It's trivial to make WireGuard look like a regular TLS stream. It's probably not worth a 15 year regression in security characteristics just to get that attribute; just write the proxy for it and be done with it. It was a 1 day project for us (we learned the hard way that a double digit percentage of our users simply couldn't speak UDP and had to fix that).

▲

eptcyka 4 hours ago | parent | next [-]

It is, we did the same. It is a shame that only Linux supports proper fake TCP though.

▲

coppsilgold 4 hours ago | parent [-]

Doesn't the Chinese firewall perform sophisticated filtering? Fake TCP should not be difficult to catch. I recall reading how the firewall uses proxies to initiate connections just to see whats up.

	▲	eptcyka 4 hours ago \| parent [-]
		You can host a decoy on the server side.

▲

mmooss 4 hours ago | parent | prev [-]

I don't suppose you'd release it, please?

	▲	tptacek 4 hours ago \| parent [-]
		It's part of `flyctl`, which is open source.