Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Unfortunately, Wireguard will not work if you are not on a network where only TCP ports 80 and 443 are open.

For these, you can try DSVPN, which is even easier than Wireguard to set up: https://github.com/jedisct1/dsvpn



Or you can run UDP over TCP with a tool like this one: https://github.com/wangyu-/udp2raw-tunnel


udp over tcp seems like a terrible idea in terms of performance.

Heck, running a VPN tunnel over TCP itself is already weird, considering the protocols inside the tunnel handle dropped packets if they need to.

It would just result in more inefficiency, a smaller mss/mtu and less throughput.


But DSVPN requires a server on such network, too, with certain ports accessible from the internet. If you use a cloud server with Wireguard it too can relay traffic between your home client and destination.


I saw recently here on HN, post about guy tunneling wireguard udp traffic over some sort of tcp websocket proxy.


Why can't you just tell Wireguard to listen on port 443?

  wg set wg0 listen-port 51820...


It uses UDP, not TCP. (Which is generally a sensible choice for a VPN, but is a limitation if UDP is filtered)


Fortunately, UDP will eventually stop being filterable on a functional network, once HTTP/3 becomes widely used. At that point, I'd expect the next round of VPNs to look like HTTP/3 traffic.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: