Will there be any danger in no encryption mode, if the encapsulation protocol already has strong encryption?

[stevefan1999-personal]

For example, although it is typically good to have all everything encrypted (e.g. WireGuard had some headers leakable, in particular the first ~20 bytes are WG metadata which is easily detectable), but I have WireGuard and PSK, so even the packet headers itself is wrapped in proper secrecy, akin to SS/v2ray.

I wrapped up the packets already and I don't want to do a second level encryption which is redundant so as to save processing power from, say on my much weaker router that maybe doesn't have AESNI/ARM AES extension and such. (also this is going to run on a IPQ4018-based OpenWRT router that runs udp2raw 24/7 with BGP routing and every single bit of performance is critical so I'm very concerned about AES on ARM performance)

And in this case, is using no encryption mode (none) going to have any caveats?

[wangyu-]

1. udp2raw has it's own header, if with no encryption, there will be header leakage problem for udp2raw (similiar to the header leakage of wireguard you mentioned). In other words, firewalls will be able to know your are using udp2raw easily.

2. anybody will be able to connect to your udp2raw server. an attacker may establish a huge amout of connections to your upd2raw server, and use up your memory of server, and cause Denial of Service

If possible, use xor as "encryption", it's not really an encryption, but better than nothing.