Aim
Recently, I was looking a way connecting to wireguard server from restricted (80/443 outbound ports only) network environments. I found two working “obfuscators”, that allow to carry UDP Wireguard traffic inside of Websocket tunnel, that looks like normal WWW/HTTP/WSS traffic - and thus, shouldn’t be blocked. Them are:
Wstunnel is more stable!
I tested both, with following configuration:
- wstunnel, with WSS active only
- chisel, but with user authentication
Chisel was much more unstable - every 5-9 minutes pings weren’t working(at least within some time range), and if they worked - there was 60ms latency. On the other hand, wstunnel was stable all the time, and provided connection with 15-20 ms ping.
Drawbacks
Chisel can be compiled for a MIPS, but it takes significant ammount of memory, thus it’s difficult to use it on smaller OpenWRT routers. Websocket can’t be compiled for a MIPS, because some it’s dependencies aren’t available for this architecture. That means, we need to look for a better solution.