Hacker News new | ask | show | jobs
by tptacek 92 days ago
It's trivial to make WireGuard look like a regular TLS stream. It's probably not worth a 15 year regression in security characteristics just to get that attribute; just write the proxy for it and be done with it. It was a 1 day project for us (we learned the hard way that a double digit percentage of our users simply couldn't speak UDP and had to fix that).
2 comments
eptcyka 92 days ago
It is, we did the same. It is a shame that only Linux supports proper fake TCP though.
link
coppsilgold 92 days ago
Doesn't the Chinese firewall perform sophisticated filtering? Fake TCP should not be difficult to catch. I recall reading how the firewall uses proxies to initiate connections just to see whats up.
link
eptcyka 92 days ago
You can host a decoy on the server side.
link
mmooss 92 days ago
I don't suppose you'd release it, please?
link
tptacek 92 days ago
It's part of `flyctl`, which is open source.
link