used in Wireguard triggers DPIs.

Does anyone have a workaround? Thanks!

Everyone, there seems to be a way go achieve this:

Wireguard (change port to 443) + udp2raw or udptunnel to convert packets to TCP + stunnel (configured on both client and server - used by OpenVPN to encapsulate traffic in TLS).

This is basically what OpenVPN does, and theoretically this should do OK. I haven’t tested it however, so if you have, please let us know!

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
lungdart@lemmy.ca
-13 points

Wireguard is e2e encrypted, no middleman can inspect the packets without the private keys.

permalink
report
reply
Avatar
MigratingtoLemmy@lemmy.worldOP
19 points

I’m aware that it is encrypted, however DPIs can pick out Wireguard traffic (due to the behaviour of SSL used in the protocol) and can identify/deny Wireguard traffic. I don’t want that to happen. OpenVPN has a way to mask its traffic, I’m trying to see if anyone has done anything of the sort with Wireguard

permalink
report
parent
reply
Avatar
_stranger_@lemmy.world
5 points

shadowsocks seems to be the best way for now.

permalink
report
parent
reply
Avatar
MigratingtoLemmy@lemmy.worldOP
2 points

Thank you. It’s between this and SoftEther now

permalink
report
parent
reply
Avatar
lungdart@lemmy.ca
-7 points

You can try putting it on pretty 443 or another tls port. It’s not a perfect solution but it could help for your specific setup.

permalink
report
parent
reply
Avatar
MigratingtoLemmy@lemmy.worldOP
6 points

Unfortunately, that is not enough

permalink
report
parent
reply
Avatar
TCB13@lemmy.world
-2 points

Yes this is a good way to baypass a lot of commercial firewalls.

permalink
report
parent
reply
Show more comments

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 3.4K

    Monthly active users

  • 3.4K

    Posts

  • 77K

    Comments

Community moderators