From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Ameretat Reith <ameretat.reith@gmail.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: [RFC] Handling multiple endpoints for a single peer
Date: Sun, 15 Jan 2017 11:17:33 +0100 [thread overview]
Message-ID: <CAHmME9oeM6=CnWVQ4ufJgkk0CAVqTJKQRF-1ywYUJbGKAh+6TQ@mail.gmail.com> (raw)
In-Reply-To: <d05b5f22-2c63-455a-b9d7-7526f8c867d2@gmail.com>
On Mon, Jan 9, 2017 at 9:46 AM, Ameretat Reith <ameretat.reith@gmail.com> wrote:
> Another use case would be circumventing some crazy state backed firewalls
> that drop or throttle -mostly UDP- connections having high bandwidths. If
> peer is being used as gateway and nameserver resolver, it can be used to
> rotate server IPs too; yet another method to bypass kind of blockages.
That's another neat use case indeed. Baptiste's auto RTT-sensing idea
would automatically figure out which IPs the firewall has throttled.
(I suspect, however, that WireGuard isn't designed long term to deal
with state sponsored firewalls and such; it's fingerprintable, as
discussed earlier on the mailing list. Good approaches to building
"unblockable VPNs" probably include something like symmetric crypto
only, so that there's no protocol or handshake, with large random
nonces (XChaPoly), forming messages that are indistinguishable from
random, which are then massaged into resembling valid gzip'd data, and
then placed below a valid HTTP header on port 80... or something wild
like this.)
prev parent reply other threads:[~2017-01-15 10:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-08 22:41 Baptiste Jonglez
2017-01-08 22:49 ` Jason A. Donenfeld
2017-01-09 2:37 ` Samuel Holland
2017-01-09 9:26 ` Baptiste Jonglez
2017-01-15 10:12 ` Jason A. Donenfeld
2017-01-09 7:00 ` Dave Taht
2017-01-09 9:47 ` Baptiste Jonglez
2017-01-15 10:06 ` Jason A. Donenfeld
2017-01-16 15:01 ` Dan Lüdtke
2017-01-09 8:46 ` Ameretat Reith
2017-01-15 10:17 ` Jason A. Donenfeld [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9oeM6=CnWVQ4ufJgkk0CAVqTJKQRF-1ywYUJbGKAh+6TQ@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=ameretat.reith@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).