72 lines
1.6 KiB
Markdown
72 lines
1.6 KiB
Markdown
# Wireguard
|
|
|
|
User-space implementation of the Wireguard protocol.
|
|
|
|
::: danger
|
|
**The Wireguard protocol is not specifically designed for circumvention purposes. If used as the outer layer for circumvention, its characteristics may lead to server blocking.**
|
|
:::
|
|
|
|
## InboundConfigurationObject
|
|
|
|
```json
|
|
{
|
|
"secretKey": "PRIVATE_KEY",
|
|
"peers": [
|
|
{
|
|
"publicKey": "PUBLIC_KEY",
|
|
"allowedIPs":[""]
|
|
}
|
|
],
|
|
"kernelMode": true, // optional, default true if it's supported and permission is sufficient
|
|
"mtu": 1420, // optional, default 1420
|
|
}
|
|
```
|
|
|
|
> `secretKey`: string
|
|
|
|
Private key. Required.
|
|
|
|
> `mtu`: int
|
|
|
|
Fragmentation size of the underlying Wireguard tun.
|
|
|
|
<details>
|
|
<summary>MTU Calculation Method</summary>
|
|
|
|
The structure of a Wireguard packet is as follows:
|
|
|
|
```
|
|
- 20-byte IPv4 header or 40 byte IPv6 header
|
|
- 8-byte UDP header
|
|
- 4-byte type
|
|
- 4-byte key index
|
|
- 8-byte nonce
|
|
- N-byte encrypted data
|
|
- 16-byte authentication tag
|
|
```
|
|
|
|
`N-byte encrypted data` is the MTU value we need. Depending on whether the endpoint is IPv4 or IPv6, the specific values can be 1440 (IPv4) or 1420 (IPv6). If in a special environment, subtract additional bytes accordingly (e.g., subtract 8 more bytes for PPPoE over home broadband).
|
|
|
|
</details>
|
|
|
|
> `peers`: \[ [Peers](#peers) \]
|
|
|
|
List of peer servers, where each entry is a server configuration.
|
|
|
|
### Peers
|
|
|
|
```json
|
|
{
|
|
"publicKey": "PUBLIC_KEY",
|
|
"allowedIPs": ["0.0.0.0/0"] // optional, default ["0.0.0.0/0", "::/0"]
|
|
}
|
|
```
|
|
|
|
> `publicKey`: string
|
|
|
|
Public key, used for verification.
|
|
|
|
> `allowedIPs`: string array
|
|
|
|
Allowed source IPs.
|