WireGuard with obfuscation support

Nico Schottelius nico.schottelius at ungleich.ch
Mon Sep 27 00:53:08 UTC 2021


el3xyz <el3xyz at protonmail.com> writes:
> [...]
> To make detection more difficult two things are being done
> * handshake initiation, response and cookie messages are padded with random sized garbage
> * Up to 192 bytes of each message is encrypted with obfuscation key derived from peer public key (different keys are used in different directions).
> [...]

I did not have a look at the code itself, but travelling around the
world, I appreciate the direction a lot. While from a safety perspective
this does not anything, it can add a lot to the usability / being able
to use wireguard at all.

I'd appreciate if wireguard upstream would take this in, maybe even
supporting multiple / dynamic listen ports.

Best regards,


Sustainable and modern Infrastructures by ungleich.ch

More information about the WireGuard mailing list