TLS SNI (Server Name Indication) Spoofing

Greetings,

I'm exploring methods to enhance privacy and circumvent censorship by implementing TLS SNI (Server Name Indication) spoofing on my GL.iNet GL-MT6000 (Flint 2) router. I understand this involves advanced configurations, and I'm seeking guidance on the following:

Feasibility: Is TLS SNI spoofing achievable on the GL-MT6000 running OpenWrt?

Required Tools: What packages or software are necessary to facilitate SNI spoofing on this specific model?

Configuration Steps: Could someone provide a step-by-step guide or point me to relevant resources tailored for the GL-MT6000?

I have a foundational understanding of network protocols and am comfortable with command-line interfaces. Any insights, experiences, or resources you can share would be greatly appreciated.

Thank you in advance for your assistance.

Best regards,

I am not aware of any method to use this on OpenWrt, neither would I understand the requirement. Just go full VPN.

They want to bypass website blocks by their ISP and are specifically interested in using SNI spoofing, not VPNs.

SNI Spoofing works only, if the ASN is the same, doesn't it? You can't just spoof any SNI because the server would reject or show the default page then.

Sounds like some old legacy method. This can only work if the censorship system does not perform deep packet inspection (DPI) beyond the initial TLS handshake.