wstunnel VS udptunnel

- Complete rewrite fron Haskell to Rust

Hope you enjoy and find it useful :-)

https://github.com/erebe/wstunnel?tab=readme-ov-file#underst...

wstunnel - Proxies over WebSockets. Focus on proxying from behind networks that block certain protocols. Written in Rust with executables provided.

Shameless plug, there is also wstunnel (i am its author) https://github.com/erebe/wstunnel/, hope you enjoy.

If you want to tunnel UDP (WireGuard) or TCP (SSH) over WebSocket protocol, check out https://github.com/erebe/wstunnel

While working in an environment where VPN connections were pretty much all blocked⁰ a friend of mine had success using https://guacamole.apache.org/ to access a remote machine¹. Not quite the same as a direct VPN connection but worth a try if nothing else functions, it looks enough like normal HTTPS traffic that he got away with it.

To keep your wireguard setup more as-is, you could try https://kirill888.github.io/notes/wireguard-via-websocket/ to tunnel that via a web server. In fact https://github.com/erebe/wstunnel which that uses could be used just as well with any other UDP based VPN.

I once tinkered with https://github.com/yarrick/iodine and successfully connected to resources over the wireless on a train, bypassing its traffic capture and sign-up requirement, so that might be an option, though I think fully blocking external DNS is more common now so this is less likely to work²³.

--

[0] practically only HTTP(S) permitted, not even SSH, DPI in use that detected just using SSH or OpenVPN over port 443

[1] NOTE: be careful breaching restrictions like this, you are at risk of an insta-sacking if discovered, or worse if operating in some securiry environments!

[2] and the latency when it does work is significant!

[3] and that much traffic over port 53 might get noticed by the heuristics of data exfiltration scanner, encouraging sysadmins to notice and implement a way to block it

You can try with this project, https://github.com/erebe/wstunnel.

- udptunnel : seems one of the best implementations to date. Can be installed with Wireguard, and even has a Homebrew package and an OpenWRT package. But it can be specifically detected by Wireshark and some firewalls such as Fortinet/Fortiguard.