Hello

Here’s a little feedback.
In order to build a 4G router for the house, against the easily identifiable DPI blocking of the wireguard protocol, I was able to download the dietpi image for Radxa 3W: thanks to the team!

I installed wvdial to manage the 4G modem (ttyUSB modeswitch mode) and get a stable connection.

I installed dhcpd to share internet via a wifi AP, under a NAT network. Perfect.

As macron’s dictatorship is trying to freeze my standard wireguard protocol, I installed ClusterM/wg-obfuscator between the client and my wireguard server. OK for now.
The great advantage of this solution is not exposed a wireguard server directly, visiting the first is just a wg-obfucator tunnel pointing to a second VPS and so the DPI system can’t find a “wireguard” standard response and therefore macron cannot automate a blocking by DROP routing.
Example : use a new IP at at same subnet do not works, but use a another VPS provider was OK (under different network IPv4 area).

I also tested the amnezia vpn software, it’s pretty well done but only the RAY protocol works for me because of DPI’s blocking of wireguard.
In 2025 we’re using Chinese tools, thanks to them!

If you’re looking for a VPS that accepts dietpi installation via a script (dietpi-installer.sh), hostvds com is very cool!
Dietpi’s backup management is a real plus, I think.

Finally, the only litle drawback is the Radxa 3W,
I’ve never managed to get the console on the serial pin 8-10 port.
I tried 115200 and 1500000 … nothing or garbage.
I’ve read about device tree but I’m not comfortable.

I don’t know how to write root fs to onboard emmc, not a big deal at this time.

What do you think of the security level of dietpi on a vps? with update, minimal software installation and good password …

So many thanks for Dietpi project, happy to have an efficient router with only 2.5W power draw and secure enough (let’s try) for my need.

Dang…that wg-obfuscator is pretty daggum neat!

WireGuard Obfuscator

WireGuard Obfuscator is a tool designed to make WireGuard traffic look like random data or some other protocol, making it much harder to detect by DPI (Deep Packet Inspection) systems. This can be extremely useful if your ISP or government attempts to block or throttle WireGuard traffic.

Project Goals:

• Compact and dependency-free: The application is designed to be as lightweight as possible, with absolutely no external dependencies. This makes it suitable even for installation on minimal hardware such as basic home routers.

• Independent obfuscator: Instead of maintaining a separate fork of WireGuard, the obfuscator is built to be fully independent of the VPN client/server. This allows seamless integration into an existing network architecture, or even running the obfuscator on a separate device if the device running the WireGuard client cannot support additional applications.

• Preserve bandwidth efficiency: The obfuscator continues to use only UDP and introduces minimal overhead to the size of original packets, ensuring maximum throughput is maintained.

What it’s NOT:

• Not a standalone solution: You need to use this tool on both ends. You must run the obfuscator on both the WireGuard client and server sides to ensure proper obfuscation and deobfuscation of traffic. So, you can’t use it with 3rd-party VPN servers. If you want to bypass your ISP’s restrictions or censorship, you need to run your own VPN server (e.g., on a VPS) and connect to it using WireGuard.

• Not a VPN: This is not a VPN service or a WireGuard client/server. It only obfuscates WireGuard traffic.

Yep I like the way of NATing indesirable probing with dumb password encryption.
If bad guys can drop my legitimate packets, i can also drop them in a blackhole

Maybe it’s can work for “ssh -vND” poor man socks5 proxy, but need to understand how it’s working related to wireguard protocol. Obfuscating ssh server is not a bad joke.

I will feedback here if they drop again my secure link in the future.

Hello,

dd a fresh dietpi img directly on /dev/mmc work fine.
I restore an backup done previously from dietpi running sdcard root.

emmc 8gb is decent : 40MB Write 150MB Read (dietpi bench)
Wifi AP mode is stable with good iperf3 (1min test) performance
17.5 Mbits/sec Wifi 4

34.1 Mbits/sec Wifi 5

44.6 Mbits/sec Wifi 6

Hi,

just for update the wg link quality, i found several attack with 50% packet loss but the link is stable enough to keep ssh connection alive, very cool!
Restarting wg-stuff server, rollup key config is easy even under attack and the standard wireguard link stay alive.
I think the next move will be to hardening a little bit the encryption with automatic packet loss test to roll the key, because i think they try to find a signature or a faillure somewhere, let’s these ass collecting bad quality data.

I ‘m totaly legit activity, illegal activity is from black op gouv team they need to control the narative and train on profile like me, just with a litle bit above knowlege the standard cityzen users they want to control, easy to inject bad activity in your name to uncredit your social score with the databrokers economy easy way to cancel people. with wg, they can’t and they fight ugly!

Free speech is not negociable