TunSafe Forum

Welcome to the TunSafe Community Forum. This is open for discussions related to TunSafe and the WireGuard protocol.

You are not logged in.

#1 2019-04-09 10:16:47

Registered: 2018-03-09
Posts: 127

Using TunSafe with TCP

TunSafe supports a TCP mode that tunnels the normal WireGuard UDP packets over TCP.

This does not work with regular WireGuard but you need a TunSafe server running on Linux.

On the server, put this in the config file, in the [Interface] section, right below ListenPort: ListenPortTCP = 12345

On clients, prefix the Endpoint with tcp://, i.e. Endpoint=tcp://

Obviously, this port needs to be mapped through NAT in home routers etc. TunSafe does not add any UPNP port mappings.

Additionally, packets over TCP can be obfuscated. To enable this, in the [Interface]-section on both clients and the server, set ObfuscateKey=RANDOM_KEY. It's important that it's the same otherwise they won't be able to connect.

The TCP obfuscation can work in different modes. It can either look like just random binary data, or look similar to a TLS handshake. This is an attempt by bypass packet inspection. Use either ObfuscateTCP=tls-chrome or ObfuscateTCP=tls-firefox to enable obfuscation that looks like TLS. Put this in the [Interface] section on both the server and client.


Board footer

Powered by FluxBB