search

infinet / xt_wgobfs

Iptables WireGuard obfuscation extension
GNU General Public License v2.0
223 stars 24 forks source link

Create a transparent relay for obfs? #7

Closed kellyiscute closed 1 year ago

kellyiscute commented 1 year ago

Can I create a relay so that I can use wireguard directly to connect to the obfs relay server?

Client ---> Obfs Relay Server ---> Real wg server

infinet commented 1 year ago

Interesting. It may work. Assuming default policy for FORWARD chain is ACCEPT, on the relay server:

iptables -t nat -A PREROUTING -p udp -d relay_wan_ip --dport 6789 -j DNAT --to-destination real_wg_ip:6789
iptables -t nat -A POSTROUTING -p udp -d real_wg_ip --dport 6789 -j MASQUERADE

iptables -t mangle -A FORWARD -p udp -d real_wg_ip --dport 6789 -j WGOBFS --key mysecretkey --obfs
iptables -t mangle -A FORWARD -p udp -s real_wg_ip --sport 6789 -j WGOBFS --key mysecretkey --unobfs

I haven't test it.

kellyiscute commented 1 year ago

Wow! That was cool! It worked! Thank you sooooooooooooo much! You saved my life!!!!!!

antonw-25 commented 1 year ago

Hi, just wondering how did you set this up? Thanks!

manchelsi commented 1 year ago

https://github.com/infinet/xt_wgobfs/issues/7#issuecomment-1426954700

how did you do that?

samsar777 commented 1 year ago

@guo40020 Can you please share how did you set up that transparent relay for obfs? I am interested in it as well. And seems not only me. Many thanks.

artemws commented 1 year ago

Interesting. It may work. Assuming default policy for FORWARD chain is ACCEPT, on the relay server:

iptables -t nat -A PREROUTING -p udp -d relay_wan_ip --dport 6789 -j DNAT --to-destination real_wg_ip:6789
iptables -t nat -A POSTROUTING -p udp -d real_wg_ip --dport 6789 -j MASQUERADE

iptables -t mangle -A FORWARD -p udp -d real_wg_ip --dport 6789 -j WGOBFS --key mysecretkey --obfs
iptables -t mangle -A FORWARD -p udp -s real_wg_ip --sport 6789 -j WGOBFS --key mysecretkey --unobfs

I haven't test it.

Client and Obfs Relay Server has to be in one subnet? I mean, obfuscation will be work if i connect to relay server from country, where WireGuard blocked?

samsar777 commented 1 year ago

iptables rules is one thing, but what software / service to use for Obfs Relay Server?

kellyiscute commented 12 months ago

Actually I did this because of the GFW of China. Wireguard protocol is blocked by the firewall. So the solution is having a plain wireguard protocol connected from the client to a server with the above iptable rules. These rules obfuscates and forward the traffic to the real wg server.