From 7debea7c5dc402f5df5dfa5b0be0563a9087d488 Mon Sep 17 00:00:00 2001 From: fs carmen Date: Fri, 3 Jan 2025 06:04:54 +0000 Subject: [PATCH] Fix some bugs. --- README.md | 2 +- api.sh | 2 +- menu.sh | 155 +++++++++++++++++++------------------------- pc/mac.sh | 2 +- warp-go.sh | 28 ++++---- wireproxy/README.md | 151 ++++++++++++++++++++++++++++++++++++++++-- 6 files changed, 229 insertions(+), 111 deletions(-) diff --git a/README.md b/README.md index 26c1a2a..725466b 100644 --- a/README.md +++ b/README.md @@ -542,7 +542,7 @@ wget -N https://gitlab.com/fscarmen/warp/-/raw/main/api.sh && bash api.sh [optio "0.0.0.0/0", "::/0" ], - "endpoint":"engage.cloudflareclient.com:2408" // 或填写 162.159.193.10:2408 或 [2606:4700:d0::a29f:c001]:2408 + "endpoint":"engage.cloudflareclient.com:2408" // 或填写 162.159.192.1:2408 或 [2606:4700:d0::a29f:c001]:2408 } ], "reserved":[78, 135, 76], // 粘贴你的 "reserved" 值 diff --git a/api.sh b/api.sh index 4127942..610ad26 100644 --- a/api.sh +++ b/api.sh @@ -276,7 +276,7 @@ while [[ $# -ge 1 ]]; do ;; -t | --token) shift - team_token="$1" + TEAM_TOKEN="$1" shift ;; -h | --help) diff --git a/menu.sh b/menu.sh index bc3e409..bdc16d5 100644 --- a/menu.sh +++ b/menu.sh @@ -19,12 +19,12 @@ E[2]="The script must be run as root, you can enter sudo -i and then download an C[2]="必须以root方式运行脚本,可以输入 sudo -i 后重新下载运行,问题反馈:[https://github.com/fscarmen/warp-sh/issues]" E[3]="The TUN module is not loaded. You should turn it on in the control panel. Ask the supplier for more help. Feedback: [https://github.com/fscarmen/warp-sh/issues]" C[3]="没有加载 TUN 模块,请在管理后台开启或联系供应商了解如何开启,问题反馈:[https://github.com/fscarmen/warp-sh/issues]" -E[4]="The WARP server cannot be connected. It may be a China Mainland VPS. You can manually ping 162.159.193.10 or ping -6 2606:4700:d0::a29f:c001.You can run the script again if the connect is successful. Feedback: [https://github.com/fscarmen/warp-sh/issues]" -C[4]="与 WARP 的服务器不能连接,可能是大陆 VPS,可手动 ping 162.159.193.10 或 ping -6 2606:4700:d0::a29f:c001,如能连通可再次运行脚本,问题反馈:[https://github.com/fscarmen/warp-sh/issues]" +E[4]="The WARP server cannot be connected. It may be a China Mainland VPS. You can manually ping 162.159.192.1 or ping -6 2606:4700:d0::a29f:c001.You can run the script again if the connect is successful. Feedback: [https://github.com/fscarmen/warp-sh/issues]" +C[4]="与 WARP 的服务器不能连接,可能是大陆 VPS,可手动 ping 162.159.192.1 或 ping -6 2606:4700:d0::a29f:c001,如能连通可再次运行脚本,问题反馈:[https://github.com/fscarmen/warp-sh/issues]" E[5]="The script supports Debian, Ubuntu, CentOS, Fedora, Arch or Alpine systems only. Feedback: [https://github.com/fscarmen/warp-sh/issues]" C[5]="本脚本只支持 Debian、Ubuntu、CentOS、Fedora、Arch 或 Alpine 系统,问题反馈:[https://github.com/fscarmen/warp-sh/issues]" -E[6]="warp h (help)\n warp n (Get the WARP IP)\n warp o (Turn off WARP temporarily)\n warp u (Turn off and