1个不稳定版本

0.1.0	2023年8月20日

#17 in #udp-packet

MIT/Apache

15KB
196 代码行

wg2gue

将Wireguard加密的IP数据包与普通IP-over-UDP（即FOU/GUE）数据报文进行转换的工具。类似于boringtun-cli，但不是使用tun接口，而是使用另一个UDP套接字。

功能

与一个Wireguard对等方保持连接
发送和接收FOU或GUE IPv4或IPv6数据包。
定期向FOU端口发送空UDP数据报文，以避免旧的NAT条目。
定期打印统计信息

示例会话

# ip netns add peer1
$ wg genkey | tee /dev/stderr | wg pubkey
OGCvzGq9bbbiuiEXwHpdsK9QXEc13/2az0we5z7DCls=
tGk/3hzFBUuG21EZ4iTN/ZChl4PYKtkfx31TDCz8wgI=
$ wg genkey | tee /dev/stderr | wg pubkey
GKLlQK+pdrdmX6M/1eujcZcjlBC8kvHPsQFznW6vuWI=
IVbkRatA+KK2nE7GYuM+vPr/aWUK3VjmDQNAHaP21S8=
# ip link add peer1 type wireguard
# wg set peer1 listen-port 1929 private-key <(echo OGCvzGq9bbbiuiEXwHpdsK9QXEc13/2az0we5z7DCls=) peer IVbkRatA+KK2nE7GYuM+vPr/aWUK3VjmDQNAHaP21S8= endpoint 127.0.0.1:1930  allowed-ips fd00::2/128
# ip link set peer1 netns peer1
# ip netns exec peer1 ip link set peer1 up
# ip netns exec peer1 ip addr add fd00::1/128 dev peer1
# ip netns exec peer1 ip route add fd00::2/128 dev peer1

$ wg2gue -k GKLlQK+pdrdmX6M/1eujcZcjlBC8kvHPsQFznW6vuWI= -K tGk/3hzFBUuG21EZ4iTN/ZChl4PYKtkfx31TDCz8wgI=  -b 127.0.0.1:1930 --gue-bind-ip-port 127.0.0.1:1931 --gue-peer-endpoint 127.0.0.1:1932

# ip netns add peer2
# ip fou add port 1932 gue
# ip link add peer2  type sit remote 127.0.0.1 local 127.0.0.1 encap gue encap-sport 1932 encap-dport 1931 encap-csum
# ip link set peer2 netns peer2
# ip netns exec peer2 ip link set peer2 up
# ip netns exec peer2 ip addr add fd00::2/128 dev peer2
# ip netns exec peer2 ip route add fd00::1/128 dev peer2

# ip netns exec peer2 ping fd00::1
64 bytes from fd00::1: icmp_seq=1 ttl=64 time=48.7 ms
64 bytes from fd00::1: icmp_seq=2 ttl=64 time=0.960 ms

安装

从Github发行版下载预构建的可执行文件，或者使用以下命令从源代码安装：cargo install --path . 或 cargo install wg2gue。

CLI选项

wg2gue --help 输出

Usage: wg2gue [-k <private-key>] [-f <private-key-file>] -K <peer-key> [-p <wg-peer-endpoint>] [-a <wg-keepalive-interval>] -b <wg-bind-ip-port> -g <gue-bind-ip-port> [-G <gue-peer-endpoint>] [-A <gue-keepalive-interval>] [--print-stats-interval <print-stats-interval>]

Expose internet access without root using Wireguard

Options:
  -k, --private-key main private key of this Wireguard node, base64-encoded
  -f, --private-key-file
                    main private key of this Wireguard node (content of a
                    specified file), base64-encoded
  -K, --peer-key    peer's public key
  -p, --wg-peer-endpoint
                    address of the peer's UDP socket, where to send keepalives
  -a, --wg-keepalive-interval
                    wireguard keepalive interval, in seconds
  -b, --wg-bind-ip-port
                    where to bind UDP socket for Wireguard connection
  -g, --gue-bind-ip-port
                    where to bind UDP socket for GUE/FOU
  -G, --gue-peer-endpoint
                    send GUE/FOU datagrams to that socket address, not use
                    remembered recvfrom address.
  -A, --gue-keepalive-interval
                    send empty UDP datagrams to the GUE/FOU peer with this
                    interval, in seconds
  --print-stats-interval
                    print stats to stdout each N milliseconds
  --help            display usage information

依赖项

~14–29MB
~489K SLoC