Some time ago I documented how I configured WireGuard on my OpenWrt router at home, to connect securely to my home network (and the Internet, really) from wherever I am. I feel safer connecting to public Wi-Fi this way, also abroad when it allows me to save extra roaming costs. However, during my travels I sometimes come across networks which seem to block VPN connections, sometimes including my own personal WireGuard tunnel. For such cases I managed to tunnel my WireGuard connection over HTTPS, which is typically (far) less often blocked.

WireGuard is a great VPN protocol. However, you may come across networks blocking VPN connections, sometimes including WireGuard. For such cases, try tunneling WireGuard over HTTPS, which is typically (far) less often blocked. Here’s how to do so, using Wstunnel.

    • lnxtx (xe/xem/xyr)@sopuli.xyzEnglish
      5·
      2 months ago

      testssl.sh’s client simulation:

       Running client simulations via sockets 

 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
 Android 7.0 (native)         No connection
 Android 8.1 (native)         No connection
 Android 9.0 (native)         No connection
 Android 10.0 (native)        No connection
 Android 11/12 (native)       No connection
 Android 13/14 (native)       No connection
 Android 15 (native)          TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Chrome 101 (Win 10)          No connection
 Chromium 137 (Win 11)        TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Firefox 100 (Win 10)         No connection
 Firefox 137 (Win 11)         TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 IE 8 Win 7                   No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 No connection
 Edge 15 Win 10               No connection
 Edge 101 Win 10 21H2         No connection
 Edge 133 Win 11 23H2         TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Safari 18.4 (iOS 18.4)       No connection
 Safari 15.4 (macOS 12.3.1)   No connection
 Safari 18.4 (macOS 15.4)     No connection
 Java 7u25                    No connection
 Java 8u442 (OpenJDK)         No connection
 Java 11.0.2 (OpenJDK)        No connection
 Java 17.0.3 (OpenJDK)        No connection
 Java 21.0.6 (OpenJDK)        No connection
 go 1.17.8                    No connection
 LibreSSL 3.3.6 (macOS)       No connection
 OpenSSL 1.0.2e               No connection
 OpenSSL 1.1.1d (Debian)      No connection
 OpenSSL 3.0.15 (Debian)      No connection
 OpenSSL 3.5.0 (git)          TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Apple Mail (16.0)            No connection
 Thunderbird (91.9)           No connection

      For me, very fresh browser and/or SSL/TLS library needed.

        • SanctimoniousApe@lemmings.worldEnglish
          4·
          2 months ago

          I’ve multiple Firefox-based browsers (including Firefox proper) in Android that are shown as not supporting it. The only one that supported it was IronFox (and even that only showed after a page reload for some reason). Chrome & Cromite do as well. Good to know, thank you!

        • Kurotora@lemmy.worldEnglish
          2·
          2 months ago

          Vanilla Firefox in android is shown as not using PQ. Waterfox is OK, and got access to the article. Thanks for the link!

    • 0bs1d1an@infosec.pubOPEnglish
      1·
      2 months ago

      Are you sure you’re using an up to date browser? My server is using TLS 1.3 with x25519mlkem768. Most browsers should support this KEM already.

      • pcouy@lemmy.pierre-couy.frEnglish
        1·
        2 months ago

        I’m using the latest firefox on the latest android (just tried it on chrome from the same phone and it loads fine)