Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a transparent relay for obfs? #7

Closed
kellyiscute opened this issue Feb 11, 2023 · 8 comments
Closed

Create a transparent relay for obfs? #7

kellyiscute opened this issue Feb 11, 2023 · 8 comments

Comments

@kellyiscute
Copy link

Can I create a relay so that I can use wireguard directly to connect to the obfs relay server?

Client ---> Obfs Relay Server ---> Real wg server
@infinet
Copy link
Owner

infinet commented Feb 11, 2023

Interesting. It may work. Assuming default policy for FORWARD chain is ACCEPT, on the relay server:

iptables -t nat -A PREROUTING -p udp -d relay_wan_ip --dport 6789 -j DNAT --to-destination real_wg_ip:6789
iptables -t nat -A POSTROUTING -p udp -d real_wg_ip --dport 6789 -j MASQUERADE

iptables -t mangle -A FORWARD -p udp -d real_wg_ip --dport 6789 -j WGOBFS --key mysecretkey --obfs
iptables -t mangle -A FORWARD -p udp -s real_wg_ip --sport 6789 -j WGOBFS --key mysecretkey --unobfs

I haven't test it.

@kellyiscute
Copy link
Author

Wow! That was cool! It worked! Thank you sooooooooooooo much! You saved my life!!!!!!

@infinet infinet mentioned this issue Mar 11, 2023
Closed
@antonw-25
Copy link

Hi,
just wondering how did you set this up? Thanks!

@manchelsi
Copy link

#7 (comment)

how did you do that?

@samsar777
Copy link

@guo40020 Can you please share how did you set up that transparent relay for obfs? I am interested in it as well. And seems not only me. Many thanks.

@artemws
Copy link

artemws commented Sep 4, 2023
edited
Loading

Interesting. It may work. Assuming default policy for FORWARD chain is ACCEPT, on the relay server:

iptables -t nat -A PREROUTING -p udp -d relay_wan_ip --dport 6789 -j DNAT --to-destination real_wg_ip:6789
iptables -t nat -A POSTROUTING -p udp -d real_wg_ip --dport 6789 -j MASQUERADE

iptables -t mangle -A FORWARD -p udp -d real_wg_ip --dport 6789 -j WGOBFS --key mysecretkey --obfs
iptables -t mangle -A FORWARD -p udp -s real_wg_ip --sport 6789 -j WGOBFS --key mysecretkey --unobfs

I haven't test it.

Client and Obfs Relay Server has to be in one subnet? I mean, obfuscation will be work if i connect to relay server from country, where WireGuard blocked?

@samsar777
Copy link

iptables rules is one thing, but what software / service to use for Obfs Relay Server?

@kellyiscute
Copy link
Author

Actually I did this because of the GFW of China. Wireguard protocol is blocked by the firewall. So the solution is having a plain wireguard protocol connected from the client to a server with the above iptable rules. These rules obfuscates and forward the traffic to the real wg server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@infinet @samsar777 @manchelsi @kellyiscute @artemws @antonw-25