this post was submitted on 20 Oct 2025
18 points (100.0% liked)

netsec

1412 readers
1 users here now

Technical news and discussion of information security.

Rules:

  1. Be excellent to each other
  2. Keep it on topic
  3. Absolutely no PII or doxing
  4. No disclosure posts

founded 2 years ago
MODERATORS
t8r@lemmy.world
18
Tunneling WireGuard over HTTPS using Wstunnel (kroon.email)
submitted 2 weeks ago by 0bs1d1an to c/netsec@lemmy.world
8 comments fedilink hide all child comments
 

WireGuard is a great VPN protocol. However, you may come across networks blocking VPN connections, sometimes including WireGuard. For such cases, try tunneling WireGuard over HTTPS, which is typically (far) less often blocked. Here's how to do so, using Wstunnel.

top 8 comments
sorted by: hot top controversial new old
[–] pcouy@lemmy.pierre-couy.fr 4 points 2 weeks ago (3 children)

It looks really interesting but the link is giving me an SSL error :/

[–] lnxtx@sopuli.xyz 5 points 2 weeks ago

testssl.sh's client simulation:

 Running client simulations via sockets 

 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
 Android 7.0 (native)         No connection
 Android 8.1 (native)         No connection
 Android 9.0 (native)         No connection
 Android 10.0 (native)        No connection
 Android 11/12 (native)       No connection
 Android 13/14 (native)       No connection
 Android 15 (native)          TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Chrome 101 (Win 10)          No connection
 Chromium 137 (Win 11)        TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Firefox 100 (Win 10)         No connection
 Firefox 137 (Win 11)         TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 IE 8 Win 7                   No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 No connection
 Edge 15 Win 10               No connection
 Edge 101 Win 10 21H2         No connection
 Edge 133 Win 11 23H2         TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Safari 18.4 (iOS 18.4)       No connection
 Safari 15.4 (macOS 12.3.1)   No connection
 Safari 18.4 (macOS 15.4)     No connection
 Java 7u25                    No connection
 Java 8u442 (OpenJDK)         No connection
 Java 11.0.2 (OpenJDK)        No connection
 Java 17.0.3 (OpenJDK)        No connection
 Java 21.0.6 (OpenJDK)        No connection
 go 1.17.8                    No connection
 LibreSSL 3.3.6 (macOS)       No connection
 OpenSSL 1.0.2e               No connection
 OpenSSL 1.1.1d (Debian)      No connection
 OpenSSL 3.0.15 (Debian)      No connection
 OpenSSL 3.5.0 (git)          TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Apple Mail (16.0)            No connection
 Thunderbird (91.9)           No connection

For me, very fresh browser and/or SSL/TLS library needed.

[–] kurotora@lemmy.world 2 points 2 weeks ago (1 children)

Same here, but saving the post just in case is solved.

[–] 0bs1d1an 2 points 2 weeks ago (2 children)

Does https://pq.cloudflareresearch.com/ confirm your browser is using X25519MLKEM768?

[–] SanctimoniousApe@lemmings.world 4 points 2 weeks ago* (last edited 2 weeks ago)

I've multiple Firefox-based browsers (including Firefox proper) in Android that are shown as not supporting it. The only one that supported it was IronFox (and even that only showed after a page reload for some reason). Chrome & Cromite do as well. Good to know, thank you!

[–] kurotora@lemmy.world 2 points 2 weeks ago

Vanilla Firefox in android is shown as not using PQ. Waterfox is OK, and got access to the article. Thanks for the link!

[–] 0bs1d1an 1 points 2 weeks ago (1 children)

Are you sure you're using an up to date browser? My server is using TLS 1.3 with x25519mlkem768. Most browsers should support this KEM already.

[–] pcouy@lemmy.pierre-couy.fr 1 points 2 weeks ago* (last edited 2 weeks ago)

I'm using the latest firefox on the latest android (just tried it on chrome from the same phone and it loads fine)