Privacy

2643 readers

35 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

Introducing QUIC Obfuscation for WireGuard (mullvad.net)

submitted 3 weeks ago by Blaze@lemmy.zip to c/privacy@programming.dev

10 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Nomad -1 points 3 weeks ago (1 children)

Sad to say, this is not a good solution. Any firewall can be taught to detect this if it's not using https. If it is, this usually requires state approved certificates, so any firewall can just man in the middle. I guess this targets the same gateway astorr bridges. Using big load balancers to shuttle traffic via an unblocked big IP like google toa an app in the google network that acts as a proxy. It works, butt not out of the box sadly.

[–] tenchiken@anarchist.nexus 3 points 2 weeks ago (1 children)

All the examples in the spec itself are https.

[–] Nomad 2 points 2 weeks ago (1 children)

I guess that's a magic bullet then... Just ensure you are using a certificate chain that's not issued by a authority inside the country.

[–] tenchiken@anarchist.nexus 2 points 2 weeks ago

Along that line, I'd be self signing and requiring a specific client cert to allow connection.

But yes absolutely good point