Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S® PACE 2

Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S® PACE 2

[Henrique Carrega]

[-- Attachment #1.1: Type: text/plain, Size: 154 bytes --]



https://www.businesswire.com/news/home/20190123005355/en/Rohde-Schwarz-Adds-Emerging-WireGuard-VPN-Protocol 

Can any expert advise on this matter ?

[-- Attachment #1.2: Type: text/html, Size: 465 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) PACE 2

[Fredrik Strömberg]

Deep Packet Inspection is the term used to describe detailed
inspection of network traffic.

A firewall might allow, block, or log traffic based on source or
destination IP address. Or it might do so by looking at TCP and UDP
headers inside the IP packet frame. Or, the firewall will even look at
the payload inside a TCP or UDP packet frame, and that is called Deep
Packet Inspection.

WireGuard uses UDP, and by looking at the payload of those UDP packets
it is trivial to distinguish from other protocols. An experienced
network sysadmin could write you a firewall rule that blocks WireGuard
in a few minutes. Obfuscation is not a goal of WireGuard, so this not
a problem for WireGuard, the project.

It will however be a problem for those blocked by this equipment. Like
all technology, this DPI equipment is a double-edged sword. Will it be
sold to a government so they can block privacy-seeking dissidents from
using WireGuard, or will it be sold to an organization that has a more
legitimate need to block WireGuard traffic?

The solution is to use an obfuscation protocol that encapsulates
WireGuard, just like Tor users in censored countries do.

Cheers,
Fredrik
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) PACE 2

[Frank Beuth]

On Thu, Jan 24, 2019 at 12:01:54PM +0100, Fredrik Strömberg wrote:
>It will however be a problem for those blocked by this equipment. Like
>all technology, this DPI equipment is a double-edged sword. Will it be
>sold to a government so they can block privacy-seeking dissidents from
>using WireGuard, or will it be sold to an organization that has a more
>legitimate need to block WireGuard traffic?
>
>The solution is to use an obfuscation protocol that encapsulates
>WireGuard, just like Tor users in censored countries do.

Are there any WireGuard-compatible obfuscation protocols that could be 
considered production ready for use with WireGuard?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard