Comment by hrunt

> The GFW blocks WireGuard, right?

The GFW is extremely sophisticated in what it blocks and how it blocks it. I have seen it block otherwise random traffic based on packet sizes, packet patterns, stream concurrency, stream duration. It will allow connections, then probe the remote endpoint and disconnect if the probe detects banned services. It will track relationships between endpoints (e.g. blocking one resulting in traffic to another). Traffic that looks off /looks off/ and the GFW will block it -- and looking off may not be the kind of encryption or protocol, but simply how many people are using it from where and for how long.

The toughest part about working around the GFW is its consistency. Its effectiveness can vary by hour, day, political wind, etc. It can vary by what network you are on or the route your traffic takes to leave the country. The GFW isn't perfect, but it is just good enough that you give up trying.

And then every once in a while you get a news report about some VPN user getting arrested, so you get that level of paranoia, too.