Yes ofc they can. The Wireguard protocol is not designed to be hidden.
Comment on Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level
masterairmagic@sh.itjust.works 10 months ago
Can this actually work? If you run Wireguard on a non-default port, is it possible to tell that it’s wireguard?
AES@lemmy.ronsmans.eu 10 months ago
dr_robot@kbin.social 10 months ago
Most open source vpn protocols, afaik, do not obfuscate what they are, because they're not designed to work in the presence of a hostile operator. They only encrypt the user data. That is, they will carry information in their header that they are such and such vpn protocol, but the data payload will be encrypted.
You can open up wireshark and see for yourself. Wireshark can very easily recognize and even filter wireguard packets regardless of port number. I've used it to debug my firewall setups.
In the past when I needed a VPN in such a situation, I had to resort to a paid option where the VPN provider had their own protocol which did try to obfuscate the nature of the protocol.