2.1.0
Added optional obfuscation.
Now we have a new option named "obfs"
in the config. This option should be set to the same string for the mwgp-client and mwgp-server. Set it to empty or remove it will disable the obfuscation.
Highlights of mwgp obfuscation:
- Zero MTU overhead.
- Obfuscate the whole
MessageInitiation
,MessageResponse
, andMessageCookieReply
, we also append random bytes at the end of those messages to randomize their length. - Only obfuscate the first 16 bytes of
MessageTransport
for maximum performance, as the remaining payload has been already encrypted by chacha20-poly1305. - mwgp-server will auto distinguish obfuscated and non-obfuscated peers, and it still accepts non-obfuscated peers while obfuscation is enabled. So you can still connect to the mwgp-server endpoint with the official WireGuard client even if you are using an environment that cannot run mwgp-client easily (such as WireGuard on Android).