search

GFW-knocker / MahsaNG

a V2RayNG with Fragment , DoH , Rotating Configs , & free VPN servers
GNU General Public License v3.0
1.71k stars 203 forks source link

Suggestions to improve WARP #49

Open Phoenix-999 opened 3 weeks ago

Phoenix-999 commented 3 weeks ago

@GFW-knocker

Here are some suggestions to improve WARP in the outbounds:

In the IPV6 section, consider adding a subnet with a prefix length.

"XXXXXXXXXXXXXXXX/128" // Place IPV6 Here

Example

  "address": [
          "172.16.0.2/32",
          "2606:4800:110:8a79:a425:5c48:2e2e:16a7/128" // Place IPV6 Here
        ],

/128 for Individual Hosts:

Advantage: Provides a single, unique address for a specific host/device. Consideration: No room for additional hosts on the same subnet. It's a point-to-point connection. Use Case: Appropriate for scenarios where each IPv6 address corresponds to a specific, dedicated device.

Larger Subnet (e.g., /64):

Advantage: Allows for multiple hosts within the same subnet. Consideration: Subnets smaller than /64 are generally not recommended due to IPv6 design principles. Use Case: Suitable for scenarios where you have multiple devices on the same network segment.

Consider adding reserved field in a WireGuard configuration, such as:

"reserved": ["X", "X", "X"], // Place Reserved Here

Example

"reserved": [
    224,
    83,
    255
]

Advantages:

Conflict Avoidance: The reserved values help prevent conflicts and unintended use of specific IP addresses that might have special meanings or functions. Future-Proofing: By reserving certain values, the configuration is prepared for potential future changes or additions to the network without disrupting existing assignments.

Here an example of the complete WireGuard Outbound 

// WARP IPv4 Outbound
{
  "protocol": "freedom",
  "settings": {
    "domainStrategy": "UseIPv4"
  },
  "proxySettings": {
    "tag": "wireguard"
  },
  "tag": "warp-IPv4"
},
// WARP IPv6 Outbound
{
  "protocol": "freedom",
  "settings": {
    "domainStrategy": "UseIPv6"
  },
  "proxySettings": {
    "tag": "wireguard"
  },
  "tag": "warp-IPv6"
},
// WireGuard Outbound
{
  "protocol": "wireguard",
  "settings": {
    "secretKey": "XXXXXXXXXXXXXXXXXXXXX", // Place WireGuard Secret Key
    "address": [
      "172.16.0.2/32",
      "XXXXXXXXXXXXXXXX/128" // Place IPV6 Here
    ],
    "workers": 2,
    "domainStrategy": "ForceIP",
    "peers": [
      {
        "publicKey": "XXXXXXXXXXXXXXXXXXXXX", // Place WireGuard Public Key Here
        "allowedIPs": [
          "0.0.0.0/0",
          "::/0"
        ],
        "endpoint": "engage.cloudflareclient.com:2408",
        "keepAlive": 0
      }
    ],
    "reserved": ["X", "X", "X"], // Place Reserved Here
    "mtu": 1280,
    "domainStrategy": "ForceIPv4"
  },
  "tag": "wireguard"
}

P.S.: I understand that the phrase "Thank you" might be a rare sentiment and an uncommon commodity in your department, but we want you to know that we genuinely appreciate your efforts. Even those who use the free internet every day without knowing the risks you take by compromising your own safety and security to ensure we can connect to free Internet. Thank you for shouldering these burdens with strength and dedication.

"When injustice becomes law, resistance becomes duty."