WireGuard with obfuscation support

Nico Schottelius nico.schottelius at ungleich.ch
Mon Sep 27 07:44:58 UTC 2021


Bruno,

thanks for raising 2 very important points:

Bruno Wolff III <bruno at wolff.to> writes:

> On Mon, Sep 27, 2021 at 09:53:08 +0900,
>  Nico Schottelius <nico.schottelius at ungleich.ch> wrote:
>>
>>I'd appreciate if wireguard upstream would take this in, maybe even
>>supporting multiple / dynamic listen ports.
>
> The problem is mostly orthogonal to Wireguard. There isn't going to be
> a one size fits all solution for hiding traffic. Failures in hiding
> traffic are potentially very bad for individuals. As such general
> solutions are not something you can recommend universally to people,
> as amateurs are not going to be able to make good decisions about the
> risks and some may get themselves tortured and killed.

1) being able to communicate for non-tech savvy users

This is a very important point, especially a failure to do so might be
critical in reality like you pointed out. So the easier we make it for
non-tech people to "just get it working", many more life's will be saved
from torture. Because the alternative are insecure communication channels.

> This may not be something the developers for Wireguard want to be
> responsible for.

2) The responsibility of software developers

As usual with GPL/similar licenses, software is provided AS-IS. We are
not selling a "fully autonomous car" here that is actually not able to
drive on its own, but instead giving a warranty free software to people.

It's important to raise these points, but from what I can see the easier
we make it for people to securely communicate, the less likely threats
arrive.

Outside of the scope of wireguard I see tunnel combinations like moving
wireguard traffic through udp+tcp/53, tcp/80+443, which are also
interesting options, but are probably solved with other tunneling tools.

Cheers,

Nico

--
Sustainable and modern Infrastructures by ungleich.ch


More information about the WireGuard mailing list