XTLS
Implement WireGuard protocol as outbound (client)
Credit
Some of codes are copied from wireproxy and the original license has provided in code.
Configuration format
{
"protocol": "wireguard",
"settings": {
"secretKey": "PRIVATE_KEY",
"address": [
"IPv4_CIDR",
"IPv6_CIDR",
"and more..."
],
"peers": [
{
"publicKey": "PUBLIC_KEY",
// optional, default "0000000000000000000000000000000000000000000000000000000000000000"
"preSharedKey": "PRE_SHARED_KEY",
"endpoint": "ENDPOINT_ADDR",
// optional, default 0
"keepAlive": 0,
// optional, default ["0.0.0.0/0", "::/0"]
"allowedIPs": ["0.0.0.0/0"]
}
],
// optional, default 1420
"mtu": 1420,
// optional, default runtime.NumCPU()
"workers": 2
},
// wireguard protocol are only available on udp connections, causes StreamSettings don't matter
"streamSettings": {},
"tag": "wireguard-1"
}
compared to original config
[Interface]
PrivateKey = PRIVATE_KEY
Address = IPv4_CIDR
Address = IPv6_CIDR
MTU = 1420
[Peer]
PublicKey = PUBLIC_KEY
PreSharedKey = 0000000000000000000000000000000000000000000000000000000000000000
AllowedIPs = 0.0.0.0/0
Endpoint = ENDPOINT_ADDR
KeepAlive = 0
Related issue
#705
Thanks for your work and fast fixes! I'm surprised that official wireguard-go doesn't compile on some of architectures. https://github.com/nanoda0523/wireguard/commit/dc2e486eb585f15762ceeb2ebbbe1c9ed1e54097 Are you going to send pr for wireguard-go? Otherwise I can imagine it will be a burden to you to maintain a branch. I will do some test later. Feel free to add comments @nekohasekai
@nanoda0523 fantastic work!
there is a branch for ported dragonfly and openbsd in the official repository, is it possible we import it here?
relates to https://github.com/WireGuard/wireguard-go/pull/49
Some versions of gVisor have compatibility issues.
The implementation in sing-box is available for reference: https://github.com/SagerNet/sing-box/blob/dev-next/outbound/wireguard.go
Some versions of gVisor have compatibility issues.
The implementation in sing-box is available for reference: https://github.com/SagerNet/sing-box/blob/dev-next/outbound/wireguard.go
this is a nice option, ~~but we should not import sing-box because their licenses are incompatible, unless the wireguard implementation in sing-box is licensed permissible~~.
updated: upstream repo is licensed permissible.
Sounds like the best option. I still think we should try pull into official wireguard-go but in the mean time we can help you maintaining branch @nekohasekai
Don't worry. There is a recent flaky test TestDOHNameServer I haven't got a chance to fix. You can ignore it. Give me some time to do a manual test, if I don't see any issue I will merge. Thanks!
@nanoda0523 for sure we can include it as well. Haven't got a chance to look into it deeply. If understand correct, it is for client -> vps -> warp scenario and client won't need to open two apps. Take a look at dailerProxy under streamsettings, I think that is the recommended approach now.
@nanoda0523 I think idea is the same, just one config from Xray dev and one config from v2fly community
@nanoda0523 I did some test on my environment, it works pretty well. I have a few comments:
- Currently it give error when
endpointis domain address (Eg, engage.cloudflareclient.com:2408). Can we support it by adding a dns lookup? - For local address wg0:
"address": [
"IPv4_CIDR",
"IPv6_CIDR",
"and more..."
],
Do you think it is possible to hard code a default value? I understand it just need a local addr for Tun, and a default value like
Address = 172.16.0.2/32
Address = 2606:4700:110:8949:fed8:2642:a640:c8e1/128
should work in most use case.
- I tested dialer proxy on the client side (connect to a normal vless/shadowsocks proxy server and forward to warp). It works, but for some reason the bandwidth is very slow. I feel like there is a bug. If you have time you can take a look. But don't worry if we can't fix it now - I intended to write a tutorial and ask more people to test it.
@nanoda0523 can you do me another favor to resolve the minor conflict? I will merge later.
Thanks again! I'll try dailer again, maybe something wrong on my device or config
@nanoda0523 I tried again with barebone config here Still has slow issue with it. How do you config dialer proxy?
