[haywirez]

Great experience with WireGuard so far, but does anyone know a simpler way to use it over networks where UDP is blocked (e.g. university Wi-Fi)? I've only found this comment[1].

[1] https://news.ycombinator.com/item?id=17847008

[yusefnapora]

You could try setting up a WireGuard server that listens on udp port 53, which is typically used by DNS and unlikely to be blocked. I haven't used it, but algo recently added a configuration option to do so[1]. Of course WireGuard traffic will look much different than DNS, so they could still block it if they really care to.

[1]: https://github.com/trailofbits/algo/pull/1594

[thijsvandien]

I would say DNS is more likely to be blocked than other UDP ports, to force the use of a specific DNS server (not uncommon on public networks).

[kazen44]

either that or port 53 is simply DNATted to an internal DNS server.

Which will make your wireguard VPN unreachable.

[kortilla]

Blocking DNS to arbitrary IPs is very common in locked down environments. They force you to use their resolver handed out by DHCP.

[GhettoMaestro]

Just a word of warning: Stuffing X inside a TCP wrapper can get nasty fast... VPNe are UDP for a reason.

[alim3]

Udp2raw and similar software could be used to bypass UDP restrictions. Basically it creates valid tcp headers and sends those packets with them through raw socket.