Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Amazing news, the latest Mullvad client beta has WireGuard TCP support for a few select servers! As far as I know, they're the first to do so?
Granted, TCP 443 isn't a panacea, even with for instance the XOR patch it can still be detected, which led to the advent of Shadowsocks and more recently v2ray. SSR with TLS obfuscation plugin has also been ineffective in state-sponsored solutions like GFC that uses machine learning DPI, but TCP 443 still works at ISP level in most countries. Now if you want state-of-the-art circumvention you go with Xray fork of v2ray that supports XLTS, but that's just overkill.
For TCP + port 443 to actually help WireGuard's DPI resistance, then some form of TLS obfuscation, like the ones you mentioned, must be implemented. Otherwise, WireGuard traffic is still plainly WireGuard Traffic. There are solutions for this, like Cloak, which is basically a TLS obfuscating bridge to a backend VPN server. This already runs on port 443, forwarding traffic to the backend, and already works with WireGuard UDP.