uninstall WARP interface and Socks5 Linux Client)\n warp b (Upgrade kernel, turn on BBR, change Linux system)\n warp a (Change account to Free, WARP+ or Teams)\n warp p (Getting WARP+ quota by scripts)\n warp v (Sync the latest version)\n warp r (Connect/Disconnect WARP Linux Client)\n warp 4/6 (Add WARP IPv4/IPv6 interface)\n warp d (Add WARP dualstack interface IPv4 + IPv6)\n warp c (Install WARP Linux Client and set to proxy mode)\n warp l (Install WARP Linux Client and set to WARP mode)\n warp i (Change the WARP IP to support Netflix)\n warp e (Install Iptables + dnsmasq + ipset solution)\n warp w (Install WireProxy solution)\n warp y (Connect/Disconnect WireProxy socks5)\n warp k (Switch between kernel and wireguard-go-reserved)\n warp g (Switch between warp global and non-global)\n warp s 4/6/d (Set stack proiority: IPv4 / IPv6 / VPS default)\n" -C[6]="warp h (帮助菜单)\n warp n (获取 WARP IP)\n warp o (临时warp开关)\n warp u (卸载 WARP 网络接口和 Socks5 Client)\n warp b (升级内核、开启BBR及DD)\n warp a (更换账户为 Free,WARP+ 或 Teams)\n warp p (刷WARP+流量)\n warp v (同步脚本至最新版本)\n warp r (WARP Linux Client 开关)\n warp 4/6 (WARP IPv4/IPv6 单栈)\n warp d (WARP 双栈)\n warp c (安装 WARP Linux Client,开启 Socks5 代理模式)\n warp l (安装 WARP Linux Client,开启 WARP 模式)\n warp i (更换支持 Netflix 的IP)\n warp e (安装 Iptables + dnsmasq + ipset 解决方案)\n warp w (安装 WireProxy 解决方案)\n warp y (WireProxy socks5 开关)\n warp k (切换 wireguard 内核 / wireguard-go-reserved)\n warp g (切换 warp 全局 / 非全局)\n warp s 4/6/d (优先级: IPv4 / IPv6 / VPS default)\n" +E[6]="warp h (help)\n warp n (Get the WARP IP)\n warp o (Turn off WARP temporarily)\n warp u (Turn off and uninstall WARP interface and Socks5 Linux Client)\n warp b (Upgrade kernel, turn on BBR, change Linux system)\n warp a (Change account to Free, WARP+ or Teams)\n warp v (Sync the latest version)\n warp r (Connect/Disconnect WARP Linux Client)\n warp 4/6 (Add WARP IPv4/IPv6 interface)\n warp d (Add WARP dualstack interface IPv4 + IPv6)\n warp c (Install WARP Linux Client and set to proxy mode)\n warp l (Install WARP Linux Client and set to WARP mode)\n warp i (Change the WARP IP to support Netflix)\n warp e (Install Iptables + dnsmasq + ipset solution)\n warp w (Install WireProxy solution)\n warp y (Connect/Disconnect WireProxy socks5)\n warp k (Switch between kernel and wireguard-go-reserved)\n warp g (Switch between warp global and non-global)\n warp s 4/6/d (Set stack proiority: IPv4 / IPv6 / VPS default)\n" +C[6]="warp h (帮助菜单)\n warp n (获取 WARP IP)\n warp o (临时warp开关)\n warp u (卸载 WARP 网络接口和 Socks5 Client)\n warp b (升级内核、开启BBR及DD)\n warp a (更换账户为 Free,WARP+ 或 Teams)\n warp v (同步脚本至最新版本)\n warp r (WARP Linux Client 开关)\n warp 4/6 (WARP IPv4/IPv6 单栈)\n warp d (WARP 双栈)\n warp c (安装 WARP Linux Client,开启 Socks5 代理模式)\n warp l (安装 WARP Linux Client,开启 WARP 模式)\n warp i (更换支持 Netflix 的IP)\n warp e (安装 Iptables + dnsmasq + ipset 解决方案)\n warp w (安装 WireProxy 解决方案)\n warp y (WireProxy socks5 开关)\n warp k (切换 wireguard 内核 / wireguard-go-reserved)\n warp g (切换 warp 全局 / 非全局)\n warp s 4/6/d (优先级: IPv4 / IPv6 / VPS default)\n" E[7]="Install dependence-list:" C[7]="安装依赖列表:" E[8]="All dependencies already exist and do not need to be installed additionally." @@ -43,8 +43,8 @@ E[14]="Got the WARP\$TYPE IP successfully" C[14]="已成功获取 WARP\$TYPE 网络" E[15]="WARP is turned off. It could be turned on again by [warp o]" C[15]="已暂停 WARP,再次开启可以用 warp o" -E[16]="The script specifically adds WARP network interface for VPS, detailed:[https://github.com/fscarmen/warp-sh]\n Features:\n\t • Support WARP+ account. Third-party scripts are use to increase WARP+ quota or upgrade kernel.\n\t • Not only menus, but commands with option.\n\t • Support system: Ubuntu 16.04、18.04、20.04、22.04,Debian 9、10、11,CentOS 7、8、9, Alpine, Arch Linux 3.\n\t • Support architecture: AMD,ARM and s390x\n\t • Automatically select four WireGuard solutions. Performance: Kernel with WireGuard integration > Install kernel module > wireguard-go\n\t • Suppert WARP Linux client.\n\t • Output WARP status, IP region and asn\n" -C[16]="本项目专为 VPS 添加 warp 网络接口,详细说明: [https://github.com/fscarmen/warp-sh]\n 脚本特点:\n\t • 支持 WARP+ 账户,附带第三方刷 WARP+ 流量和升级内核 BBR 脚本\n\t • 普通用户友好的菜单,进阶者通过后缀选项快速搭建\n\t • 智能判断操作系统: Ubuntu 、Debian 、CentOS、 Alpine 和 Arch Linux,请务必选择 LTS 系统\n\t • 支持硬件结构类型: AMD、 ARM 和 s390x\n\t • 结合 Linux 版本和虚拟化方式,自动优选4个 WireGuard 方案。网络性能方面: 内核集成 WireGuard > 安装内核模块 > wireguard-go\n\t • 支持 WARP Linux Socks5 Client\n\t • 输出执行结果,提示是否使用 WARP IP ,IP 归属地和线路提供商\n" +E[16]="The script specifically adds WARP network interface for VPS, detailed:[https://github.com/fscarmen/warp-sh]\n Features:\n\t • Support WARP+ account. Third-party scripts is use to upgrade kernel.\n\t • Not only menus, but commands with option.\n\t • Support system: Ubuntu 16.04、18.04、20.04、22.04,Debian 9、10、11,CentOS 7、8、9, Alpine, Arch Linux 3.\n\t • Support architecture: AMD,ARM and s390x\n\t • Automatically select four WireGuard solutions. Performance: Kernel with WireGuard integration > Install kernel module > wireguard-go\n\t • Suppert WARP Linux client.\n\t • Output WARP status, IP region and asn\n" +C[16]="本项目专为 VPS 添加 warp 网络接口,详细说明: [https://github.com/fscarmen/warp-sh]\n 脚本特点:\n\t • 支持 WARP+ 账户,附带升级内核 BBR 脚本\n\t • 普通用户友好的菜单,进阶者通过后缀选项快速搭建\n\t • 智能判断操作系统: Ubuntu 、Debian 、CentOS、 Alpine 和 Arch Linux,请务必选择 LTS 系统\n\t • 支持硬件结构类型: AMD、 ARM 和 s390x\n\t • 结合 Linux 版本和虚拟化方式,自动优选4个 WireGuard 方案。