ChatGPT led me to tunsafe however the project seems to be abandoned?
I’m trying to find ways to convert wireguard traffic into plain HTTPS so as to not trigger some advanced DPI. So far, I have come across udp2raw and updtunnel which convert the traffic to TCP, but AFAIK the SSL used in Wireguard triggers DPIs.
Does anyone have a workaround? Thanks!
Everyone, there seems to be a way go achieve this:
Wireguard (change port to 443) + udp2raw or udptunnel to convert packets to TCP + stunnel (configured on both client and server - used by OpenVPN to encapsulate traffic in TLS).
This is basically what OpenVPN does, and theoretically this should do OK. I haven’t tested it however, so if you have, please let us know!
You must log in or register to comment.
Please update the post if you found solution to this. Also check this out.
I have found 3 different possible solutions to the problem but not sure if anyone in the community has done this yet. Thanks for the link.
OpenVPN? You can literally set it to run on port 443 tcp
I agree. It sounds like this Rube Goldberg contraption would basically sacrifice all advantages of WireGuard.
At that point you might as well fall back to OpenVPN and at least get the reliability of a proven mature solution.
deleted by creator
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP TLS Transport Layer Security, supersedes SSL UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network
7 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #253 for this sub, first seen 30th Oct 2023, 16:40] [FAQ] [Full list] [Contact] [Source code]
Good bot
Wireguard is e2e encrypted, no middleman can inspect the packets without the private keys.
I’m aware that it is encrypted, however DPIs can pick out Wireguard traffic (due to the behaviour of SSL used in the protocol) and can identify/deny Wireguard traffic. I don’t want that to happen. OpenVPN has a way to mask its traffic, I’m trying to see if anyone has done anything of the sort with Wireguard
shadowsocks seems to be the best way for now.
Thank you. It’s between this and SoftEther now
You can try putting it on pretty 443 or another tls port. It’s not a perfect solution but it could help for your specific setup.
Unfortunately, that is not enough
Yes this is a good way to baypass a lot of commercial firewalls.
deleted by creator
I know it doesn’t do shit against DPI, but you would be amazed at the amount of firewalls in corporate networks, hotels and public places that’ll be able to bypass by just running WG on port 443 or 80.
deleted by creator
