-
Notifications
You must be signed in to change notification settings - Fork 287
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question about EncryptionMethod for wireguard traffic #220
Comments
The intention of EncryptionMethod is to hide fingerprints of an underlying proxy. WG should have its own fingerprint too. So if you set EncryptionMethod to plain, the fingerprint will be exposed and your ISP could detect and block it. The data stream has no definite fingerprint only if its data looks like a white noise. But AFAIK it's not so with WG. WG is very good detectable and is blocked more often than other VPN protocols. |
@valerius2k Thanks for your clarification. It is truly clear! |
@bingzhangdai can you share a configuration/guide for Wireguard? |
First, you should set up the wireguard by following the official guide. Suppose you have exposed your wireguard port 500/udp on the server. Your cloak is also deployed on the same server. You can use the following conf to redirect 500/udp to localhost:500/udp. {
"ProxyBook": {
"wireguard": [
"udp",
"127.0.0.1:500"
]
},
"BypassUID": [
"xxx"
],
"RedirAddr": "xxx",
"PrivateKey": "xxx",
"AdminUID": "xxx"
} on the client {
"Transport": "direct",
"ProxyMethod": "wireguard",
"EncryptionMethod": "chacha20-poly1305",
"UID": "xxx",
"PublicKey": "xxx",
"ServerName": "cn.bing.com",
"NumConn": 1,
"BrowserSig": "chrome",
"StreamTimeout": 300,
"KeepAlive": 0
} Then you can run |
I have already successfully run wireguard with cloak. From the wiki,
I am wondering if it also holds true for wireguard. Now I leave the EncryptionMethod as plain.
The text was updated successfully, but these errors were encountered: