Tunnel wireguard (or any UDP traffic) inside HTTPS

Wireguard is pretty hot these days, deservedly so. I'm also eager to replace OpenVPN by Wireguard.

However, unlike OpenVPN, Wireguard only supports UDP. I like to use TCP port 443 because this port is likely not blocked by a firewall. OpenVPN even has an option to use an HTTP proxy. This is pretty cool, because it enables me to get full, unrestricted internet access in networks that don't have a route to the internet and require users to use a web proxy instead.

How can I achieve the same with wireguard? An HTTPS tunnel that works for UDP?

Let's assume both endpoints are running Linux, I have full root access to both, and of course I have permission by everyone involved to do this.


This seems to do exactly what I want, even though you need cntlm as an additional proxy if the proxy requires NTLM authentication.