Skip to content

2.1.0
Compare
Choose a tag to compare
@haruue haruue released this 21 Jul 14:01
· 23 commits to v2 since this release
v2.1.0
6ddadee
This commit was signed with the committer’s verified signature. The key has expired.
haruue Haruue
GPG key ID: F6083B28CBCBC148
Expired
Learn about vigilant mode.

Added optional obfuscation.

Now we have a new option named "obfs" in the config. This option should be set to the same string for the mwgp-client and mwgp-server. Set it to empty or remove it will disable the obfuscation.

Highlights of mwgp obfuscation:

  • Zero MTU overhead.
  • Obfuscate the whole MessageInitiation, MessageResponse, and MessageCookieReply, we also append random bytes at the end of those messages to randomize their length.
  • Only obfuscate the first 16 bytes of MessageTransport for maximum performance, as the remaining payload has been already encrypted by chacha20-poly1305.
  • mwgp-server will auto distinguish obfuscated and non-obfuscated peers, and it still accepts non-obfuscated peers while obfuscation is enabled. So you can still connect to the mwgp-server endpoint with the official WireGuard client even if you are using an environment that cannot run mwgp-client easily (such as WireGuard on Android).
Assets 2
Loading