Add wireguard to the GUI as config option

[imagecreation1]

Description suggestions

Please add the Wireguard option to the GUI of nekoray. sing-box works with wireguard and supports it, but there is still no option to add configuration.

Necessity of recommendations

Well, since sing-box supports wireguard, why not? Besides, it will save users from writing manual client configurations with wireguard outbounds. Thanks in advance.

[Mahdi-zarei]

Try 4.1.0

[imagecreation1]

Thanks a lot! But it lacks "local_address": [ setting.

[Mahdi-zarei]

why would that be necessary? It uses a very uncommon private IP range, what is the point of customizing it?

[imagecreation1]

Different paid VPN providers use different local address range, for example something like 10.70.xxx.xxx, or 10.2.0.2.

[Mahdi-zarei]

The local address does not matter, it is a client only config which defines the properties of the Tun device and does not have to be the same as the one your provider has defined in their config.

[ghost]

why would that be necessary? It uses a very uncommon private IP range, what is the point of customizing it?

But without this setting wireguard simply does not work. In the configuration of my VPN provider the local address 10.64.78.85,hg31:e0:g5a3::af10 is used and when setting up via GUI it simply does not exist, therefore there is no connection, but when setting up manually via Custom (sing-box outbound) where these fields can be set up, everything works.

[Mahdi-zarei]

added the option in 4.1.3, please try it

[ghost]

[Mahdi-zarei]

The error is pretty self describing, you need to provide subnets for the wireguard local address field in sing-box, so instead of 10.10.10.12 you should write 10.10.10.12/32.

[ghost]

Thank you, I completely forgot about this. It works now.

[imagecreation1]

Thanks a lot for your work! Everything's working fine. Could you please also add a "workers" entry? https://sing-box.sagernet.org/configuration/outbound/wireguard/#workers For me on Windows 11 default value shows less speed than "workers": 2. Idk why, but it's constant behavior on 500+ Mbps speed.

[Turbine8845]

As you may know, many commercial VPN providers offer fast WireGuard configurations. Unfortunately, these WireGuard configs can be easily flagged and blocked by the GFW. Is it possible to import WireGuard configs from commercial VPNs into Nekoray and then chain them with a working proxy? The following screenshot shows the layout of a free WireGuard config from Proton VPN:

[Mahdi-zarei]

As you may know, many commercial VPN providers offer fast WireGuard configurations. Unfortunately, these WireGuard configs can be easily flagged and blocked by the GFW. Is it possible to import WireGuard configs from commercial VPNs into Nekoray and then chain them with a working proxy? The following screenshot shows the layout of a free WireGuard config from Proton VPN:

It should be possible using the chain profile type.

[Turbine8845]

As you may know, many commercial VPN providers offer fast WireGuard configurations. Unfortunately, these WireGuard configs can be easily flagged and blocked by the GFW. Is it possible to import WireGuard configs from commercial VPNs into Nekoray and then chain them with a working proxy? The following screenshot shows the layout of a free WireGuard config from Proton VPN:

It should be possible using the chain profile type.

Thank you for answering. I am fully aware of the proxy chaining and fronting capabilities of Nekoray. I actually heavily rely on the Proxy Chaining feature of Nekoray to gain access to some configs that are blocked by the GFW. The problem is that several parameters in Proton VPN's WireGuard configs are not available in Nekoray's GUI. I really don't know how should I use the existing GUI to import WireGuard configs from commercial VPNs into Nekoray. I will check the documentation of Sing-Box to see if I can import such WireGuard configs as a custom outbound or not.

[Mahdi-zarei]

Thank you for answering. I am fully aware of the proxy chaining and fronting capabilities of Nekoray. I actually heavily rely on the Proxy Chaining feature of Nekoray to gain access to some configs that are blocked by the GFW. The problem is that several parameters in Proton VPN's WireGuard configs are not available in Nekoray's GUI. I really don't know how should I use the existing GUI to import WireGuard configs from commercial VPNs into Nekoray. I will check the documentation of Sing-Box to see if I can import such WireGuard configs as a custom outbound or not.

