-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WireGuard Inbound (User-space WireGuard server) #2477
Conversation
what do you think @RPRX |
+1 |
我觉得可以有,让我们把 WireGuard 相关的 PR 放到 v1.8.5 后处理 |
wg 这块重新实现了 @hax0r31337 能麻烦佬更新到最新的 main 吗? |
I need assistance using Linux Tun device with WireGuard server, as I have limited knowledge of the Linux netstack. |
感谢高速更新 我抽空测一下。。 |
嗯。。看起来 5ae3791 至少在安卓上 wg 坏掉了。。
CC @kunsonx |
I added user-space mode in ea22f73, you can set |
建议在 Android 环境使用 gVisor virtual netstack. 在标准 Android 环境下可能没有相关权限去启用 Tun 与配置权限. |
The |
In my opinion, it's necessary to keep a user-space feature in case of insufficient permission, or just for granting superuser permission as less as possible. |
Let's make the things as two. The first one we can't use tun device and setup iptables params on Android. so the option for system tun should be disabled for anytime. The second thing it is we can provide option for enable or disable system tun device and in my opinion it should be enable by default (It provide better netstack performance). |
On the other hand, my opinion is to maintain an out-of-box experience. Since all of the default outbound/inbound configuration can work in the user-space, expect this thing. |
So could we check which permissions we have when it started then choose which mode we can run by default? it's possible ? |
Nice proposal, I'll give it a try |
The |
Thanks for your work. It looks better now. |
测了一下更新
|
inbound 没有问题 我试了老版的 client 对新版的 server 完全正常 |
Unfortunately, I was unable to reproduce this issue, it's working on my PC.
Config: https://pastebin.mozilla.org/pwtDSNZf |
好的 感谢 我再研究一下 不行就先合发版 |
先合了 感谢两位大佬! |
@hax0r31337 |
@hax0r31337 thank you very much~,adding "kernelMode": false in the settings,then it‘s OK~
|
Is Wireguard inbound not support statsquery for each peer ?
|
It is needed to configuration guide page of Wireguard outbound. |
Hi, @hax0r31337 |
It's possible, but these protocols have a decreasing audience and not future-proof. |
I understand what you mean but I just offered because many of modems(LTE,Fiber,etc) in market only support l2tp or pptp protocol and they not support wireguard or... Even many clients like windows, mobile(Ipsec)...etc support built-in l2tp or pptp as well so I just offer maybe @RPRX accept. But I don't have a knowledge to send PR request to do so. I don't know what's the idea of @RPRX to adding this protocol just to inbound Xray-core. so in x-ui panel we can create L2tp or pptp for inbound and connect or local server(VPS) in our country via this protocol. |
WireGuard is one of the most commonly used VPN protocols. I believe it's essential to implement a server for Xray in order to introduce advanced routing features to WireGuard.
Example Xray server config
Corresponding WireGuard client config