top | item 44553727

(no title)

dongcarl | 7 months ago

At Obscura we just tunnel WireGuard over QUIC's unreliable datagram mechanism to make it look like HTTP/3 (for DPI): https://github.com/Sovereign-Engineering/obscuravpn-client/b...

We just upstreamed our patch to quinn-rs that pads Datagrams to MTU: https://github.com/quinn-rs/quinn/pull/2274

discuss

Some DPIs just flat out block HTTP/3 already.

zinekeller|7 months ago

> Some DPIs just flat out block HTTP/3 already.

Actually, some DPIs just straight-up reject UDP (and since DNS and NTP are UDP-based*, just straight-up interception-and-redirect).

* TCP DNS exists but practically not used for most "normal" tasks, and at this point the censor is trying to block anything anyways.