Avoid SNI snooping without VPN

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Mick2k1 on 2023-08-07 16:19:02.

Hello! I live in a kind of student house and in order to use internet I must bypass a captive portal with my university credentials

I moved my glinet with adguard home to nextdns to, eventually, a self hosted adguard home with DoH/DoT

Now the problem is that the domains I visit are plain text both in the DNS as in the TLS as the SNI.. I managed to encrypt the first ones but have no idea how to cope with the SNI..

So far my only solution has been hosting a wireguard server and using this self hosted VPN H24, obviously this solution is a bit of a workaround, performances are a bit bad (even because my vps is in USA while I'm in Europe)..

I checked the many new proposed protocols that will encrypt SNI but as of today are still experimental and not supported

Do you all think I'm worrying for nothing or there is another way to hide the SNI? I was thinking a way of using my vps, encrypting the SNI from me to vps and resolving the SNI there (a proxy actually) but didn't study yet on this

Thank you all!