| ▲ | razighter777 4 hours ago | |||||||||||||
That's more of a job for an encapsulating protocol. (shadowsocks or similar) Wireguard isn't designed to be obfuscating alone. It's just a simple l3 udp tunnel with a minimal attack surface. | ||||||||||||||
| ▲ | nrds 37 minutes ago | parent | next [-] | |||||||||||||
That's the traditional answer parroted in the Wireguard documentation but a few hours' serious thought and design is enough to reveal the fatal flaw: any encapsulating protocol will have to reinvent and duplicatively implement all of the routing logic. Perr-based routing is at least 50% of wireguard's value proposition. Having to reimplement it at the higher level defeats the purpose. No, obfuscation _has_ to be part of the same protocol as routing. (Btw, same sort of thing occurs with zfs combining raid and filesystem to close the parity raid write hole. Often strictly layered systems with separation of concerns are less than the sum of their parts.) | ||||||||||||||
| ▲ | Hendrikto 3 hours ago | parent | prev [-] | |||||||||||||
> It's just a simple l3 udp tunnel Wait, isn’t UDP L4? Am I missing something? | ||||||||||||||
| ||||||||||||||