1 سال پیش · ca1c69b281
--- a/README.md
+++ b/README.md
@@ -55,7 +55,9 @@ You need to make following adjustments to wireguard client config:
 
															 AllowedIPs = 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/5, 200.0.0.0/7, 202.0.0.0/8, 203.0.0.0/18, 203.0.64.0/19, 203.0.96.0/20, 203.0.112.0/24, 203.0.113.0/29, 203.0.113.8/31, 203.0.113.10/32, 203.0.113.12/30, 203.0.113.16/28, 203.0.113.32/27, 203.0.113.64/26, 203.0.113.128/25, 203.0.114.0/23, 203.0.116.0/22, 203.0.120.0/21, 203.0.128.0/17, 203.1.0.0/16, 203.2.0.0/15, 203.4.0.0/14, 203.8.0.0/13, 203.16.0.0/12, 203.32.0.0/11, 203.64.0.0/10, 203.128.0.0/9, 204.0.0.0/6, 208.0.0.0/4, 224.0.0.0/3, ::/0
														
 
															 ```
														
 
															-**Note:** consider use of `-skip-hello-verify` option on server to workaround DPI if such filtering is the case for you.
														
 
															+## Additional notes
														
 
															+
														
 
															+dtlspipe server skips HelloVerify message by default in order to workaround some DPI systems. It's associated with [some DoS security risks](https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1). Please add server option `-skip-hello-verify=false` if such behavior is undesirable. Alternatively such risks may be mitigated with firewall, restricting sessions count on server port.
														
 
															 ## Synopsis
														
@@ -88,7 +90,7 @@ Options:
 
															   -psk string
														
 
															     	hex-encoded pre-shared key. Can be generated with genpsk subcommand
														
 
															   -skip-hello-verify
														
 
															-    	(server only) skip hello verify request. Useful to workaround DPI
														
 
															+    	(server only) skip hello verify request. Useful to workaround DPI (default true)
														
 
															   -stale-mode value
														
 
															     	which stale side of connection makes whole session stale (both, either, left, right) (default either)
														
 
															   -time-limit duration
														
--- a/cmd/dtlspipe/main.go
+++ b/cmd/dtlspipe/main.go
@@ -68,7 +68,7 @@ var (
 
															 	identity        = flag.String("identity", "", "client identity sent to server")
														
 
															 	mtu             = flag.Int("mtu", 1400, "MTU used for DTLS fragments")
														
 
															 	cpuprofile      = flag.String("cpuprofile", "", "write cpu profile to file")
														
 
															-	skipHelloVerify = flag.Bool("skip-hello-verify", false, "(server only) skip hello verify request. Useful to workaround DPI")
														
 
															+	skipHelloVerify = flag.Bool("skip-hello-verify", true, "(server only) skip hello verify request. Useful to workaround DPI")
														
 
															 	ciphersuites    = cipherlistArg{}
														
 
															 	curves          = curvelistArg{}
														
 
															 	staleMode       = util.EitherStale