[WireGuard] Options to obfuscate WireGuard traffic?
Bruno Wolff III
bruno at wolff.to
Sat Jul 9 17:49:47 CEST 2016
On Fri, Jul 08, 2016 at 21:13:02 +0200,
Bin Jin <bjin at ctrl-d.org> wrote:
>> Actually there's already a PSK mode. I suppose it's possible to
>> leverage this to add an obfuscation layer. This is likely the most
>> robust way of doing things, in fact. I'll give this some more thought,
>> but it's kind of unlikely that I'll incorporate this into the
>I see. It's a bit pity to learn that, but I understand it's kind of
>ugly and probably still not enough (due to fixed packet length for
>first two types). Thanks for explaining every details.
I'm not sure it makes sense to combine the hiding of traffic with the
secure tunneling of traffic. There are going to be different efficiency
trades and there are going to be different traffic patterns available
to try to blend into. So different people are going to want to use
significantly different solutions to that problem. Given the design goals
of wireguard, I don't think it is something that would be particularly
good to combine with steganography.
I think for normal people this is more of a political problem then a
technical problem. We need real net neutrality, with ISPs not allowed
to block traffic based on content. (e.g being prohibited from charging
people extra to allow the use of VPNs.) We need governments not passing
laws to make people compromise their own security (e.g. RIP in the UK),
nor should they prevent companies from providing applications or services
where the end user can guaranty their security (as some people are trying
to do in the US). Using strong unbreakable encryption when communicating,
should be the norm, not something you need to hide.
More information about the WireGuard