Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Nico Schottelius <nico.schottelius@ungleich.ch>
To: David Fifield <david@bamsoftware.com>
Cc: wireguard@lists.zx2c4.com
Subject: Re: WireGuard protocol blocking in China, swgp-go (userspace obfuscation proxy)
Date: Tue, 14 Jun 2022 15:13:11 +0200	[thread overview]
Message-ID: <87pmjbpele.fsf@ungleich.ch> (raw)
In-Reply-To: <20220609220522.kwqa4uvuc3sijlka@bamsoftware.com>


David Fifield <david@bamsoftware.com> writes:

> I am forwarding some information about WireGuard blocking and
> anti-blocking that was posted to a censorship circumvention forum.

In regards to this topic I was wondering if it makes sense to have a
more generic obfuscation proxy that can carry tcp/udp payload?

Maybe this already exists, but I would think that something that hops
protocols (IPv6, IPv4 endpoints, tcp/udp encapsolution), changes ports
and uses envelope based tunneling (http, https, smtp, imap - worst case
DNS) would make it easier to sustain communication even in more serious
filtering scenarios.

Given such a "generic obfuscator", it could be combined with "protocol"
modes, i.e. enhancing protocols such as wireguard with the presented
algorithm, making it even harder to predict the content.

I'd assume some performance regressions using such an obfuscator, but
maybe it could even "learn" the proper obfuscation by detecting blocks
on easier to detect obfuscation and then switching to a stronger, but
less efficient obfuscation.

Wondering what your thoughts are on this.

Best regards,

Nico

--
Sustainable and modern Infrastructures by ungleich.ch

  reply	other threads:[~2022-06-14 13:19 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-09 22:05 David Fifield
2022-06-14 13:13 ` Nico Schottelius [this message]
2022-07-02 23:21   ` David Fifield
2022-06-14 14:15 ` Alex

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87pmjbpele.fsf@ungleich.ch \
    --to=nico.schottelius@ungleich.ch \
    --cc=david@bamsoftware.com \
    --cc=wireguard@lists.zx2c4.com \
    --subject='Re: WireGuard protocol blocking in China, swgp-go (userspace obfuscation proxy)' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).