Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Both openvpn and wireguard protocols are trivially blocked by DPI.

Not so trivially as it seems. I use wireguard from Russia despite their efforts to block it. It needs some tricks to connect, but it works. I believe that openvpn will work too with those tricks.

> Everybody should use something standard and indistinguishable, like QUIC, DTLS or TLS1.3, for their transport layer.

Let them first learn how to block wireguard properly. No point to show them the full scale of the problem they face, so they could get more funding. :)

On a more serious note, it is whack-the-mole game, the idea that sounds like "everybody should use X" for some value of X is not a good idea. Everybody should look for their own way to bypass censorship, and they should do it with as much creativity and tech skills as they have.



Wireguard connection starts with an UDP datagram starting with bytes 1, 0, 0, 0 if I am not making a mistake, so it can be easily detected by DPI unless you apply some "tricks". Of course I understand that you can use you own version of protocol where these values are changed.


Could you point me in the direction of said tricks please as I am having trouble getting a connection out of the RF ?


You can start with studying research work about Chinese firewall to get the idea how DPI usually works [1]. Then you can start up a Wireshark and try sending different packets and see which are blocked and which pass through, or experiment with modifying VPN packets to make them pass through.

To experiment with this you need to buy a VPS abroad.

If you don't want to do that then you can search for existing utilities like: GoodbyeDPI, XRay/reality, AmneziaVPN etc.

[1] https://gfw.report/publications/usenixsecurity23/en/


Good paper, thanks for the link.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: