WireGuard with obfuscation support
Nico Schottelius
nico.schottelius at ungleich.ch
Mon Sep 27 00:53:08 UTC 2021
Hey,
el3xyz <el3xyz at protonmail.com> writes:
> [...]
> To make detection more difficult two things are being done
> * handshake initiation, response and cookie messages are padded with random sized garbage
> * Up to 192 bytes of each message is encrypted with obfuscation key derived from peer public key (different keys are used in different directions).
> [...]
I did not have a look at the code itself, but travelling around the
world, I appreciate the direction a lot. While from a safety perspective
this does not anything, it can add a lot to the usability / being able
to use wireguard at all.
I'd appreciate if wireguard upstream would take this in, maybe even
supporting multiple / dynamic listen ports.
Best regards,
Nico
--
Sustainable and modern Infrastructures by ungleich.ch
More information about the WireGuard
mailing list