WireGuard with obfuscation support
Nico Schottelius
nico.schottelius at ungleich.ch
Mon Sep 27 07:44:58 UTC 2021
Bruno,
thanks for raising 2 very important points:
Bruno Wolff III <bruno at wolff.to> writes:
> On Mon, Sep 27, 2021 at 09:53:08 +0900,
> Nico Schottelius <nico.schottelius at ungleich.ch> wrote:
>>
>>I'd appreciate if wireguard upstream would take this in, maybe even
>>supporting multiple / dynamic listen ports.
>
> The problem is mostly orthogonal to Wireguard. There isn't going to be
> a one size fits all solution for hiding traffic. Failures in hiding
> traffic are potentially very bad for individuals. As such general
> solutions are not something you can recommend universally to people,
> as amateurs are not going to be able to make good decisions about the
> risks and some may get themselves tortured and killed.
1) being able to communicate for non-tech savvy users
This is a very important point, especially a failure to do so might be
critical in reality like you pointed out. So the easier we make it for
non-tech people to "just get it working", many more life's will be saved
from torture. Because the alternative are insecure communication channels.
> This may not be something the developers for Wireguard want to be
> responsible for.
2) The responsibility of software developers
As usual with GPL/similar licenses, software is provided AS-IS. We are
not selling a "fully autonomous car" here that is actually not able to
drive on its own, but instead giving a warranty free software to people.
It's important to raise these points, but from what I can see the easier
we make it for people to securely communicate, the less likely threats
arrive.
Outside of the scope of wireguard I see tunnel combinations like moving
wireguard traffic through udp+tcp/53, tcp/80+443, which are also
interesting options, but are probably solved with other tunneling tools.
Cheers,
Nico
--
Sustainable and modern Infrastructures by ungleich.ch
More information about the WireGuard
mailing list