The first project (swgp-go) which makes traffic resemble random noise, can be trivially blocked. The DPI calculates the ratio between number of 0 and 1 bits, and if their amount is approximately equal, and traffic doesn't match allowed protocol (like HTTPS), then the connection is blocked.
If you don't want to stand out you should use steganography and masquerade as a legitimate and popular protocol. It seems that MASQUE does exactly this.
HTTP/3 is QUIC. So you can tunnel whatever you want over a connection that is not reliably distinguishable from HTTPS. (You can do heuristics based on packet sizes and timings)
Much more effective, really. I built one such self-hostable proxy on Cloudflare Workers & Deno Deploy: https://github.com/serverless-proxy/serverless-proxy (http-tunneling only works on Deno Deploy, and requires an enterprise plan on Cloudflare but tunneling with websockets works on the free plan, as well).
My observation is that if you use a tunnel not for VPN (which typically uses one long connection) but for a SOCKS proxy (which requires a new connection for every proxied connection) then the timings strongly resemble real HTTPS timings.
There's at least 2 or more different efforts to make WireGuard DPI resistant. Ex: https://github.com/database64128/swgp-go
Interestingly, Cloudflare (and Apple?) have begun switching to MASQUE: https://blog.cloudflare.com/zero-trust-warp-with-a-masque
> Everybody should use something standard ... like QUIC, DTLS or TLS1.3, for their transport layer.
Very common for anti-censorship tools (V2Ray, XRay, Clash, Hysteria, Trojan, uTLS, Snowflake, SingBox, Outline etc) to use these.