Skip to content
Blame Permalink
  • Maxb's avatar
    242ec5c6
    Add QUIC dialer + listener · 242ec5c6
    Maxb authored 
    This adds the option to use QUIC as a replacement dialer+listener for
our obfs4 connection.

Because we have already implemented this pattern for KCP it was
relatively straightforward to add QUIC as this "inner transport". That
is, our network stack looks like:

┌──────────────┐      ┌──────────────┐
│OpenVPN client│      │OpenVPN server│
└──▲───────────┘      └──▲───────────┘
   │                     │
   │ UDP                 │ UDP
┌──▼───────────┐      ┌──▼───────────┐
│obfsvpn client│      │obfsvpn server│
└──▲───────────┘      └──▲───────────┘
   │                     │
   │                     │
┌──▼─────────┐        ┌──▼───────────┐
│obfs4 dialer│        │obfs4 listener│
└──▲─────────┘        └───▲──────────┘
   │                      │
   │ obfs4                │ obfs4
 ┌─▼─────────┐  QUIC   ┌──▼──────────┐
 │QUIC dialer├◄───────►│QUIC listener│
 └───────────┘         └─────────────┘

This makes the obfs4 layer and the QUIC layer somewhat duplicative in
that they're both technically "obfuscation" layers (a censor won't see
any obfs4 traffic because it's already wrapped in the QUIC layer).

This commit is more of a spike to prove that QUIC can easily be
swapped/added as a circumvention protocol layer/technique and the next
work can be refactoring our code such that we can optionally swap the
obfs4 layer entirely with our QUIC one.
    242ec5c6
    Add QUIC dialer + listener
    Maxb authored 
    This adds the option to use QUIC as a replacement dialer+listener for
our obfs4 connection.

Because we have already implemented this pattern for KCP it was
relatively straightforward to add QUIC as this "inner transport". That
is, our network stack looks like:

┌──────────────┐      ┌──────────────┐
│OpenVPN client│      │OpenVPN server│
└──▲───────────┘      └──▲───────────┘
   │                     │
   │ UDP                 │ UDP
┌──▼───────────┐      ┌──▼───────────┐
│obfsvpn client│      │obfsvpn server│
└──▲───────────┘      └──▲───────────┘
   │                     │
   │                     │
┌──▼─────────┐        ┌──▼───────────┐
│obfs4 dialer│        │obfs4 listener│
└──▲─────────┘        └───▲──────────┘
   │                      │
   │ obfs4                │ obfs4
 ┌─▼─────────┐  QUIC   ┌──▼──────────┐
 │QUIC dialer├◄───────►│QUIC listener│
 └───────────┘         └─────────────┘

This makes the obfs4 layer and the QUIC layer somewhat duplicative in
that they're both technically "obfuscation" layers (a censor won't see
any obfs4 traffic because it's already wrapped in the QUIC layer).

This commit is more of a spike to prove that QUIC can easily be
swapped/added as a circumvention protocol layer/technique and the next
work can be refactoring our code such that we can optionally swap the
obfs4 layer entirely with our QUIC one.