-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS Support to bypass UDP blockings #63
Comments
@amirhmoradi I'll look into it |
@NOXCIS thanks for looking into this. |
@amirhmoradi does the tls tunnel need to work on the client side as well or am I confused? |
the client side is the responsibility of the client, we need just to explain the feature clearly in the documentation. the wiregate stack shall expose the tunnel server and configure it to connect to the wireguard server - > details and specific important wireguard details then, (outside of scope) the client shall install the udptlspipe on their local machine and configure their wireguard clients to connect to the local udptlspipe process with correct mtu settings. the important part would be:
also, the udptlspipe is one of multiple ways to manage the usecase, maybe other projects are also good. |
@amirhmoradi setting default exclusionary rules is easy. |
@NOXCIS I would vote for using their container for easier set up, clarity and maintenance. |
@amirhmoradi Should it be to the quick installer defaults or should it be always on. |
@NOXCIS i am not sure if I understood correctly... the usecase of using udptlspipe being quite limited to cases where users are based in heavily censored countries, i would not turn it on by default, but rather leave it to the admin to decide and inform the users. |
Hi, thanks for the great work on this project. I have been searching for quite sometime to find the best combination of amnezia+ui+tor.
Context:
In highly censored countries, UDP traffic is either blocked totally or heavily impacted (ex: 50% of packets are dropped or long delays injected to break handshakes).
Suggestion:
Add a tunnel support like https://github.com/ameshkov/udptlspipe to pass the wireguard udp (even amneziawg is udp...) connection inside the tunnel (important to support the
Probing protection
config from the udptlspipe project too to avoid the wg server endpoint being blocked)The text was updated successfully, but these errors were encountered: