Hi, i’m looking for a VPN that:
- is easily deployable via a docker-compose
- has an Android App and it doesn’t drain the battery too much
- hides as regular HTTPS traffic so it’s not blockable by Firewalls. (I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.)
- Bonus: A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.
https://github.com/TrustTunnel/TrustTunnel sounds interesting, but the PR for docker compose was closed.
Do you know something else?
I’ve run Wireguard on 443 (on my router) for exactly that purpose and never had a problem, even when my standard WG port was blocked by some businesses. I’ve since had to move to port 587 due to router conflicts and it’s worked fine so far too.
The battery drain on Android is negligible (at least for my uses) and WG is activated by Tasker whenever my home wifi is out of range. From what I can see WG is configurable via Docker compose.
Have you tried [https://github.com/zaneschepke/wgtunnel](WG Tunnel)
I use this WG client and it has options for auto-tunneling
Thanks for the link. Will take a look.
I quite like the option! I do love tasker, but if i only need auto tunneling this does it quite well!
Doesn’t work in China, can be easily blocked by censors
Russia has harsher blocks than China, meanwhile.
Who said anything about China?
OP: “I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.”
Many of the prominent https VPN protocols are for evading the great firewall of China. OP had that as a requirement, so it is not an unreasonable assumption.
If you are evading less locked down firewalls, then you don’t need as stealthy VPNs.
OP said exactly the opposite. Where the fuck do you get this stuff?
From OP’s post, of course. If OP does not need to evade firewalls that are that aggressive, then they should have settled for a less stealthy VPN solution, as many of these HTTPS proxy solutions have performance and usability (can often only proxy TCP traffic) tradeoffs.
Perhaps they have already tried the wireguard on port 443 solution, and it didn’t work for them. My high school would auto detect and block wireguard to any port. Perhaps they are in a similar situation.
Most Chinese exits through port snooping. And you really need to be on a Chinese corp network to know - if you take your western mobile there they do very little blocking.
I’ve been fairly successful with most China corp networks letting me out and in to self-hosted WG server on port 123.
Because if you’re roaming it creates a VPN, basically through the Chinese network
But it you want a lot of data, like for YouTube, you’re not going to want to pay roaming rates