Add QUIC dialer + listener (!65) · Merge requests · leap / obfsvpn

Max B requested to merge maxb/quic-spike into main Sep 25, 2024

This adds the option to use QUIC as a replacement dialer+listener for our obfs4 connection.

Because we have already implemented this pattern for KCP it was relatively straightforward to add QUIC as this "inner transport". That is, our network stack looks like:

    ┌──────────────┐      ┌──────────────┐
    │OpenVPN client│      │OpenVPN server│
    └──▲───────────┘      └──▲───────────┘
       │                     │
       │ UDP                 │ UDP
    ┌──▼───────────┐      ┌──▼───────────┐
    │obfsvpn client│      │obfsvpn server│
    └──▲───────────┘      └──▲───────────┘
       │                     │
       │                     │
    ┌──▼─────────┐        ┌──▼───────────┐
    │obfs4 dialer│        │obfs4 listener│
    └──▲─────────┘        └───▲──────────┘
       │                      │
       │ obfs4                │ obfs4
     ┌─▼─────────┐  QUIC   ┌──▼──────────┐
     │QUIC dialer├◄───────►│QUIC listener│
     └───────────┘         └─────────────┘

This makes the obfs4 layer and the QUIC layer somewhat duplicative in that they're both technically "obfuscation" layers (a censor won't see any obfs4 traffic because it's already wrapped in the QUIC layer).

This commit is more of a spike to prove that QUIC can easily be swapped/added as a circumvention protocol layer/technique and the next work can be refactoring our code such that we can optionally swap the obfs4 layer entirely with our QUIC one.

Edited Sep 25, 2024 by Max B

Add QUIC dialer + listener

Merge request reports