Using OpenWRT to bypass strict office firewall (UDP blocked) – ProtonVPN WireGuard TCP / OpenVPN TCP 443 guidance needed

Installing and Using OpenWrt
1

Hello everyone,

I am using OpenWRT on my own router and connecting it to a very strict office Wi-Fi firewall. The firewall behavior is as follows:

  • UDP traffic is blocked or heavily restricted

  • Only TCP 80/443 works reliably

  • Standard VPN protocols are blocked

    • WireGuard (UDP) :cross_mark:

    • OpenVPN UDP :cross_mark:

  • VPN works only when it looks like normal HTTPS traffic

On Android, ProtonVPN works using “WireGuard TCP” / Stealth, but I understand this is a Proton proprietary implementation and not standard WireGuard.

My goal is:

  • Use OpenWRT as a VPN gateway

  • Connect all devices behind the router through the VPN

Is there any known way (present or experimental) to replicate Proton’s WireGuard TCP / obfuscated WireGuard behavior on OpenWRT?

2

Is there a Linux client (with published source code) where this feature is available?

1 Like
3

No, I don’t think so, i only tested proton and windscribe on ios and android both are working fine with wireguard tcp 443.

4

Then it's a no go, unless someone managed to reverse engineer their implementation the "stealth protocol".

1 Like
5

Openvpn can work with tcp

If the openvpn protocol itself is blocked you can use the scramble options

2 Likes
6

Does your very strict office allow you to byod?

2 Likes
7

yes but with limitation like we can not access social media and like shopping sites.

1 Like
8

Trying to bypass those restrictions sounds like a great idea .... not.

1 Like
9

:slight_smile: what else we can do in our work premises…btw im just trying to get rid of connecting vpn in my phone to like every hour because it get disonnect after some times.

10

can i use proton ovpn file with it? because its free

11

Ask proton

1 Like
12

You can try this:
https://codeberg.org/eduVPN/proxyguard (https://docs.eduvpn.org/server/v3/wireguard.html#wireguard-over-tcp)
or this
https://github.com/mullvad/udp-over-tcp

1 Like
13

You can run OpenVPN server on 443/tcp. Obviously will not work if they make DPI like SNI decoding.

2 Likes
14

Sounds a bit like what “TrustTunnel” by AdGuard aims to do. But it’s new (at least having the protocol publicly available is) and as of now, there are only linux-x86_64 builds and no OpenWRT package.

1 Like
15

You can bolt pppd on both ends of ssl connection and call it aisfkhan-VPN

1 Like
16

i have already tried to setup vpn server on my home router but the problem is my home router is behind so many NAT.

i live in a building consist of 120+ apartments and im using shared internet in my home so it is imposible to get Public WAN ip.

17

Thanks for the detailed explanation.

I understand now that OpenVPN scramble/xor requires patched OpenVPN on both client and server, and therefore depends entirely on VPN provider support.

Since ProtonVPN does not support OpenVPN scramble/xor on the server side, this approach is not applicable in my case.

1 Like
18

Buy a cloud server or a mobile subscription....

2 Likes