I believe DNS and Allowed IPs are client side configuration and even without setting them you should be able to connect to the proton VPN's servers.

[Turbine8845]

Thank you for answering. I am fully aware of the proxy chaining and fronting capabilities of Nekoray. I actually heavily rely on the Proxy Chaining feature of Nekoray to gain access to some configs that are blocked by the GFW. The problem is that several parameters in Proton VPN's WireGuard configs are not available in Nekoray's GUI. I really don't know how should I use the existing GUI to import WireGuard configs from commercial VPNs into Nekoray. I will check the documentation of Sing-Box to see if I can import such WireGuard configs as a custom outbound or not.

I believe DNS and Allowed IPs are client side configuration and even without setting them you should be able to connect to the proton VPN's servers.

I am sorry for asking silly questions. I am sure that the root of my problems with WireGuard is my serious skill issue! I tried to import the following config but I guess I did something wrong, because I saw several errors when I tried to perform a URL test or start the config.

# Bouncing = 3
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = KH14ER4gs2brErWW5MEET/iTE/UC59Tr+Q905XCnxns=
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# NL-FREE#631129
PublicKey = Wj4jupUpBGVmyMmpME1qw1s2wAxDbygPfz2+ATVGC3c=
AllowedIPs = 0.0.0.0/0
Endpoint = 89.38.99.72:51820

Here is how I imported the above mentioned WireGurd config in Nekoray. The application crashed when I tried to start it:

{"dns":{"rules":[{"domain":["10.2.0.2/32"],"domain_keyword":[],"domain_regex":[],"domain_suffix":[],"rule_set":[],"server":"dns-direct"}],"servers":[{"address":"https://8.8.8.8/dns-query","address_resolver":"dns-local","detour":"proxy","strategy":"","tag":"dns-remote"},{"address":"local","address_resolver":"dns-local","detour":"direct","strategy":"","tag":"dns-direct"},{"address":"rcode://success","tag":"dns-block"},{"address":"local","detour":"direct","tag":"dns-local"}]},"inbounds":[{"domain_strategy":"","listen":"127.0.0.1","listen_port":2080,"sniff":true,"sniff_override_destination":false,"tag":"mixed-in","type":"mixed"}],"log":{"level":"info"},"outbounds":[{"domain_strategy":"","gso":false,"interface_name":"nekoray-wg","local_address":["0.0.0.0/0"],"mtu":1420,"peer_public_key":"Wj4jupUpBGVmyMmpME1qw1s2wAxDbygPfz2+ATVGC3c=","pre_shared_key":"","private_key":"KH14ER4gs2brErWW5MEET/iTE/UC59Tr+Q905XCnxns=","reserved":[],"server":"10.2.0.2/32","server_port":1080,"system_interface":false,"tag":"proxy","type":"wireguard"},{"tag":"direct","type":"direct"},{"tag":"block","type":"block"},{"tag":"dns-out","type":"dns"}],"route":{"final":"proxy","rule_set":[],"rules":[{"outbound":"dns-out","protocol":"dns"}]}}

Here is some logs related to the URL test:

INFO[0000] router: updated default interface Wi-Fi, index 12
INFO[0000] outbound/wireguard[g-480978-0]: outbound connection to 8.8.8.8:443
INFO[0000] outbound/wireguard[g-480978-0]: outbound connection to 8.8.8.8:443
ERROR[0010] dns: lookup failed for : exchange4: context deadline exceeded | exchange6: context deadline exceeded
grpc-status error code: 4 , error msg: start service: post-start outbound/g-480978-0: resolve endpoint domain: exchange4: context deadline exceeded | exchange6: context deadline exceeded
[Error] gRPC: QNetworkReply::NetworkError code: 301
Speedtest finished!

[Mahdi-zarei]

Here is how I imported the above mentioned WireGurd config in Nekoray. The application crashed when I tried to start it:

Did the app crash or did it output the logs you have attached?

edit: You have provided a wrong configuration as well, server address is 89.38.99.72, local address should be 10.2.0.2/32.

[Mahdi-zarei]

Workers are added in 4.1.4