Can someone else please confirm if there's a performance issue with this implementation of wireguard? I have the same issue as @yuhan6665
It can hardly reach 20% of my local fiber port speed compared to full speed from manual wireguard connection in Debian. Multiple thread downloading can however saturate my local port speed while single thread is somehow "capped" at around 20Mbps. I can reproduce this issue with WARP and personal Wireguard VPN.
tremendous network performance regression after wireguard outbound
Server listening on 5201
-----------------------------------------------------------
Accepted connection from
[ 5] local port 5201 connected to port 27256
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 10.8 MBytes 90.3 Mbits/sec 7 402 KBytes
[ 5] 1.00-2.00 sec 2.76 MBytes 23.1 Mbits/sec 8 358 KBytes
[ 5] 2.00-3.00 sec 2.33 MBytes 19.5 Mbits/sec 9 310 KBytes
[ 5] 3.00-4.00 sec 3.00 MBytes 25.2 Mbits/sec 6 310 KBytes
[ 5] 4.00-5.00 sec 2.94 MBytes 24.7 Mbits/sec 11 326 KBytes
[ 5] 5.00-6.00 sec 2.33 MBytes 19.5 Mbits/sec 10 326 KBytes
[ 5] 6.00-7.00 sec 2.08 MBytes 17.5 Mbits/sec 8 317 KBytes
[ 5] 7.00-8.00 sec 3.50 MBytes 29.3 Mbits/sec 7 306 KBytes
[ 5] 8.00-9.00 sec 2.51 MBytes 21.1 Mbits/sec 7 302 KBytes
[ 5] 9.00-10.00 sec 2.33 MBytes 19.5 Mbits/sec 8 302 KBytes
[ 5] 10.00-11.00 sec 2.15 MBytes 18.0 Mbits/sec 6 301 KBytes
[ 5] 11.00-12.00 sec 2.58 MBytes 21.6 Mbits/sec 10 301 KBytes
[ 5] 12.00-13.00 sec 2.08 MBytes 17.5 Mbits/sec 12 301 KBytes
[ 5] 13.00-14.00 sec 2.58 MBytes 21.6 Mbits/sec 9 301 KBytes
[ 5] 14.00-15.00 sec 2.08 MBytes 17.5 Mbits/sec 8 334 KBytes
[ 5] 15.00-16.00 sec 3.31 MBytes 27.8 Mbits/sec 10 350 KBytes
[ 5] 16.00-17.00 sec 2.94 MBytes 24.7 Mbits/sec 7 350 KBytes
[ 5] 17.00-18.00 sec 3.62 MBytes 30.4 Mbits/sec 5 321 KBytes
[ 5] 18.00-19.00 sec 2.21 MBytes 18.5 Mbits/sec 11 302 KBytes
[ 5] 19.00-20.00 sec 3.37 MBytes 28.3 Mbits/sec 9 346 KBytes
[ 5] 20.00-21.00 sec 2.76 MBytes 23.1 Mbits/sec 8 279 KBytes
[ 5] 21.00-22.00 sec 1.59 MBytes 13.4 Mbits/sec 5 279 KBytes
[ 5] 22.00-23.00 sec 2.58 MBytes 21.6 Mbits/sec 10 279 KBytes
[ 5] 23.00-24.00 sec 2.21 MBytes 18.5 Mbits/sec 9 271 KBytes
[ 5] 24.00-25.00 sec 3.74 MBytes 31.4 Mbits/sec 10 357 KBytes
[ 5] 25.00-26.00 sec 2.21 MBytes 18.5 Mbits/sec 11 357 KBytes
[ 5] 26.00-27.00 sec 1.23 MBytes 10.3 Mbits/sec 9 291 KBytes
[ 5] 27.00-28.00 sec 3.37 MBytes 28.3 Mbits/sec 10 418 KBytes
[ 5] 28.00-29.00 sec 2.45 MBytes 20.6 Mbits/sec 4 390 KBytes
[ 5] 29.00-30.00 sec 1.04 MBytes 8.74 Mbits/sec 7 358 KBytes
[ 5] 30.00-30.05 sec 502 KBytes 75.8 Mbits/sec 2 358 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-30.05 sec 85.1 MBytes 23.8 Mbits/sec 253 sender
still same throttled ul dl rate on ver. 1.6.6
yes same problem speed is very slow.
