From 0cf7457092241f1081f3df287ed8cea3d4acebe1 Mon Sep 17 00:00:00 2001 From: mmmray <142015632+mmmray@users.noreply.github.com> Date: Tue, 20 Aug 2024 10:44:12 -0500 Subject: [PATCH] Add wireguard inbound (en) --- docs/.vuepress/config/sidebar/en.ts | 1 + docs/en/config/inbounds/wireguard.md | 71 ++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 docs/en/config/inbounds/wireguard.md diff --git a/docs/.vuepress/config/sidebar/en.ts b/docs/.vuepress/config/sidebar/en.ts index c10b93c2f..1ed403055 100755 --- a/docs/.vuepress/config/sidebar/en.ts +++ b/docs/.vuepress/config/sidebar/en.ts @@ -41,6 +41,7 @@ export const sidebarEn: SidebarConfig = { '/en/config/inbounds/trojan.md', '/en/config/inbounds/vless.md', '/en/config/inbounds/vmess.md', + '/en/config/inbounds/wireguard.md', ], }, { diff --git a/docs/en/config/inbounds/wireguard.md b/docs/en/config/inbounds/wireguard.md new file mode 100644 index 000000000..699b97698 --- /dev/null +++ b/docs/en/config/inbounds/wireguard.md @@ -0,0 +1,71 @@ +# Wireguard + +User-space implementation of the Wireguard protocol. + +::: danger +**The Wireguard protocol is not specifically designed for circumvention purposes. If used as the outer layer for circumvention, its characteristics may lead to server blocking.** +::: + +## InboundConfigurationObject + +```json +{ + "secretKey": "PRIVATE_KEY", + "peers": [ + { + "publicKey": "PUBLIC_KEY", + "allowedIPs":[""] + } + ], + "kernelMode": true, // optional, default true if it's supported and permission is sufficient + "mtu": 1420, // optional, default 1420 +} +``` + +> `secretKey`: string + +Private key. Required. + +> `mtu`: int + +Fragmentation size of the underlying Wireguard tun. + +
+MTU Calculation Method + +The structure of a Wireguard packet is as follows: + +``` +- 20-byte IPv4 header or 40 byte IPv6 header +- 8-byte UDP header +- 4-byte type +- 4-byte key index +- 8-byte nonce +- N-byte encrypted data +- 16-byte authentication tag +``` + +`N-byte encrypted data` is the MTU value we need. Depending on whether the endpoint is IPv4 or IPv6, the specific values can be 1440 (IPv4) or 1420 (IPv6). If in a special environment, subtract additional bytes accordingly (e.g., subtract 8 more bytes for PPPoE over home broadband). + +
+ +> `peers`: \[ [Peers](#peers) \] + +List of peer servers, where each entry is a server configuration. + +### Peers + +```json +{ + "publicKey": "PUBLIC_KEY", + "allowedIPs": ["0.0.0.0/0"] // optional, default ["0.0.0.0/0", "::/0"] +} +``` + +> `publicKey`: string + +Public key, used for verification. + +> `allowedIPs`: string array + +Allowed source IPs.