2023-01-02 15:58:11 +00:00
# Wireguard
2023-06-14 14:17:07 +00:00
Wireguard is a standard implementation of the Wireguard protocol.
2023-01-02 15:58:11 +00:00
::: danger
2023-06-14 14:17:07 +00:00
**The Wireguard protocol is not specifically designed for circumvention purposes. If used as the outer layer for circumvention, its characteristics may lead to server blocking.**
2023-01-02 15:58:11 +00:00
:::
## OutboundConfigurationObject
```json
{
"secretKey": "PRIVATE_KEY",
"address": [
// optional, default ["10.0.0.1", "fd59:7153:2388:b5fd:0000:0000:0000:0001"]
"IPv4_CIDR",
"IPv6_CIDR",
"and more..."
],
"peers": [
{
"endpoint": "ENDPOINT_ADDR",
"publicKey": "PUBLIC_KEY"
}
],
"mtu": 1420, // optional, default 1420
"workers": 2 // optional, default runtime.NumCPU()
}
```
::: tip
2023-06-14 14:17:07 +00:00
Currently, the Wireguard protocol outbound does not support setting `streamSettings` .
2023-01-02 15:58:11 +00:00
:::
> `secretKey`: string
2023-06-14 14:17:07 +00:00
The user's private key. Required.
2023-01-02 15:58:11 +00:00
> `address`: string array
2023-06-14 14:17:07 +00:00
Wireguard will create a virtual network interface `tun` locally. Use one or more IP addresses, including IPv6.
2023-01-02 15:58:11 +00:00
> `mtu`: int
2023-06-14 14:17:07 +00:00
The fragment size of the underlying `tun` device in Wireguard.
2023-01-02 15:58:11 +00:00
> `workers`: int
2023-06-14 14:17:07 +00:00
The number of threads used by Wireguard.
2023-01-02 15:58:11 +00:00
> `peers`: \[ [Peers](#peers) \]
2023-06-14 14:17:07 +00:00
A list of Wireguard servers, where each item is a server configuration.
2023-01-02 15:58:11 +00:00
### Peers
```json
{
"endpoint": "ENDPOINT_ADDR",
"publicKey": "PUBLIC_KEY",
"preSharedKey": "PRE_SHARED_KEY", // optional, default "0000000000000000000000000000000000000000000000000000000000000000"
"keepAlive": 0, // optional, default 0
"allowedIPs": ["0.0.0.0/0"] // optional, default ["0.0.0.0/0", "::/0"]
}
```
> `endpoint`: address
2023-06-14 14:17:07 +00:00
The server address. Required.
2023-01-02 15:58:11 +00:00
::: tip
2023-06-14 14:17:07 +00:00
Use the format `url:port` , for example, `engage.cloudflareclient.com:2408` .
2023-01-02 15:58:11 +00:00
:::
> `publicKey`: string
2023-06-14 14:17:07 +00:00
The server's public key used for verification. Required.
2023-01-02 15:58:11 +00:00
> `preSharedKey`: string
2023-06-14 14:17:07 +00:00
An additional symmetric encryption key.
2023-01-02 15:58:11 +00:00
> `keepAlive`: int
2023-06-14 14:17:07 +00:00
The interval of keep-alive packets in seconds. The default is 0, which means no keep-alive.
2023-01-02 15:58:11 +00:00
> `allowedIPs`: string array
2023-06-14 14:17:07 +00:00
Only allow traffic from specific source IP addresses in Wireguard.
