wireguard protocol obfuscation with shadowsocks

[rajannpatel]

Came across some interesting information courtesy of Yegor Ievlev:

Recently there was discussion about obfuscation to avoid restrictive firewalls. The conclusion apparently was that WG devs should add support for pluggable transports. This is a good idea, but for now you can just use shadowsocks-libev:

On server:

ss-server -s 0.0.0.0 -s ::0 -p 443 -k shadowsocks-password -m aes-128-gcm -U # change to lowercase u if you want to be able to connect to the server over TCP too.

On client:

ss-tunnel -s shadowsocks-server -p 443 -l 51820 -L wireguard-server:51820 -k shadowsocks-password -m aes-128-gcm -U

Connect WireGuard to 127.0.0.1:51820. Done.

It's worth experimenting with Shadowsocks to bypass restrictive firewalls that block Wireguard traffic, and improving this guide/bash script to include these enhancements.

[AnonymousWebHacker]

https://lists.zx2c4.com/pipermail/wireguard/2019-January/003809.html