Hacker News new | past | comments | ask | show | jobs | submit login

Anyone used wireguard in China?

I know someone do use wireguard to bypass the GFW. It's not blocked at the moment. However, a concern is that the UDP-based protocol is not hard to detect.

This HN comment might be worth a look: [0]

It details the steps to setup udptunnel to tunnel Wireguard traffic over TCP. Hope it helps someone!

[0] - https://news.ycombinator.com/item?id=17847008

Anyone have experience with making this work? I tried starting it on the server I have WireGuard running on and it fails to start because it also wants to bind to the UDP port WireGuard uses (even in server mode).

Additionally http://www.cs.columbia.edu/~lennox/udptunnel/ has a note saying:

UDPTunnel is designed to tunnel RTP-style traffic, in which applications send and receive UDP packets to and from the same port (or pair of ports). It does not support request/response-style traffic, in which a client request is sent from a transient port X to a well-known port Y, and the server's response is returned from port Y to port X.

Which from what I understand is exactly what WireGuard does.

Thanks. Would be nice to have an alternative to shadowsocks.

I used wireguard with a personal VPN [0] set up on DO. Worked great, although I occasionally had to tear down & set up a new server when it was detected.

[0] github.com/trailofbits/algo

Detected by who? DO? Do they not allow creating a VPN server?

No, by the Chinese govt. who'd process to block my VPN or make it unbearably slow

It's billed on Streisand's Github page [1] as working there. I'll be giving it a spin in February as an alternative to Shadowsocks and Anyconnect. Just need Wireguard on Windows now!

[1]: https://github.com/StreisandEffect/streisand

>Just need Wireguard on Windows now!

There is a third party Wireguard implementation for Windows: https://tunsafe.com/

However the Wireguard creator has some reservations about this third party client:



Mostly FUD.

>We'll have an official Windows client coming out shortly

>9 months ago

>For those who are after Windows clients, the WireGuard project will hopefully have one quite soon,

>4 months ago

This is the problem.

Another well-known problem is expecting people you're not paying to give you something extra after they've already given you great software gratis under a free software license.

Apologies if you're a paying supporter, but then you would already know what to expect and when. https://www.patreon.com/zx2c4

I'm personally happy to wait for the quality official client with upstream support (even though I gave a try to TunSafe without expectation to use it in the long term).

My concern is zx2c4's attitude. Especially towards TunSafe and the author. He claimed that there are interoperability and security issues, only because it was closed-source, firstly. No proof was given though. Then it became open source, haven't seen any claims of security/interoperability.

An independent implementation of Wireguard is a good thing, but zx2c4 apparently doesn't want that. I can't explain the zealous fight against it otherwise.

TunSafe's author Ludde also made Āµtorrent which he so often says. But depending on the version you have it's either good or infested with adware. Although the later one is not his fault anymore, I still wouldn't mention it without the version number that was still good.

Flagged means truth.

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact