Hello,
I’ would like to put out a question to those with more technical knowledge than myself. It seems that Proton’s “Stealth” protocol is able to access a restrictive wifi network that Mullvad’s QUIC is not. If both protocols operate on the similar notion of disguising Wireguard to look like regular internet traffic, why does one work and the other not? This is not a Proton vs Mullvad issue. They are both respectable VPN services.
ProtonVPN’s Stealth protocol is developed as a fork of wireguard-go in their repository. While there may be other enhancements, from what I can see, they are using WireGuard over TLS as their base.
As you know, MullvadVPN uses WireGuard over QUIC. In the simplest terms, this means it’s WG over TLS versus WG over QUIC.
In some networks, security gateways attempt to decrypt encrypted communications for security inspection. Since QUIC is new and traffic cannot be decrypted, network administrators may block QUIC.
In such networks, WG over QUIC may fail to connect, while WG over TLS might work. Of course, there may be other reasons as well, but many networks around me still block QUIC.
Correct. Good addition is probably that quic is TLS 1.3 wrapped in a faster, UDP‑based transport.
In practise I have actually experienced that sometimes UDP 443 isn’t filtered at all. When I was at uni i used to bypass the MAC-address whitelisting with this, so that I could go online without logging in to register my devices.