ipt_xor
swgp-go
| ipt_xor | swgp-go | |
|---|---|---|
| 2 | 6 | |
| 54 | 336 | |
| - | 2.7% | |
| 2.4 | 8.8 | |
| about 2 years ago | 16 days ago | |
| C | Go | |
| MIT License | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ipt_xor
-
Wireguard completely banned in Iran
Not in Iran, and the following would be trivial to detect, but this xtables module may be of use. It runs entirely in-kernel, so if it works, it shouldn't cause much of a performance hit. Only try this if your only goal is bypassing censorship; it won't do a very good job at hiding the fact that you're using a VPN to a human observer.
-
Wireguard handshake in IRAN - HELP
obfuscate udp packet by XOR https://github.com/faicker/ipt_xor Being an iptables module, this one is very fast compare to udp2raw. The con is it doesn’t change the packet length, besides WG packet has a lots of zeros so the key used for XOR is easy to recognize. However, the ISP most likely use some kind of hardware implementation to detect fixed patterns. So this simple XOR may be enough for evading detection.
swgp-go
- Ask HN: The government of my country blocked VPN access. What should I use?
-
Ask HN: What Are You Working On? (October 2024)
I just finished adding UDP GRO & GSO support to my WireGuard proxy software. The work involved rewriting a large part of the program.
https://github.com/database64128/swgp-go
For those who don't know, UDP Generic Receive Offload and Generic Segmentation Offload allow you to receive and send multiple same-sized UDP packets coalesced in a single buffer (or many in an iovec but you really shouldn't). Compared to calling sendmsg(2) on individual packets, sending them coalesced in one call traverses the kernel network stack exactly once, thus has significantly lower overhead.
wireguard-go and many QUIC implementations use the same trick to improve throughput. Unfortunately the in-kernel WireGuard driver does not take advantage of UDP GSO, and swgp-go had to cope with that by attempting to coalesce multiple unsegmented messages received in a single recvmmsg(2) call.
-
Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level
I have been researching VPN protocols that work in China and found that Xray [0] is the most recommended route to escape the GFW. An ideal VPN setup is one where packets appear as normal https traffic. Some VPN setups take it a step further and proxy the traffic through Cloudflare. Setting all this up is nowhere as easy as Wireguard. Coincidentally, I came across this project on Github earlier today which is an obfuscation proxy for Wireguard [1], but I haven't found any information about how well it works.
[0] https://github.com/XTLS/Xray-core
[1] https://github.com/database64128/swgp-go
- how can i use swgp-go on linux with nordlynx? theres practically no documentation on how to use any wireguard proxy with nordlynx and its annoying because i cant post to some websites because they blocked nordvpn with DPI
- Wireguard completely banned in Iran
What are some alternatives?
phantun - Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.
PixlieAI - Please check our new project with similar targets: https://github.com/pixlie/Pixlie
udp2raw - A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
savr-android - Read it later. Keep it local. No server needed.
Cloak - A censorship circumvention tool to evade detection by authoritarian state adversaries
pg_upgrade_docker - Run `pg_upgrade` in docker