WireGuard protocol blocking in China, swgp-go (userspace obfuscation proxy)

[Nico Schottelius]

David Fifield <david at bamsoftware.com> writes:

> I am forwarding some information about WireGuard blocking and
> anti-blocking that was posted to a censorship circumvention forum.

In regards to this topic I was wondering if it makes sense to have a
more generic obfuscation proxy that can carry tcp/udp payload?

Maybe this already exists, but I would think that something that hops
protocols (IPv6, IPv4 endpoints, tcp/udp encapsolution), changes ports
and uses envelope based tunneling (http, https, smtp, imap - worst case
DNS) would make it easier to sustain communication even in more serious
filtering scenarios.

Given such a "generic obfuscator", it could be combined with "protocol"
modes, i.e. enhancing protocols such as wireguard with the presented
algorithm, making it even harder to predict the content.

I'd assume some performance regressions using such an obfuscator, but
maybe it could even "learn" the proper obfuscation by detecting blocks
on easier to detect obfuscation and then switching to a stronger, but
less efficient obfuscation.

Wondering what your thoughts are on this.

Best regards,

Nico

--
Sustainable and modern Infrastructures by ungleich.ch