Comments (8)
参考这个,就是 把kcptun 换成了 speeder
参数参考 udp2raw+kcptun 加速tcp流量 Step by Step 教程
https://github.com/wangyu-/udp2raw-tunnel/blob/master/doc/kcptun_step_by_step.md
from vps_setup.
如果你客户端是 unbuntu 客户端使用一键脚本安装,从服务器下载客户端配置,替换本地的 wg0 就可以
from vps_setup.
我拆开了UDP2RAW 和speeder, 使用 wireguard + UDP2RAW 调试,发现wireguard 启动后就无法ping 通了
Server side:
udp2raw -s -l0.0.0.0:8888 -r127.0.0.1:443 -k "passwd" --raw-mode faketcp -a
Client side:
udp2raw -c -rserverip:8888 -l0.0.0.0:8887 --raw-mode faketcp -a -k"passwd"
未连接wg 时,udp2raw 的server he client 均为ready 状态
[2018-12-24 09:53:45][INFO][45.249.212.49:2293]received syn,sent syn ack back
[2018-12-24 09:53:45][INFO][45.249.212.49:2293]got packet from a new ip
[2018-12-24 09:53:45][INFO][45.249.212.49:2293]created new conn,state: server_handshake1,my_id is d5339b09
[2018-12-24 09:53:45][INFO][45.249.212.49:2293]changed state to server_handshake1,my_id is d5339b09
[2018-12-24 09:53:45][INFO][45.249.212.49:2293]received handshake oppsite_id:5c78d937 my_id:d5339b09
[2018-12-24 09:53:45][INFO][45.249.212.49:2293]oppsite const_id:e5b9e7db
[2018-12-24 09:53:45][INFO][45.249.212.49:2293]changed state to server_ready
Wg0配置如下
Client:
[Interface]
PrivateKey = <client privatekey>
Address = 10.0.0.3/24
DNS = 8.8.8.8
MTU = 1300
[Peer]
PublicKey = <server pubkey>
Endpoint = 127.0.0.1:8887
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
server wg0 config
[Interface]
Address = 10.0.0.1/24
MTU = 1420
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 443
PrivateKey = <server private key>
[Peer]
PublicKey = <client pubkey>
AllowedIPs = 10.0.0.3/32
from vps_setup.
单独 wg+ udp2raw 需要把 MTU 改成1300以下
from vps_setup.
MTU 改成了1280 或者更低, 依旧是 wg up 后 udp2raw就断流
[2018-12-24 20:33:25][INFO]source_addr is now 192.168.42.95
[2018-12-24 20:33:25][INFO]using port 31194
[2018-12-24 20:33:25][INFO]state changed from client_idle to client_tcp_handshake
[2018-12-24 20:33:25][INFO](re)sent tcp syn
[2018-12-24 20:33:25][INFO]state changed from client_tcp_handshake to client_handshake1
[2018-12-24 20:33:25][INFO](re)sent handshake1
[2018-12-24 20:33:26][INFO]changed state from to client_handshake1 to client_handshake2,my_id is a3bacc41,oppsite id is 24dc0fee
[2018-12-24 20:33:26][INFO](re)sent handshake2
[2018-12-24 20:33:26][INFO]changed state from to client_handshake2 to client_ready
///////// wg-quick up wg0
[2018-12-24 20:34:24][INFO]new packet from 127.0.0.1:46086,conv_id=62de6c9a
[2018-12-24 20:34:36][INFO]state back to client_idle from client_ready bc of client-->server direction timeout
[2018-12-24 20:34:37][INFO]source_addr is now 10.0.0.3
[2018-12-24 20:34:37][INFO]using port 14613
[2018-12-24 20:34:37][INFO]state changed from client_idle to client_tcp_handshake
[2018-12-24 20:34:37][INFO](re)sent tcp syn
[2018-12-24 20:34:38][INFO](re)sent tcp syn
[2018-12-24 20:34:39][INFO](re)sent tcp syn
[2018-12-24 20:34:40][INFO](re)sent tcp syn
[2018-12-24 20:34:42][INFO](re)sent tcp syn
[2018-12-24 20:34:42][INFO]state back to client_idle from client_tcp_handshake
[2018-12-24 20:34:42][INFO]source_addr is now 10.0.0.3
[2018-12-24 20:34:42][INFO]using port 25136
[2018-12-24 20:34:42][INFO]state changed from client_idle to client_tcp_handshake
[2018-12-24 20:34:42][INFO](re)sent tcp syn
[2018-12-24 20:34:44][INFO](re)sent tcp syn
[2018-12-24 20:34:45][INFO](re)sent tcp syn
[2018-12-24 20:34:46][INFO](re)sent tcp syn
[2018-12-24 20:34:47][INFO](re)sent tcp syn
[2018-12-24 20:34:48][INFO]state back to client_idle from client_tcp_handshake
from vps_setup.
问题已经解决 增加 如下路由即可,默认情况下wireguard 截获了所有的流量,udp2raw的出口流量又重定向到了wireguard, 形成了回环
ip route add $server via $(ip route | awk '$1=="default" {print $3}')
from vps_setup.
问题已经解决 增加 如下路由即可,默认情况下wireguard 截获了所有的流量,udp2raw的出口流量又重定向到了wireguard, 形成了回环
ip route add $server via $(ip route | awk '$1=="default" {print $3}')
windows 客户段是先加这句,和你发现的应该同样道理
@route add %SERVER_IP% mask 255.255.255.0 default METRIC default IF default
wg0.conf 列 iptables 语句是网上流传,听大神说写的不太好。
测试新的路由防火墙规则,你改下试试
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
from vps_setup.
这个新的规则是添加到sever侧的? 不需要指定网络出口的网卡了啊
from vps_setup.
Related Issues (15)
- win7 64位 家庭普通版,tunsafe1.4,1.5均APPcrash HOT 2
- Feature request's HOT 6
- 请教关于一键脚本的问题 HOT 4
- 无法启动WireGuard HOT 3
- wireguard安装脚本的优化(建议) HOT 1
- Anomaly Redirection
- Telegram, WhatsUp video calls do not work HOT 1
- How to use on ios or android devices ? HOT 2
- vmess服务间连接不上 HOT 2
- 新的路由防火墙规则在VPS端修改后只能ping通VLAN地址 HOT 1
- bash wgmtu HOT 2
- 安装好后 怎么查看SS 跟V2RAY的配置 HOT 2
- 看了你的教程,请问有其他系统的搭建脚本吗 HOT 2
- WireGuard刚安装好能正常使用,但是重启VPS之后能连上,但是无法上网 HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vps_setup.