Skip to content

Instantly share code, notes, and snippets.

@andrew-aladjev

andrew-aladjev/iptabled-down.server.sh

Forked from insdavm/wireguard-over-tcp.md
Last active April 22, 2024 09:09
Show Gist options
  • Save andrew-aladjev/32d7a5ffea54eb55cf3856cb58eb91c9 to your computer and use it in GitHub Desktop.
Save andrew-aladjev/32d7a5ffea54eb55cf3856cb58eb91c9 to your computer and use it in GitHub Desktop.
Download ZIP
WireGuard over TCP with udptunnel
Raw
iptabled-down.server.sh
#!/bin/bash
set -e
WG_INTERFACE="$1"
IPV4_NETWORK="$2"
IPV6_NETWORK="$3"
NET_INTERFACE="$4"
iptables -D FORWARD -i "$WG_INTERFACE" -j ACCEPT
ip6tables -D FORWARD -i "$WG_INTERFACE" -j ACCEPT
iptables -t nat -D POSTROUTING -s "$IPV4_NETWORK" -o "$NET_INTERFACE" -j MASQUERADE
ip6tables -t nat -D POSTROUTING -s "$IPV6_NETWORK" -o "$NET_INTERFACE" -j MASQUERADE
Raw
iptables-up.server.sh
#!/bin/bash
set -e
WG_INTERFACE="$1"
IPV4_NETWORK="$2"
IPV6_NETWORK="$3"
NET_INTERFACE="$4"
iptables -A FORWARD -i "$WG_INTERFACE" -j ACCEPT
ip6tables -A FORWARD -i "$WG_INTERFACE" -j ACCEPT
iptables -t nat -A POSTROUTING -s "$IPV4_NETWORK" -o "$NET_INTERFACE" -j MASQUERADE
ip6tables -t nat -A POSTROUTING -s "$IPV6_NETWORK" -o "$NET_INTERFACE" -j MASQUERADE
Raw
udptunnel-down.client.sh
#!/bin/bash
set -e
WG_INTERFACE="$1"
WG_RUN_DIR_PATH="/var/run/wireguard"
WG_LOG_DIR_PATH="/var/log/wireguard"
WG_TUNNEL_PID_PATH="${WG_RUN_DIR_PATH}/udptunnel-${WG_INTERFACE}.pid"
WG_TUNNEL_LOG_PATH="${WG_LOG_DIR_PATH}/udptunnel-${WG_INTERFACE}.log"
WG_TUNNEL_PID=$(cat "$WG_TUNNEL_PID_PATH" || :)
if [ ! -z "$WG_TUNNEL_PID" ]; then
kill -9 "$WG_TUNNEL_PID" || :
fi
rm -f "$WG_TUNNEL_PID_PATH" || :
rm -f "$WG_TUNNEL_LOG_PATH" || :
Raw
udptunnel-down.server.sh
#!/bin/bash
set -e
WG_INTERFACE="$1"
WG_RUN_DIR_PATH="/var/run/wireguard"
WG_LOG_DIR_PATH="/var/log/wireguard"
WG_TUNNEL_PID_PATH="${WG_RUN_DIR_PATH}/udptunnel-${WG_INTERFACE}.pid"
WG_TUNNEL_LOG_PATH="${WG_LOG_DIR_PATH}/udptunnel-${WG_INTERFACE}.log"
WG_TUNNEL_PID=$(cat "$WG_TUNNEL_PID_PATH" || :)
if [ ! -z "$WG_TUNNEL_PID" ]; then
kill -9 "$WG_TUNNEL_PID" || :
fi
rm -f "$WG_TUNNEL_PID_PATH" || :
rm -f "$WG_TUNNEL_LOG_PATH" || :
Raw
udptunnel-up.client.sh
#!/bin/bash
set -e
WG_INTERFACE="$1"
TCP_HOST="$2"
TCP_PORT="$3"
UDP_PORT="$4"
WG_RUN_DIR_PATH="/var/run/wireguard"
mkdir -p "$WG_RUN_DIR_PATH"
WG_LOG_DIR_PATH="/var/log/wireguard"
mkdir -p "$WG_LOG_DIR_PATH"
WG_TUNNEL_PID_PATH="${WG_RUN_DIR_PATH}/udptunnel-${WG_INTERFACE}.pid"
WG_TUNNEL_LOG_PATH="${WG_LOG_DIR_PATH}/udptunnel-${WG_INTERFACE}.log"
udptunnel "127.0.0.1:${UDP_PORT}" "${TCP_HOST}:${TCP_PORT}" > "$WG_TUNNEL_LOG_PATH" 2>&1 &
echo $! > "$WG_TUNNEL_PID_PATH"
Raw
udptunnel-up.server.sh
#!/bin/bash
set -e
WG_INTERFACE="$1"
TCP_PORT="$2"
UDP_PORT="$3"
WG_RUN_DIR_PATH="/var/run/wireguard"
mkdir -p "$WG_RUN_DIR_PATH"
WG_LOG_DIR_PATH="/var/log/wireguard"
mkdir -p "$WG_LOG_DIR_PATH"
WG_TUNNEL_PID_PATH="${WG_RUN_DIR_PATH}/udptunnel-${WG_INTERFACE}.pid"
WG_TUNNEL_LOG_PATH="${WG_LOG_DIR_PATH}/udptunnel-${WG_INTERFACE}.log"
udptunnel -s "$TCP_PORT" "127.0.0.1:${UDP_PORT}" > "$WG_TUNNEL_LOG_PATH" 2>&1 &
echo $! > "$WG_TUNNEL_PID_PATH"
Raw
wg1.client.conf
[Interface]
PrivateKey = <key>
Address = 10.10.1.2/32, fd01::2/128
PostUp = /etc/wireguard/udptunnel-up.client.sh wg1 <host> 443 7001
PostDown = /etc/wireguard/udptunnel-down.client.sh wg1
[Peer]
PublicKey = <key>
AllowedIPs = 10.10.1.0/24, fd01::/64
Endpoint = 127.0.0.1:7001
PersistentKeepalive = 25
Raw
wg1.server.conf
[Interface]
Address = 10.10.1.1/24, fd01::1/64
ListenPort = 7001
PrivateKey = <key>
PostUp = /etc/wireguard/iptables-up.server.sh wg1 10.10.1.1/24 fd01::1/64 eno0 && /etc/wireguard/udptunnel-up.server.sh wg1 443 7001
PostDown = /etc/wireguard/iptables-down.server.sh wg1 10.10.1.1/24 fd01::1/64 eno0 && /etc/wireguard/udptunnel-down.server.sh wg1
[Peer]
PublicKey = <key>
AllowedIPs = 10.10.1.2/32, fd01::2/128
PersistentKeepalive = 25
Raw
wireguard-over-tcp.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment