ChatGPT led me to tunsafe however the project seems to be abandoned?
I’m trying to find ways to convert wireguard traffic into plain HTTPS so as to not trigger some advanced DPI. So far, I have come across udp2raw and updtunnel which convert the traffic to TCP, but AFAIK the SSL used in Wireguard triggers DPIs.
Does anyone have a workaround? Thanks!
Everyone, there seems to be a way go achieve this:
Wireguard (change port to 443) + udp2raw or udptunnel to convert packets to TCP + stunnel (configured on both client and server - used by OpenVPN to encapsulate traffic in TLS).
This is basically what OpenVPN does, and theoretically this should do OK. I haven’t tested it however, so if you have, please let us know!
I have heard of shadowsocks for this purpose. I have not tried it myself but I recall having read it being used to hide VPN traffic behind the great firewall. A brief intro to it here:
Keep in mind there’s another very easy method to mess with wg traffic: breaking the connection once every 30 seconds or so. This won’t affect the vast majority of real HTTPS connections but will ruin long lived connections like ssh or streaming.
Hi, is there a point to doing this? My ISP/any advanced DPI will still know that I’m using Wireguard
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| HTTP | Hypertext Transfer Protocol, the Web |
| HTTPS | HTTP over SSL |
| IP | Internet Protocol |
| SSH | Secure Shell for remote terminal access |
| SSL | Secure Sockets Layer, for transparent encryption |
| TCP | Transmission Control Protocol, most often over IP |
| TLS | Transport Layer Security, supersedes SSL |
| UDP | User Datagram Protocol, for real-time communications |
| VPN | Virtual Private Network |
7 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #253 for this sub, first seen 30th Oct 2023, 16:40] [FAQ] [Full list] [Contact] [Source code]
OpenVPN? You can literally set it to run on port 443 tcp
True, but I just figured that it is possible to run Wireguard with stunnel, the latter is used by OpenVPN to wrap packets in TLS and masquerade as HTTPS traffic. If I can do that, and convert UDP packets to TCP with the software I mentioned in the post (changing the port is trivial), then I could achieve what I want!
I used stunnel years ago to tunnel both openVPN and SSH traffic and it worked flawlessly. Looks just like https web traffic to dpi software. Beware though, that long open connections can also set off flags, so don’t keep connection’s open permanently.
I see. Thanks, good to know. I’ll see if I can automate opening and closing connections. However, I do think that a lot of applications (especially chat/video applications) maintain fairly long connections these days: long livestreams on YT, discord client, lemmy, Instagram etc. Basically, if you’re consuming content online, there’s a good chance that your device might keep the connection going.
With that said, it’s important to blend in: I wonder if I can automate the disconnect-connect process on Android
