Hi everyone, this is in continuation with my previous post: lemmy.world/post/7542500

Tl;Dr: Do Suricata/snort/Security onion have mechanisms to perform DPI if one provides them with a valid certificate? And other FOSS I should be looking at that can do DPI?


Background:

I have been trying to find ways to masquerade Wireguard traffic as normal HTTPS traffic to circumvent blocks by networks which do not like them. This is quite easy with a default Wireguard setup because their method of implementing SSL is different from normal HTTPS, and most packet analysers can pick up that Wireguard traffic is passing through.

With that said, I have come across 3 methods to alleviate this problem:

(before you implement these, make sure to convert Wireguard traffic into TCP using udp2raw or updtunnel and force operations on port 443)

  1. Use stunnel - seems to be a project that has been around for a while. Encrypts data using SSL, makes it look like HTTPS.
  2. Use obfsproxy - created by the TOR project, can be used alongside OpenVPN.
  3. Use wstunnel - refer to this tutorial.

The alternatives are mainly: use OpenVPN (which can use stunnel or obfsproxy) or Softether (which uses SSL for its VPN).


Question:

I would like to test said software in a comparison of their efficacy against firewalls employing DPI. Which is why I’m looking at FOSS which can do DPI. Does anyone do this for their network at home? This will be for private use only, I won’t be allowing any external access on my network.

Thanks!