Open jearton opened 5 months ago
ListenPort
services: udp2raw_server: image: jearton1024/udp2raw:latest container_name: udp2raw_server restart: unless-stopped network_mode: host cap_add: - NET_ADMIN environment: - LISTEN_PORT=4096 # just for health check command: > -s -l0.0.0.0:4096 -r127.0.0.1:32884 -k "your_password" --raw-mode faketcp --fix-gro -a
myddns.xxx.team
services: wireguard-ui: image: ngoduykhanh/wireguard-ui:latest container_name: wireguard-ui restart: unless-stopped depends_on: udp2raw_client_hk: condition: service_healthy networks: - backend cap_add: - NET_ADMIN ports: - "5000:5000" # Management UI Port - "51886:51820/udp" # Wireguard Endpoint Port environment: - SESSION_SECRET=******* - SMTP_HOSTNAME=smtphz.qiye.163.com - SMTP_PORT=465 - SMTP_USERNAME=it@xxx.team - SMTP_PASSWORD=******* - SMTP_AUTH_TYPE=LOGIN - SMTP_ENCRYPTION=SSL - SMTP_HELO=vpn.xxx.team - EMAIL_FROM_ADDRESS=it@xxx.team - WGUI_USERNAME=admin - WGUI_PASSWORD=admin - WGUI_ENDPOINT_ADDRESS=myddns.xxx.team:51886 - WGUI_DNS= # leave it blank - WGUI_MTU=1420 - WGUI_PERSISTENT_KEEPALIVE=25 - WGUI_LOG_LEVEL=INFO - WGUI_SERVER_INTERFACE_ADDRESSES=10.10.8.0/24 - WGUI_SERVER_POST_UP_SCRIPT=iptables -t nat -A POSTROUTING -s 10.10.8.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; - WGUI_SERVER_POST_DOWN_SCRIPT=iptables -t nat -D POSTROUTING -s 10.10.8.0/24 -o eth0 -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; - WGUI_DEFAULT_CLIENT_ALLOWED_IPS=10.10.8.0/24,192.168.10.0/24 - WGUI_DEFAULT_CLIENT_USE_SERVER_DNS=false - WGUI_MANAGE_START=true - WGUI_MANAGE_RESTART=true volumes: - /home/ubuntu/apps/wireguard/db:/app/db - /home/ubuntu/apps/wireguard/config:/etc/wireguard logging: driver: json-file options: max-size: 5m udp2raw_client_hk: image: jearton1024/udp2raw:latest container_name: udp2raw_client_hk restart: unless-stopped networks: - backend cap_add: - NET_ADMIN environment: - LISTEN_PORT=51820 # just for health check command: > -c -l0.0.0.0:51820 -r30.30.30.30:4096 -k "your_password" --raw-mode faketcp --fix-gro -a networks: backend: external: true
Port mapping from 51886 on home router to 51886 on this device.
Open the Wireguard UI in browser, add a new client, leave peer endpoint blank, that will be set later.
Then Apply Config
Download the client configuration and open it, add ListenPort, and reduce MTU to 1300
MTU
[Interface] Address = 10.10.8.3/32 PrivateKey = ***** ListenPort = 32884 MTU = 1300 [Peer] PublicKey = XSOxHjIDcTCRe4SbO18eD4mjiqD/9upUaq4s7kej9ig= PresharedKey = ***** AllowedIPs = 10.10.8.0/24 Endpoint = myddns.xxx.team:51886 PersistentKeepalive = 25
/etc/wireguard/myteam.conf
modprobe wireguard \ && apt install -y wireguard-tools \ && cd /etc/wireguard \ && vi myteam.conf # write wireguard client configuration wg-quick up myteam
On My Home Ubuntu Device, edit the client, set peer endpoint pointing to the udp2raw_client, Save and Apply Config
Note: wireguard on udp2raw client side must start up after wireguard on udp2raw server side.
SSH Login into my HK Debian VPS, then ping the wireguard network gateway 10.10.8.0
ssh root@30.30.30.30 ping 10.10.8.0
Find the allowed MTU upper limit
ssh root@30.30.30.30 ping -M do -s 1270 10.10.8.0
Check Status Page on WIREGUARD UI
jearton
commented
5 months ago
Network Topology
Software Environment
Step1: Run upd2raw server On My HK Debian VPS
ListenPortin wireguard configuration, let's assume 32884Step2: Run udp2raw client and wireguard On My Home Ubuntu Device
myddns.xxx.teamPort mapping from 51886 on home router to 51886 on this device.
Open the Wireguard UI in browser, add a new client, leave peer endpoint blank, that will be set later.
Then Apply Config
Download the client configuration and open it, add
ListenPort, and reduceMTUto 1300Step3: Run wireguard On My HK Debian VPS
/etc/wireguard/myteam.confand run wireguard clientStep4: Set wireguard peer endpoint On My Home Ubuntu Device
On My Home Ubuntu Device, edit the client, set peer endpoint pointing to the udp2raw_client, Save and Apply Config
Note: wireguard on udp2raw client side must start up after wireguard on udp2raw server side.
Step5: Verification
SSH Login into my HK Debian VPS, then ping the wireguard network gateway 10.10.8.0
Find the allowed MTU upper limit
Check Status Page on WIREGUARD UI