Skip to content

Instantly share code, notes, and snippets.

@iykex
Forked from hamid-rostami/README.md
Created November 27, 2023 22:40
Show Gist options
  • Save iykex/e9c9da73f4b735f5aa04ce94b6c200c0 to your computer and use it in GitHub Desktop.
Save iykex/e9c9da73f4b735f5aa04ce94b6c200c0 to your computer and use it in GitHub Desktop.
wireguard over TCP

To pass wireguard's traffic through a TCP tunnel by using udp2raw

Requirements

For Arch linux, install udp2raw by pacman: pacman -S udp2raw

For Debian or Ubuntu, you can use a binary release from: https://github.com/wangyu-/udp2raw/releases

Then, install it under /sbin directory. For example, on a x86_64 system:

wget https://github.com/wangyu-/udp2raw/releases/download/20200818.0/udp2raw_binaries.tar.gz
tar xzvf udp2raw_binaries.tar.gz
sudo mv udp2raw_amd64 /sbin

Instruction:

  • Replace private and public keys in configuration files
  • Replace password in udp2raw command in both server's and client's configuration file
  • Change YOUR-SERVER-IP in client's config file (in udp2raw command) to your server IP address
  • On both server and client, copy corresponding config file to /etc/wireguard/wg0
  • Start wireguard on both server and client: sudo systemclt start wg-quick@wg0
  • Check connectivity by performing a ping command from client: ping 10.8.0.1

Notes:

  • Please note that based on the configuration provided, by udp2raw command, port 4096 of your server will be exposed to the world. Of course, you can change it to another port number.
  • If it doesn't work, remove PreUp and Postdown lines from both configs and run udp2raw commands in command-line with a --log-level option to see if TCP tunnel can be successfully established.
# Client configuration
[Interface]
PrivateKey = YOUR-CLIENT-PRIVATE-KEY
Address = 10.8.0.2/32
MTU = 1200
PreUp = udp2raw -c -l 127.0.0.1:51820 -r YOUR-SERVER-IP:4096 -k "your-password" --raw-mode faketcp -a --log-level 0 &
Postdown = pkill -f "udp2raw.*:51820"
[Peer]
PublicKey = 1w2ffwBzjyJMtPGB2QEe9hFHZ7bUyw3+cxhBC+OZfyM=
AllowedIPs = 10.8.0.0/24
Endpoint = 127.0.0.1:51820
PersistentKeepalive = 20
# Server configuration
[Interface]
Address = 10.8.0.1/24
MTU = 1200
ListenPort = 51820
PrivateKey = YOUR-SERVER-PRIVATE-KEY
PreUp = sudo udp2raw -s -l 0.0.0.0:4096 -r 127.0.0.1:51820 -k "your-password" --raw-mode faketcp -a --log-level 0 &
Postdown = pkill -f "udp2raw.*:51820"
# Add your peers here
[Peer]
PublicKey = 1w2ffwBzjyJMtPGB2QEe9hFHZ7bUyw3+cxhBC+OZfyM=
AllowedIPs = 10.8.0.2/32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment