ChatGPT led me to tunsafe however the project seems to be abandoned?

I’m trying to find ways to convert wireguard traffic into plain HTTPS so as to not trigger some advanced DPI. So far, I have come across udp2raw and updtunnel which convert the traffic to TCP, but AFAIK the SSL used in Wireguard triggers DPIs.

Does anyone have a workaround? Thanks!


Everyone, there seems to be a way go achieve this:

Wireguard (change port to 443) + udp2raw or udptunnel to convert packets to TCP + stunnel (configured on both client and server - used by OpenVPN to encapsulate traffic in TLS).

This is basically what OpenVPN does, and theoretically this should do OK. I haven’t tested it however, so if you have, please let us know!

  • lungdart@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    14
    ·
    1 year ago

    Wireguard is e2e encrypted, no middleman can inspect the packets without the private keys.

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      I’m aware that it is encrypted, however DPIs can pick out Wireguard traffic (due to the behaviour of SSL used in the protocol) and can identify/deny Wireguard traffic. I don’t want that to happen. OpenVPN has a way to mask its traffic, I’m trying to see if anyone has done anything of the sort with Wireguard

      • lungdart@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        8
        ·
        1 year ago

        You can try putting it on pretty 443 or another tls port. It’s not a perfect solution but it could help for your specific setup.

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          1 year ago

          Yes this is a good way to baypass a lot of commercial firewalls.

          • railsdev@programming.dev
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            1 year ago

            That wouldn’t help with deep packet inspection but only those firewalls too lazy to check what’s actually being sent there. Even then I doubt it would work because WireGuard uses UDP, not TCP.

            • TCB13@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              3
              ·
              1 year ago

              I know it doesn’t do shit against DPI, but you would be amazed at the amount of firewalls in corporate networks, hotels and public places that’ll be able to bypass by just running WG on port 443 or 80.