Hi everyone, this is a continuation of my previous post: https://lemmy.world/post/7542500
Tl;Dr: Do Suricata/snort/Security onion have mechanisms to perform DPI if one provides them with a valid certificate? Any other open source software I should be looking at that can do DPI?
Background:
I have been trying to find ways to masquerade Wireguard traffic as normal HTTPS traffic to circumvent blocks by networks which do not like such traffic. It is quite easy to identify Wireguard traffic with a default setup because their method of implementing SSL is different from normal HTTPS, and most packet analysers can pick up that Wireguard traffic is passing through.
With that said, I have come across 3 methods to alleviate this problem:
(before you implement these, make sure to convert Wireguard traffic into TCP using udp2raw
or updtunnel
and force operations on port 443)
- Use
stunnel
- seems to be a project that has been around for a while. Encrypts data using SSL, makes it look like HTTPS. - Use
obfsproxy
- created by the TOR project, can be used alongside OpenVPN. - Use
wstunnel
- refer to this tutorial.
The alternatives are mainly: use OpenVPN (which can use stunnel
or obfsproxy
) or Softether (which uses SSL for its VPN).
Question:
I would like to test said software in a comparison of their efficacy against firewalls employing DPI. Which is why I’m looking at FOSS which can do DPI. Does anyone do this for their network at home? This will be for private use only, I won’t be allowing any external access on my network.
Thanks!
Edit: I realise that this might not be much of a problem for a lot of people, but regardless of whether one is facing this problem or not, I believe it is important to keep abreast of such technology and engage with it to improve one’s digital privacy. There is no doubt that such networks exist, and whether one actively engages with them or not is up to the user. In fact, the question is about DPIs, so I’d like to know if anyone has any experience working with FOSS DPIs in their homelab/at work. Thanks!
What kind of ISP are you dealing with?
Not necessarily my ISP, but I have come across networks which do not allow VPN traffic (OpenVPN, Wireguard, maybe even IPSec but I didn’t try).
I think you might get part of the way but may still find you get detected. Foss DPI projects will not be able to implement the methods used by say fortinet,sonicwall, f5, juniper, Cisco, a10, and others. This is because they all use proprietary DPI created in house. They’re not going to use Foss DPI for obvious reasons, you’ll be able to create workarounds for detection and implement that in a bad payload.
Is Wireguard a requirement? If you just want to go around censorship / hide your traffic, you can try using https://github.com/XTLS/Xray-core
Wireshark is the best FOSS for packet inspection, but you’ll have to test the efficacy of your solution on enterprise hardware directly if you’d like to know which ones it works for. You can virtualize many of these FW on Azure cloud for an hour and it won’t cost much, but you’d need to know what you’re doing.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL SSL Secure Sockets Layer, for transparent encryption UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
5 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #255 for this sub, first seen 31st Oct 2023, 20:00] [FAQ] [Full list] [Contact] [Source code]