From 5a41363422e23f65d0177588c6cd03950b16f996 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A3=8E=E6=89=87=E6=BB=91=E7=BF=94=E7=BF=BC?= Date: Tue, 20 Aug 2024 15:32:24 +0000 Subject: [PATCH] Add wireguard inbound After almost 1 year --- docs/.vuepress/config/sidebar/zh.ts | 1 + docs/config/inbounds/wireguard.md | 70 +++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 docs/config/inbounds/wireguard.md diff --git a/docs/.vuepress/config/sidebar/zh.ts b/docs/.vuepress/config/sidebar/zh.ts index 87d1bf69a..283a87839 100755 --- a/docs/.vuepress/config/sidebar/zh.ts +++ b/docs/.vuepress/config/sidebar/zh.ts @@ -41,6 +41,7 @@ export const sidebarZh: SidebarConfig = { '/config/inbounds/trojan.md', '/config/inbounds/vless.md', '/config/inbounds/vmess.md', + '/config/inbounds/wireguard.md', ], }, { diff --git a/docs/config/inbounds/wireguard.md b/docs/config/inbounds/wireguard.md new file mode 100644 index 000000000..d7a8e1131 --- /dev/null +++ b/docs/config/inbounds/wireguard.md @@ -0,0 +1,70 @@ +# Wireguard + +User-space Wireguard 协议实现。 + +::: danger +**Wireguard 协议并非专门为翻墙而设计,若在最外层过墙,存在特征可能导致服务器被封锁** +::: + +## InboundConfigurationObject + +```json +{ + "secretKey": "PRIVATE_KEY", + "peers": [ + { + "publicKey": "PUBLIC_KEY", + "allowedIPs":[""] + } + ], + "kernelMode": true, // optional, default true if it's supported and permission is sufficient + "mtu": 1420, // optional, default 1420 +} +``` + +> `secretKey`: string + +私钥。必填。 + +> `mtu`: int + +Wireguard 底层 tun 的分片大小。 + +
+MTU的计算方法 + +一个wireguard数据包的结构如下 + +``` +- 20-byte IPv4 header or 40 byte IPv6 header +- 8-byte UDP header +- 4-byte type +- 4-byte key index +- 8-byte nonce +- N-byte encrypted data +- 16-byte authentication tag +``` + +```N-byte encrypted data```即为我们需要的MTU的值,根据endpoint是IPv4还是IPv6,具体的值可以是1440(IPv4)或者1420(IPv6),如果处于特殊环境下再额外减掉即可(如家宽PPPoE额外-8)。 +
+ +> `peers`: \[ [Peers](#peers) \] + +peers 服务器列表,其中每一项是一个服务器配置。 + +### Peers + +```json +{ + "publicKey": "PUBLIC_KEY", + "allowedIPs": ["0.0.0.0/0"] // optional, default ["0.0.0.0/0", "::/0"] +} +``` + +> `publicKey`: string + +公钥,用于验证 + +> `allowedIPs`: string array + +允许的源IP \ No newline at end of file