-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
masque recently added to cloudflare warp client #418
Comments
China quickly blocked the new protocol |
@miaomiaosoft what do you mean by blocking the new protocol? The protocol should be HTTP/3; i.e., QUIC. HTTP/3, the protocol, is not blocked in China, as far as I know. Do you mean that the Warp endpoints (IP addresses or SNI) are blocked? @developer861 these articles are all at least a few months old: 2024-03-06, 2022-03-20, 2023-06-22. Did something change recently with respect to Warp and MASQUE? |
@wkrp China has blocked the masque protocol. |
@miaomiaosoft I must ask you to be more specific. "The MASQUE protocol" is QUIC. Can you point me to the source of your information, that leads you to say the MASQUE protocol is blocked? In order to be useful to researchers, the information must include some technical detail. The 'Q' in MASQUE stands for QUIC: Multiplexed Application Substrate over QUIC Encryption. That is one of the main features of MASQUE, that it's not a new custom protocol, it's a tunnel over HTTP. Working group charter: "The primary goal of this working group is to develop mechanism(s) that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside an HTTP connection." I can believe that Cloudflare Warp with MASQUE doesn't work with China. But there could be many causes of that. It doesn't necessarily mean that HTTP/3 or QUIC has been blocked. It could alternatively mean (more likely) that certain Cloudflare IP addresses or hostnames have been blocked. Or perhaps there is a distinctive feature in the way Warp uses MASQUE. Or maybe Cloudflare itself restricts access to Warp from China; I don't know, I'm not familiar with Warp. When you say "China quickly blocked", do you know an approximate date? #87 is a past thread about Apple iCloud Private Relay, which is also based on MASQUE. |
Not from china but they probably just blocked the sni or speed throttled some cloudflare ip,this is not happened in Iran yet as much as I know ,but some providers like mci already throtled udp to almost all warp wireguard ip s(have not tested masque ip s) |
@wkrp Sorry, I'm not a professional and not in China, as much as I'd like to, I can't provide more detailed information. I understand from this thread that China blocked the masque protocol over a month ago: https://www.v2ex.com/t/1074753 50 days ago, Cloudflare released an Android client that supported the masque protocol, it only survived for about three days, after which it was no longer available. Maybe it blocked the protocol or blocked the IP, I'm not sure, only that it is no longer available in China. |
i don't know the details but @RPRX here stated that it could be blocked by GFW
i saw a tweet that said it's working in isps that are blocking the wireguard connection in iran |
|
From what I have tested, WARP client initiates a QUIC connection to its ingress proxy with the SNI |
is there any way to fix this problem? |
In the Cloudflare Zero Trust panel, disable DNS filtering, i.e. select the “Secure Web Gateway without DNS filtering” option. This works for me. |
https://blog.cloudflare.com/zero-trust-warp-with-a-masque/
https://blog.cloudflare.com/unlocking-quic-proxying-potential/
https://blog.cloudflare.com/masque-building-a-new-protocol-into-cloudflare-warp/
The text was updated successfully, but these errors were encountered: