[Feature Request] Fake TCP implementation to bypass firewall without performance loss

[WitchHuntTV]

In public network and authoritarian countries like Iran/China, ISP will block or throttle UDP, Current solution in Mullvad is UDP over TCP, But performance is terrible, While fake tcp only cause a small performance loss. It is said that udp2raw works well with WireGuard and able to bypass QoS and even DPI.

[faern]

Hi, Yeah we know the current UDP-over-TCP implementation has a much larger performance impact, especially over high latency connections, compared to raw/fake TCP/udp connections. However, it's not possible to use fake protocols on mobile (unless they are rooted, but we can't rely on that). As a result we prioritized adding something that worked everywhere first, not caring so much about performance.

We do plan on adding further obfuscation protocols to WireGuard, that will hopefully both be more perfomant and better att circumventing censorship. However, I can't say when that's going to happen, it's not in the plan for this quarter.

[niansa]

I agree something like udp2raw should be added. For the time being, I am using a combination of udp2raw and udpspeeder with wg-quick.

My udp2raw configuration is:

--raw-mode faketcp --dev wlp0s20f3 --lower-level auto 

My UDPSpeeder configuration is:

--disable-obscure --mode 0 --mtu 1350

Hope that helps someone here for the time being.

This works great for me and even pierces through some wifi captive portals via port 53 (DNS) with --raw-mode udp while just configuring plain Wireguard to port 53 does not work due to UDP throttling.