cover image about obfuscating Wireguard with TCP

Hiding Wireguard over TCP with udp2raw

Is your Wireguard server not as fast as you thought? Does it suffer from constant disconnects and packet drops? Sometimes, it is simply caused by Wireguard using UDP instead of TCP. In some public networks, the ISP loves interrupting UDP traffic. With a technique called Quality of Service, they deliberately slow down UDP traffic to avoid network congestion in busy hours. As much as I hate it, they are probably doing the right thing....

July 26, 2021 · 3 min · bhat
cover image about Wireguard with shadowsocks

Hide your VPN traffic: Obfuscate Wireguard with Shadowsocks Tunnel

Wireguard sure is nice. It is both easy to use and has quite good network performance. It is almost unambiguously better than its predecessor, OpenVPN. Moreover, Wireguard is already deployed everywhere (yes, Cloudflare Warp is pure Wireguard). So, what’s the problem? If Wireguard is so good, just use a Wireguard VPN everywhere, and you can forget about leaking your IP addresses or being DDoSed. Besides the miniature network latency impact, there is a simple problem: Wireguard traffic can be easily identified....

July 11, 2021 · 4 min · bhat
cover image about hosting Wireguard with IPv6.

Sharing IPv6 Access with Wireguard

Update Mar 23 ‘21: Improve the stability of IPv6 tunnel. I like IPv6, but Cox’s IPv6 network is suboptimal. I like the idea of a VPN providing millions of IPv6 addresses to its clients. Wireguard, it seems, is the obvious choice for creating an IPv6 VPN. Yes, I did set up Wireguard servers before using Debian, /etc/network/interfaces and wg-quick. It was not the best experience. Since I was using Hurricane Electric’s IPv6 tunnel broker to provide public IPv6 addresses to clients, I need to write the tunnel configuration in /etc/network/interfaces, and then set up Wireguard with wg-quick....

January 9, 2021 · 4 min · bhat