Hi,

I've lived in countries under oppressive DPI systems and I want to see if its possible to create a DPI bypass system using the wireguard protocol. During my time under these DPI systems, I've seen them evolve and grow and get stronger and better in detecting various bypass systems.

In Iran, when there's a lot of political news the government deploys a traffic/endpoint ratio strategy. Essentially, instead of blocking specific protocols, they block amount of traffic going to a specific IP (or sometimes IP:PORT combination if they want to be less strict). This breaks every single bypassing solution as they all rely on sending traffic to another endpoint.

The strategy I had in mind was creating a microservice VPN that can be deployed across thousands of endpoints with thousands of IPs and Ports. The servers would be in contact with each other to "restructure" a packet that has gone through to them, and send it off to the actual endpoint.

Essentially, the client can split a packet into many pieces, send it off to a thousand systems, and then get a response back from several servers and reconstruct the actual message itself. This would break the ratio based detection system. Alongside general hiding techniques such as masquarding as https/dns/QUIC traffic, this could be a pretty robust and unstoppable system. Especially with IPv6 becoming a lot more popular and maintaining an IP ban list much more expensive.

Thoughts?

Thanks!