wireguard protocol obfuscation with shadowsocks #17
Description
Came across some interesting information courtesy of Yegor Ievlev:
Recently there was discussion about obfuscation to avoid restrictive firewalls. The conclusion apparently was that WG devs should add support for pluggable transports. This is a good idea, but for now you can just use shadowsocks-libev:
On server:
ss-server -s 0.0.0.0 -s ::0 -p 443 -k shadowsocks-password -m aes-128-gcm -U # change to lowercase u if you want to be able to connect to the server over TCP too.On client:
ss-tunnel -s shadowsocks-server -p 443 -l 51820 -L wireguard-server:51820 -k shadowsocks-password -m aes-128-gcm -UConnect WireGuard to 127.0.0.1:51820. Done.
It's worth experimenting with Shadowsocks to bypass restrictive firewalls that block Wireguard traffic, and improving this guide/bash script to include these enhancements.