WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S® PACE 2
@ 2019-01-24  9:18 Henrique Carrega
  2019-01-24 11:01 ` Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) " Fredrik Strömberg
  0 siblings, 1 reply; 3+ messages in thread
From: Henrique Carrega @ 2019-01-24  9:18 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 154 bytes --]



https://www.businesswire.com/news/home/20190123005355/en/Rohde-Schwarz-Adds-Emerging-WireGuard-VPN-Protocol 

Can any expert advise on this matter ?

[-- Attachment #1.2: Type: text/html, Size: 465 bytes --]

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><br><br><div dir="ltr"><a href="https://www.businesswire.com/news/home/20190123005355/en/Rohde-Schwarz-Adds-Emerging-WireGuard-VPN-Protocol">https://www.businesswire.com/news/home/20190123005355/en/Rohde-Schwarz-Adds-Emerging-WireGuard-VPN-Protocol</a>&nbsp;</div><div dir="ltr"><br></div><div dir="ltr">Can any expert advise on this matter ?</div></body></html>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) PACE 2
  2019-01-24  9:18 Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S® PACE 2 Henrique Carrega
@ 2019-01-24 11:01 ` " Fredrik Strömberg
  2019-02-19 13:37   ` Frank Beuth
  0 siblings, 1 reply; 3+ messages in thread
From: Fredrik Strömberg @ 2019-01-24 11:01 UTC (permalink / raw)
  To: WireGuard mailing list

Deep Packet Inspection is the term used to describe detailed
inspection of network traffic.

A firewall might allow, block, or log traffic based on source or
destination IP address. Or it might do so by looking at TCP and UDP
headers inside the IP packet frame. Or, the firewall will even look at
the payload inside a TCP or UDP packet frame, and that is called Deep
Packet Inspection.

WireGuard uses UDP, and by looking at the payload of those UDP packets
it is trivial to distinguish from other protocols. An experienced
network sysadmin could write you a firewall rule that blocks WireGuard
in a few minutes. Obfuscation is not a goal of WireGuard, so this not
a problem for WireGuard, the project.

It will however be a problem for those blocked by this equipment. Like
all technology, this DPI equipment is a double-edged sword. Will it be
sold to a government so they can block privacy-seeking dissidents from
using WireGuard, or will it be sold to an organization that has a more
legitimate need to block WireGuard traffic?

The solution is to use an obfuscation protocol that encapsulates
WireGuard, just like Tor users in censored countries do.

Cheers,
Fredrik
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) PACE 2
  2019-01-24 11:01 ` Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) " Fredrik Strömberg
@ 2019-02-19 13:37   ` Frank Beuth
  0 siblings, 0 replies; 3+ messages in thread
From: Frank Beuth @ 2019-02-19 13:37 UTC (permalink / raw)
  To: Fredrik Strömberg; +Cc: WireGuard mailing list

On Thu, Jan 24, 2019 at 12:01:54PM +0100, Fredrik Strömberg wrote:
>It will however be a problem for those blocked by this equipment. Like
>all technology, this DPI equipment is a double-edged sword. Will it be
>sold to a government so they can block privacy-seeking dissidents from
>using WireGuard, or will it be sold to an organization that has a more
>legitimate need to block WireGuard traffic?
>
>The solution is to use an obfuscation protocol that encapsulates
>WireGuard, just like Tor users in censored countries do.

Are there any WireGuard-compatible obfuscation protocols that could be 
considered production ready for use with WireGuard?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-24  9:18 Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S® PACE 2 Henrique Carrega
2019-01-24 11:01 ` Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) " Fredrik Strömberg
2019-02-19 13:37   ` Frank Beuth

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox