Comment

Comment on FOSS Deep Packet Inspection software?

i_uuuh_what@lemmy.world ⁨8⁩ ⁨months⁩ ago

To be honest, I’m also not that knowledgeable about it even though I do have it running on a VPS. And can’t say I’m too knowledgeable about networking/VPNs either - I do use Wireguard which I also manage, but that’s about it.

So, some bulletpoints instead:

It’s kinda a pain to set up
It’s default server configuration logs all requests, so you might want to disable this
As far as I understand, it’s more of a proxy than a VPN, so you won’t be able to make connections from one client to another
It mimics standard HTTPS
When using the “reality” protocol it successfuly mimics any website of your choosing for any unauthenticated clients by forwarding HTTPS certificates and whatnot, which protects you from active probing
People use it to get around the Great Firewall of China

source

Sort:hotnew top

MigratingtoLemmy@lemmy.world ⁨8⁩ ⁨months⁩ ago
Thanks for the note. Good to know that it is more like a proxy which simulates SSL: makes it similar to stunnel. I will likely have to run a VPN protocol underneath with this on top.

Funny, I heard obfsproxy is used to circumvent the Chinese firewall too. I’ll have to take a look, thanks

source
- moonpiedumplings@programming.dev ⁨8⁩ ⁨months⁩ ago
  
  I heard obfsproxy
  
  Yeah, tor obs4 bridges.
  
  But somehow, my high school managed to block those. My high school was literally more locked down than the great firewall of China.
  
  I set up: github.com/cognetwork-dev/Metallic
  
  At first, then I eventually switched to github.com/v2ray/v2ray-core as metallic struggled on some things. Both v2ray and xray are built for the great firewall of China, and iirc, they use the same tech.
  
  source
  - MigratingtoLemmy@lemmy.world ⁨7⁩ ⁨months⁩ ago
    Thank you for the links. I’m amazed at what your school has achieved.
    
    I will try out v2core and xray - I’ll need to search if they have any whitepapers/documentation explaining exactly how these protocols work (at a high-level).
    
    Thanks again.
    
    source
- i_uuuh_what@lemmy.world ⁨8⁩ ⁨months⁩ ago
  Yeah, no problem.
  
  I did try wrapping Wireguard inside of xray, but didn’t manage to make it work. Not sure if it’s impossible, but yeah.
  
  xray clients can work as a system-wide VPN if you’re worried about usability. Just no communication between different machines connected to the same server (probably).
  
  source
  - MigratingtoLemmy@lemmy.world ⁨8⁩ ⁨months⁩ ago
    Thanks, I’ll take a look
    
    source