banner
Bai

Bai

写代码菜的一批 🤣
twitter
telegram
tg_channel
pixiv
github
bilibili
whatsapp

WireGuard + udp2raw Network Implementation Plan

Preface#

Recently, I went to the Market Supervision Bureau to cancel my company registration, which resulted in the cancellation of the domain name registered under the company's record by the Ministry of Industry and Information Technology. As a result, the website can no longer be accessed. Although I decided to shut down the website, I felt it was a pity to see several servers that would still be usable for another 3 years. Therefore, I decided to use Oracle's free small machine to implement a bypass of the record. Let's get it done! Setting up WireGuard was a breeze, but I found that during peak hours, there was severe interference and blocking of the UDP protocol. I also struggled with the size of the MTU value for a long time. Frustrated, I had to go to GitHub to find if there were any useful projects. Luckily, I found the udp2raw project, and after running the service... over!

WireGuard and udp2raw#

WireGuard
A networking tool hailed as a work of art by the creator of Linux.
Official website: https://www.wireguard.com/

udp2raw
A cross-platform version of udp2raw, also known as udp2raw_mp (mp=multiplatform), supports Windows/mac/BSD/Linux.
Project address: https://github.com/wangyu-/udp2raw-multiplatform
Chinese documentation: https://github.com/wangyu-/udp2raw-multiplatform/wiki/%E4%B8%AD%E6%96%87%E6%96%87%E7%AB%A0

Implementation Principle#

image

Configuration#

WireGuard Configuration#

On the server machine, add an interface that listens on port 4321 and forwards incoming traffic.

[Interface]
PrivateKey = # Private key
Address = 10.2.0.1/24

PostUp = iptables -A FORWARD -i wg2 -j ACCEPT; iptables -A FORWARD -o wg2 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg2 -j ACCEPT; iptables -D FORWARD -o wg2 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 4321
DNS = 8.8.8.8
MTU = 1200

[Peer]
PublicKey = # Public key of machine B
AllowedIPs = 10.2.0.2/32

On the client machine, also add an interface and set the Endpoint to 127.0.0.1:3333 for incoming traffic to udp2raw.

[Interface]
PrivateKey = # Private key
Address = 10.2.0.2/24
DNS = 8.8.8.8
MTU = 1200

[Peer]
PublicKey = # Public key of machine A
Endpoint = 127.0.0.1:3333
AllowedIPs = 10.2.0.0/24

Configuration is complete. For more detailed commands, refer to the related documentation at the bottom of the article.

udp2raw Configuration#

Run the following command in the background on the server:

nohup ./udp2raw_x86 -s -l0.0.0.0:54321 -r 127.0.0.1:4321 -a -k "passwd" --raw-mode faketcp > udp2raw.log 2>&1 &

Port 54321 on the development server needs to be open.
Run the following command in the background on the client:

nohup ./udp2raw_x86 -c -l0.0.0.0:3333 -r 175.178.196.126:54321 -k "passwd" --raw-mode easy-faketcp > udp2raw.log 2>&1 &

Configuration is complete.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.