On Mon, 27 Sep 2021 04:14:35 -0500 Bruno Wolff III <br...@wolff.to> wrote:
> This isn't a simple problem. The assumption is that someone is seeing > your network traffic and blocking it. The assumption is that there's an appliance at the ISP which has a DROP rule for UDP with 4 fixed bytes at a fixed offset. It has five hundreds other rules to process as well, so it can't spend "too much" time on specifically WG. > They are still going to see it even if you disguise it. With obfuscation there would be UDP packets of random junk, and it would be a much harder job to come up with a rule to drop those without affecting anything else. > So you are going to need to disquise it as something that whoever is > watching isn't going to care about. That is going to vary a lot depending on > who is watching. You may also need to hide who you are communicating with. > In some cases that will be even more important. You are going full-on "Enemy of the state" movie. The reality is most often a lot simpler and more benign. > There are going to be a number of ways to detect Wireguard traffic and > it is pretty unlikely that the bar for detection can be raised enough to > be relevant with a few simple changes to the protocol. That's not a justification for not trying at all. -- With respect, Roman