Re: Wireguard does not work in Iran

2022-10-02 Thread Evrim Ulu



Hi there.

Here is my old attempt, may help.

Description:
https://www.core.gen.tr/posts/008-fixing-wireguard/

Patch:
https://www.core.gen.tr/patches/wg-evrim-5.18.0.patch


best,
evrim.

David Fifield  writes:


On Wed, Sep 28, 2022 at 09:32:04AM +, Mehdi Haghgoo wrote:

It seems that Wireguard does not work at all in Iran.
I used to use it with nmcli on Linux, but recently it just does 
not work, even with ADSL Internet (Mobile internet is mainly 
shut down).


I suspect it is not because UDP is completely blocked, because 
I see some other VPNs are working with UDP. Could the co


Are there any suggestions to make Wireguard work under recent 
harsh Internet crackdowns?


Some people are reporting success with two-hop proxies, since 
not all
networks in Iran are subject to the same blocking rules. The 
first hop
is to another host in Iran that is less censored; the second hop 
crosses

the border. I haven't seen a report of someone doing this with
onobfuscated WireGuard specifically, but it may work. The second 
link in

the list has a kcptun component, which is UDP.

tutorial for multi-hop shadowsocks servers
https://github.com/net4people/bbs/issues/126

Tutorial: setting up a Tor bridge for Iran
https://github.com/net4people/bbs/issues/127

Two-layered access
https://forum.torproject.net/t/two-layered-access/4783

In terms of obfuscation for the WireGuard protocol, here are 
some

references:

Iptables WireGuard obfuscation extension
https://lists.zx2c4.com/pipermail/wireguard/2022-September/007822.html

swgp-go (userspace obfuscation proxy)
https://lists.zx2c4.com/pipermail/wireguard/2022-June/007638.html

WireGuard with obfuscation support
https://lists.zx2c4.com/pipermail/wireguard/2021-September/007142.html
https://github.com/net4people/bbs/issues/88

WireGuard obfuscation using shadowsocks
https://lists.zx2c4.com/pipermail/wireguard/2019-January/003809.html




Re: Wireguard does not work in Iran

2022-09-28 Thread Houman
David,

Thanks for sharing this. That's an impressive list of ways to connect
with Wireguard that I wasn't even aware of.

With the exception of shadowsocks, would the other obfuscations that
you listed here such as "Iptables extension'' or "swgp-go"  also work
with the Wireguard iOS library? As I understand it, both the server
and client have to support it.

Many Thanks,
Houman


On Wed, 28 Sept 2022 at 20:26, David Fifield  wrote:
>
> On Wed, Sep 28, 2022 at 09:32:04AM +, Mehdi Haghgoo wrote:
> > It seems that Wireguard does not work at all in Iran.
> > I used to use it with nmcli on Linux, but recently it just does not work, 
> > even with ADSL Internet (Mobile internet is mainly shut down).
> >
> > I suspect it is not because UDP is completely blocked, because I see some 
> > other VPNs are working with UDP. Could the co
> >
> > Are there any suggestions to make Wireguard work under recent harsh 
> > Internet crackdowns?
>
> Some people are reporting success with two-hop proxies, since not all
> networks in Iran are subject to the same blocking rules. The first hop
> is to another host in Iran that is less censored; the second hop crosses
> the border. I haven't seen a report of someone doing this with
> onobfuscated WireGuard specifically, but it may work. The second link in
> the list has a kcptun component, which is UDP.
>
> tutorial for multi-hop shadowsocks servers
> https://github.com/net4people/bbs/issues/126
>
> Tutorial: setting up a Tor bridge for Iran
> https://github.com/net4people/bbs/issues/127
>
> Two-layered access
> https://forum.torproject.net/t/two-layered-access/4783
>
> In terms of obfuscation for the WireGuard protocol, here are some
> references:
>
> Iptables WireGuard obfuscation extension
> https://lists.zx2c4.com/pipermail/wireguard/2022-September/007822.html
>
> swgp-go (userspace obfuscation proxy)
> https://lists.zx2c4.com/pipermail/wireguard/2022-June/007638.html
>
> WireGuard with obfuscation support
> https://lists.zx2c4.com/pipermail/wireguard/2021-September/007142.html
> https://github.com/net4people/bbs/issues/88
>
> WireGuard obfuscation using shadowsocks
> https://lists.zx2c4.com/pipermail/wireguard/2019-January/003809.html


Re: Wireguard does not work in Iran

2022-09-28 Thread David Fifield
On Wed, Sep 28, 2022 at 09:32:04AM +, Mehdi Haghgoo wrote:
> It seems that Wireguard does not work at all in Iran.
> I used to use it with nmcli on Linux, but recently it just does not work, 
> even with ADSL Internet (Mobile internet is mainly shut down).
> 
> I suspect it is not because UDP is completely blocked, because I see some 
> other VPNs are working with UDP. Could the co
> 
> Are there any suggestions to make Wireguard work under recent harsh Internet 
> crackdowns?

Some people are reporting success with two-hop proxies, since not all
networks in Iran are subject to the same blocking rules. The first hop
is to another host in Iran that is less censored; the second hop crosses
the border. I haven't seen a report of someone doing this with
onobfuscated WireGuard specifically, but it may work. The second link in
the list has a kcptun component, which is UDP.

tutorial for multi-hop shadowsocks servers
https://github.com/net4people/bbs/issues/126

Tutorial: setting up a Tor bridge for Iran
https://github.com/net4people/bbs/issues/127

Two-layered access
https://forum.torproject.net/t/two-layered-access/4783

In terms of obfuscation for the WireGuard protocol, here are some
references:

Iptables WireGuard obfuscation extension
https://lists.zx2c4.com/pipermail/wireguard/2022-September/007822.html

swgp-go (userspace obfuscation proxy)
https://lists.zx2c4.com/pipermail/wireguard/2022-June/007638.html

WireGuard with obfuscation support
https://lists.zx2c4.com/pipermail/wireguard/2021-September/007142.html
https://github.com/net4people/bbs/issues/88

WireGuard obfuscation using shadowsocks
https://lists.zx2c4.com/pipermail/wireguard/2019-January/003809.html


Wireguard does not work in Iran

2022-09-28 Thread Mehdi Haghgoo
Hi,

It seems that Wireguard does not work at all in Iran.
I used to use it with nmcli on Linux, but recently it just does not work, even 
with ADSL Internet (Mobile internet is mainly shut down).

I suspect it is not because UDP is completely blocked, because I see some other 
VPNs are working with UDP. Could the co

Are there any suggestions to make Wireguard work under recent harsh Internet 
crackdowns?

An example of the Wireguard conf I used to import into NetworkManager is as 
follows:

[Interface]
PrivateKey = 
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
PublicKey = 
AllowedIPs = 0.0.0.0/0
Endpoint = x.x.x.x:51820

Best regards,
M.