1 жил өмнө · 215bbf11bd
--- a/README.md
+++ b/README.md
@@ -55,7 +55,9 @@ You need to make following adjustments to wireguard client config:
 
				 AllowedIPs = 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/5, 200.0.0.0/7, 202.0.0.0/8, 203.0.0.0/18, 203.0.64.0/19, 203.0.96.0/20, 203.0.112.0/24, 203.0.113.0/29, 203.0.113.8/31, 203.0.113.10/32, 203.0.113.12/30, 203.0.113.16/28, 203.0.113.32/27, 203.0.113.64/26, 203.0.113.128/25, 203.0.114.0/23, 203.0.116.0/22, 203.0.120.0/21, 203.0.128.0/17, 203.1.0.0/16, 203.2.0.0/15, 203.4.0.0/14, 203.8.0.0/13, 203.16.0.0/12, 203.32.0.0/11, 203.64.0.0/10, 203.128.0.0/9, 204.0.0.0/6, 208.0.0.0/4, 224.0.0.0/3, ::/0
			
 
				 ```
			
 
				 
			
 
				-**Note:** consider use of `-skip-hello-verify` option on server to workaround DPI if such filtering is the case for you.
			
 
				+## Additional notes
			
 
				+
			
 
				+dtlspipe server skips HelloVerify message by default in order to workaround some DPI systems. It's associated with [some DoS security risks](https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1). Please add server option `-skip-hello-verify=false` if such behavior is undesirable. Alternatively such risks may be mitigated with firewall, restricting sessions count on server port.
			
 
				 
			
 
				 ## Synopsis
			
 
				 
			
@@ -88,7 +90,7 @@ Options:
 
				   -psk string
			
 
				     	hex-encoded pre-shared key. Can be generated with genpsk subcommand
			
 
				   -skip-hello-verify
			
 
				-    	(server only) skip hello verify request. Useful to workaround DPI
			
 
				+    	(server only) skip hello verify request. Useful to workaround DPI (default true)
			
 
				   -stale-mode value
			
 
				     	which stale side of connection makes whole session stale (both, either, left, right) (default either)
			
 
				   -time-limit duration
			
--- a/cmd/dtlspipe/main.go
+++ b/cmd/dtlspipe/main.go
@@ -68,7 +68,7 @@ var (
 
				 	identity        = flag.String("identity", "", "client identity sent to server")
			
 
				 	mtu             = flag.Int("mtu", 1400, "MTU used for DTLS fragments")
			
 
				 	cpuprofile      = flag.String("cpuprofile", "", "write cpu profile to file")
			
 
				-	skipHelloVerify = flag.Bool("skip-hello-verify", false, "(server only) skip hello verify request. Useful to workaround DPI")
			
 
				+	skipHelloVerify = flag.Bool("skip-hello-verify", true, "(server only) skip hello verify request. Useful to workaround DPI")
			
 
				 	ciphersuites    = cipherlistArg{}
			
 
				 	curves          = curvelistArg{}
			
 
				 	staleMode       = util.EitherStale