banner
Bai

Bai

写代码菜的一批 🤣
twitter
telegram
tg_channel
pixiv
github
bilibili
whatsapp
HomeArchives

WireGuard + udp2raw Network Implementation Plan

#小技能1288
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author explains that due to the cancellation of their company registration, their website was also revoked by the Ministry of Industry and Information Technology. They decided to use Oracle's free small machine to bypass the registration and continue accessing their website. They encountered difficulties with UDP protocol interference during peak periods and found a solution in the udp2raw project. The author provides configuration details for both WireGuard and udp2raw, and recommends additional documentation for reference.

Preface#

Recently, I went to the Market Supervision Bureau to cancel my company registration, which resulted in the cancellation of the domain name registered under the company's record by the Ministry of Industry and Information Technology. As a result, the website can no longer be accessed. Although I decided to shut down the website, I felt it was a pity to see several servers that would still be usable for another 3 years. Therefore, I decided to use Oracle's free small machine to implement a bypass of the record. Let's get it done! Setting up WireGuard was a breeze, but I found that during peak hours, there was severe interference and blocking of the UDP protocol. I also struggled with the size of the MTU value for a long time. Frustrated, I had to go to GitHub to find if there were any useful projects. Luckily, I found the udp2raw project, and after running the service... over!

WireGuard and udp2raw#

WireGuard
A networking tool hailed as a work of art by the creator of Linux.
Official website: https://www.wireguard.com/

udp2raw
A cross-platform version of udp2raw, also known as udp2raw_mp (mp=multiplatform), supports Windows/mac/BSD/Linux.
Project address: https://github.com/wangyu-/udp2raw-multiplatform
Chinese documentation: https://github.com/wangyu-/udp2raw-multiplatform/wiki/%E4%B8%AD%E6%96%87%E6%96%87%E7%AB%A0

Implementation Principle#

image

Configuration#

WireGuard Configuration#

On the server machine, add an interface that listens on port 4321 and forwards incoming traffic.

[Interface]
PrivateKey = # Private key
Address = 10.2.0.1/24

PostUp = iptables -A FORWARD -i wg2 -j ACCEPT; iptables -A FORWARD -o wg2 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg2 -j ACCEPT; iptables -D FORWARD -o wg2 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 4321
DNS = 8.8.8.8
MTU = 1200

[Peer]
PublicKey = # Public key of machine B
AllowedIPs = 10.2.0.2/32

On the client machine, also add an interface and set the Endpoint to 127.0.0.1:3333 for incoming traffic to udp2raw.

[Interface]
PrivateKey = # Private key
Address = 10.2.0.2/24
DNS = 8.8.8.8
MTU = 1200

[Peer]
PublicKey = # Public key of machine A
Endpoint = 127.0.0.1:3333
AllowedIPs = 10.2.0.0/24

Configuration is complete. For more detailed commands, refer to the related documentation at the bottom of the article.

udp2raw Configuration#

Run the following command in the background on the server:

nohup ./udp2raw_x86 -s -l0.0.0.0:54321 -r 127.0.0.1:4321 -a -k "passwd" --raw-mode faketcp > udp2raw.log 2>&1 &

Port 54321 on the development server needs to be open.
Run the following command in the background on the client:

nohup ./udp2raw_x86 -c -l0.0.0.0:3333 -r 175.178.196.126:54321 -k "passwd" --raw-mode easy-faketcp > udp2raw.log 2>&1 &

Configuration is complete.

Related Documentation#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.