Added udptunnel to circumvent some firewalls

packer/rootfs/etc/nftables.conf

@@ -29,6 +29,9 @@ table inet filter {
 		# Accept DNS traffic on the WireGuard interface.
 		iifname wg0 meta l4proto { tcp, udp } @th,16,16 53 accept;
 
+		# Accept udptunnel traffic (to circumvent some firewalls).
+		tcp dport 443 accept;
+
 		# Count dropped packets.
 		counter drop;
 	}

packer/rootfs/etc/systemd/system/udptunnel.service

@@ -0,0 +1,30 @@
+[Unit]
+Description=udptunnel service
+Requires=udptunnel.socket
+ConditionPathExists=!/etc/udptunnel/udptunnel_not_to_be_run
+
+[Service]
+Type=notify
+Restart=on-failure
+ExecStart=/usr/local/bin/udptunnel --server --verbose 127.0.0.1:51820
+StandardOutput=journal
+StandardError=journal
+DynamicUser=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RemoveIPC=yes
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target

packer/rootfs/etc/systemd/system/udptunnel.socket

@@ -0,0 +1,9 @@
+[Unit]
+Description=udptunnel socket
+
+[Socket]
+ListenStream=443
+BindIPv6Only=both
+
+[Install]
+WantedBy=sockets.target