Deep Packet Inspection is the term used to describe detailed inspection of network traffic.
A firewall might allow, block, or log traffic based on source or destination IP address. Or it might do so by looking at TCP and UDP headers inside the IP packet frame. Or, the firewall will even look at the payload inside a TCP or UDP packet frame, and that is called Deep Packet Inspection. WireGuard uses UDP, and by looking at the payload of those UDP packets it is trivial to distinguish from other protocols. An experienced network sysadmin could write you a firewall rule that blocks WireGuard in a few minutes. Obfuscation is not a goal of WireGuard, so this not a problem for WireGuard, the project. It will however be a problem for those blocked by this equipment. Like all technology, this DPI equipment is a double-edged sword. Will it be sold to a government so they can block privacy-seeking dissidents from using WireGuard, or will it be sold to an organization that has a more legitimate need to block WireGuard traffic? The solution is to use an obfuscation protocol that encapsulates WireGuard, just like Tor users in censored countries do. Cheers, Fredrik _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
