1.6 KiB
Wireguard
User-space implementation of the Wireguard protocol.
::: danger The Wireguard protocol is not specifically designed for circumvention purposes. If used as the outer layer for circumvention, its characteristics may lead to server blocking. :::
InboundConfigurationObject
{
"secretKey": "PRIVATE_KEY",
"peers": [
{
"publicKey": "PUBLIC_KEY",
"allowedIPs":[""]
}
],
"kernelMode": true, // optional, default true if it's supported and permission is sufficient
"mtu": 1420, // optional, default 1420
}
secretKey: string
Private key. Required.
mtu: int
Fragmentation size of the underlying Wireguard tun.
MTU Calculation Method
The structure of a Wireguard packet is as follows:
- 20-byte IPv4 header or 40 byte IPv6 header
- 8-byte UDP header
- 4-byte type
- 4-byte key index
- 8-byte nonce
- N-byte encrypted data
- 16-byte authentication tag
N-byte encrypted data is the MTU value we need. Depending on whether the endpoint is IPv4 or IPv6, the specific values can be 1440 (IPv4) or 1420 (IPv6). If in a special environment, subtract additional bytes accordingly (e.g., subtract 8 more bytes for PPPoE over home broadband).
peers: [ Peers ]
List of peer servers, where each entry is a server configuration.
Peers
{
"publicKey": "PUBLIC_KEY",
"allowedIPs": ["0.0.0.0/0"] // optional, default ["0.0.0.0/0", "::/0"]
}
publicKey: string
Public key, used for verification.
allowedIPs: string array
Allowed source IPs.