网络性能方面: 内核集成 WireGuard > 安装内核模块 > wireguard-go\n\t • 支持 WARP Linux Socks5 Client\n\t • 输出执行结果,提示是否使用 WARP IP ,IP 归属地和线路提供商\n" E[17]="Version" C[17]="脚本版本" E[18]="New features" @@ -115,18 +115,18 @@ E[50]="Choose:" C[50]="请选择:" E[51]="Please enter the correct number" C[51]="请输入正确数字" -E[52]="Please input WARP+ ID:" -C[52]="请输入 WARP+ ID:" -E[53]="WARP+ ID should be 36 characters, please re-enter \(\${i} times remaining\):" -C[53]="WARP+ ID 应为36位字符,请重新输入 \(剩余\${i}次\):" -E[54]="Getting the WARP+ quota by the following 3 authors:\n • [ALIILAPRO],[https://github.com/ALIILAPRO/warp-plus-cloudflare]\n • [mixool],[https://github.com/mixool/across/tree/master/wireguard]\n • [SoftCreatR],[https://github.com/SoftCreatR/warp-up]\n • Open the 1.1.1.1 app\n • Click on the hamburger menu button on the top-right corner\n • Navigate to: Account > Key\n Important:Refresh WARP+ quota: 三 --> Advanced --> Connection options --> Reset keys\n It is best to run script with screen." -C[54]="刷 WARP+ 流量用可选择以下三位作者的成熟作品,请熟知:\n • [ALIILAPRO],地址[https://github.com/ALIILAPRO/warp-plus-cloudflare]\n • [mixool],地址[https://github.com/mixool/across/tree/master/wireguard]\n • [SoftCreatR],地址[https://github.com/SoftCreatR/warp-up]\n 下载地址:https://1.1.1.1/,访问和苹果外区 ID 自理\n 获取 WARP+ ID 填到下面。方法:App右上角菜单 三 --> 高级 --> 诊断 --> ID\n 重要:刷脚本后流量没有增加处理:右上角菜单 三 --> 高级 --> 连接选项 --> 重置加密密钥\n 最好配合 screen 在后台运行任务" -E[55]="1. Run [ALIILAPRO] script\n 2. Run [mixool] script\n 3. Run [SoftCreatR] script" -C[55]="1. 运行 [ALIILAPRO] 脚本\n 2. 运行 [mixool] 脚本\n 3. 运行 [SoftCreatR] 脚本" +E[52]="Fail to establish CloudflareWARP interface. Feedback: [https://github.com/fscarmen/warp-sh/issues]" +C[52]="创建 CloudflareWARP 网络接口失败,问题反馈:[https://github.com/fscarmen/warp-sh/issues]" +E[53]="" +C[53]="" +E[54]="" +C[54]="" +E[55]="" +C[55]="" E[56]="The current Netflix region is \$REGION. Confirm press [y] . If you want another regions, please enter the two-digit region abbreviation. \(such as hk,sg. Default is \$REGION\):" C[56]="当前 Netflix 地区是:\$REGION,需要解锁当前地区请按 [y], 如需其他地址请输入两位地区简写 \(如 hk ,sg,默认:\$REGION\):" -E[57]="The target quota you want to get. The unit is GB, the default value is 10:" -C[57]="你希望获取的目标流量值,单位为 GB,输入数字即可,默认值为10:" +E[57]="" +C[57]="" E[58]="Local network interface: CloudflareWARP" C[58]="本地网络接口: CloudflareWARP" E[59]="Cannot find the account file: /etc/wireguard/warp-account.conf, you can reinstall with the WARP+ License" @@ -159,8 +159,8 @@ E[72]="Turn off, uninstall WARP interface, Linux Client and WireProxy (warp u)" C[72]="永久关闭 WARP 网络接口,并删除 WARP、 Linux Client 和 WireProxy (warp u)" E[73]="Upgrade kernel, turn on BBR, change Linux system (warp b)" C[73]="升级内核、安装BBR、DD脚本 (warp b)" -E[74]="Getting WARP+ quota by scripts (warp p)" -C[74]="刷 WARP+ 流量 (warp p)" +E[74]="" +C[74]="" E[75]="Sync the latest version (warp v)" C[75]="同步最新版本 (warp v)" E[76]="Exit" @@ -803,51 +803,6 @@ ip_case() { # 帮助说明 help() { hint " $(text 6) "; } -# 刷 WARP+ 流量 -input() { - reading " $(text 52) " ID - i=5 - until [[ "$ID" =~ ^[A-F0-9a-f]{8}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{12}$ ]]; do - (( i-- )) || true - [ "$i" = 0 ] && error " $(text 29) " || reading " $(text 53) " ID - done -} - -plus() { - echo -e "\n==============================================================\n" - info " $(text 54) " - echo -e "\n==============================================================\n" - hint " $(text 55) " - [ "$OPTION" != p ] && hint " 0. $(text 49) \n" || hint " 0. $(text 76) \n" - reading " $(text 50) " CHOOSEPLUS - case "$CHOOSEPLUS" in - 1 ) - input - [ -x "$(type -p git)" ] || ${PACKAGE_INSTALL[int]} git 2>/dev/null - [ -x "$(type -p python3)" ] || ${PACKAGE_INSTALL[int]} python3 2>/dev/null - [ -d ~/warp-plus-cloudflare ] || ${GH_PROXY}git clone https://github.com/aliilapro/warp-plus-cloudflare.git - echo "$ID" | python3 ~/warp-plus-cloudflare/wp-plus.py - ;; - 2 ) - input - reading " $(text 57) " MISSION - MISSION=${MISSION//[^0-9]/} - bash <(wget --no-check-certificate -qO- -T8 ${GH_PROXY}https://raw.githubusercontent.com/fscarmen/tools/main/warp_plus.sh) $MISSION $ID - ;; - 3 ) - input - reading " $(text 57) " MISSION - MISSION=${MISSION//[^0-9]/} - bash <(wget --no-check-certificate -qO- -T8 ${GH_PROXY}https://raw.githubusercontent.com/SoftCreatR/warp-up/main/warp-up.sh) --disclaimer --id $ID --iterations $MISSION - ;; - 0 ) - [ "$OPTION" != p ] && menu || exit - ;; - * ) - warning " $(text 51) [0-3] "; sleep 1; plus - esac -} - # IPv4 / IPv6 优先设置 stack_priority() { [ "$OPTION" = s ] && case "$PRIORITY_SWITCH" in @@ -1235,7 +1190,6 @@ uninstall() { rm -f /usr/bin/wg-quick.{origin,reserved} rm -f /tmp/{best_mtu,best_endpoint,wireguard-go-*} rm -f /etc/wireguard/{wgcf-account.conf,warp-temp.conf,warp-account.conf,warp_unlock.sh,warp.conf.bak,warp.conf,up,proxy.conf.bak,proxy.conf,menu.sh,license,language,info-temp.log,info.log,down,account-temp.conf,NonGlobalUp.sh,NonGlobalDown.sh} - [ -s /var/lib/cloudflare-warp/mdm.xml ] && rm -f /var/lib/cloudflare-warp/mdm.xml [[ -e /etc/wireguard && -z "$(ls -A /etc/wireguard/)" ]] && rmdir /etc/wireguard # 选择自动卸载依赖执行以下 @@ -1290,11 +1244,11 @@ net() { local NET_4_NONGLOBAL=1 ip_case 4 warp non-global else - [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && ping -c2 -W3 162.159.193.10 >/dev/null 2>&1 && local NET_4_NONGLOBAL=0 && ip_case 4 warp + [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && ping -c2 -W3 162.159.192.1 >/dev/null 2>&1 && local NET_4_NONGLOBAL=0 && ip_case 4 warp fi else [[ "$LAN6" =~ ^[a-f0-9:]{1,}$ ]] && INET6=1 && $PING6 -c2 -w10 2606:4700:d0::a29f:c001 >/dev/null 2>&1 && local NET_6_NONGLOBAL=0 && ip_case 6 warp - [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && INET4=1 && ping -c2 -W3 162.159.193.10 >/dev/null 2>&1 && local NET_4_NONGLOBAL=0 && ip_case 4 warp + [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && INET4=1 && ping -c2 -W3 162.159.192.1 >/dev/null 2>&1 && local NET_4_NONGLOBAL=0 && ip_case 4 warp fi until [[ "$TRACE4$TRACE6" =~ on|plus ]]; do @@ -1356,9 +1310,9 @@ client_onoff() { info " $(text 91) " && exit 0 else warp-cli --accept-tos connect >/dev/null 2>&1 - [ -s /var/lib/cloudflare-warp/mdm.xml ] && sleep 12 || sleep 2 local CLIENT_MODE=$(warp-cli --accept-tos settings | awk '/Mode:/{for (i=0; i/dev/null 2>&1 ip_case d client local CLIENT_ACCOUNT=$(warp-cli --accept-tos registration show 2>/dev/null | awk '/type/{print $3}') [ "$CLIENT_ACCOUNT" = Limited ] && CLIENT_AC='+' && check_quota client @@ -1367,6 +1321,7 @@ client_onoff() { exit 0 elif [ "$CLIENT_MODE" = 'Warp' ]; then + wait_for interface >/dev/null 2>&1 rule_add >/dev/null 2>&1 ip_case d is_luban local CLIENT_ACCOUNT=$(warp-cli --accept-tos registration show 2>/dev/null | awk '/type/{print $3}') @@ -1591,11 +1546,11 @@ EOF if grep -q '^AllowedIPs.*0\.\0\/0' 2>/dev/null /etc/wireguard/warp.conf; then STACK=-4 && ip_case 4 warp non-global else - [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && INET4=1 && ping -c2 -W3 162.159.193.10 >/dev/null 2>&1 && IPV4=1 && STACK=-4 && ip_case 4 warp + [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && INET4=1 && ping -c2 -W3 162.159.192.1 >/dev/null 2>&1 && IPV4=1 && STACK=-4 && ip_case 4 warp fi else [[ "$LAN6" != "::1" && "$LAN6" =~ ^[a-f0-9:]+$ ]] && INET6=1 && $PING6 -c2 -w10 2606:4700:d0::a29f:c001 >/dev/null 2>&1 && IPV6=1 && STACK=-6 && ip_case 6 warp - [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && INET4=1 && ping -c2 -W3 162.159.193.10 >/dev/null 2>&1 && IPV4=1 && STACK=-4 && ip_case 4 warp + [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && INET4=1 && ping -c2 -W3 162.159.192.1 >/dev/null 2>&1 && IPV4=1 && STACK=-4 && ip_case 4 warp fi # 判断当前 WARP 状态,决定变量 PLAN,变量 PLAN 含义:1=单栈 2=双栈 3=WARP已开启 @@ -1815,7 +1770,7 @@ change_port() { case "$f" in 0|1 ) ${CHANGE_PORT1[f]} - sleep 1 + wait_for $PORT ss -nltp | grep -q ":$PORT" && info " $(text 122) " || error " $(text 34) " ;; 2 ) @@ -1823,7 +1778,7 @@ change_port() { case "$MODE" in [1-2] ) $(eval echo "\${CHANGE_IP$MODE[f]}") - sleep 1 + wait_for $PORT ss -nltp | grep -q ":$PORT" && info " $(text 122) " || error " $(text 34) " ;; * ) @@ -1949,10 +1904,10 @@ best_mtu() { # 反复测试最佳 MTU。 Wireguard Header:IPv4=60 bytes,IPv6=80 bytes,1280 ≤ MTU ≤ 1420。 ping = 8(ICMP回显示请求和回显应答报文格式长度) + 20(IP首部) 。 # 详细说明:<[WireGuard] Header / MTU sizes for Wireguard>:https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html MTU=$((1500-28)) - [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 + [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 until [[ $? = 0 || $MTU -le $((1280+80-28)) ]]; do MTU=$((MTU-10)) - [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 + [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 done if [ "$MTU" -eq $((1500-28)) ]; then @@ -1962,7 +1917,7 @@ best_mtu() { else for i in {0..8}; do (( MTU++ )) - ( [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 ) || break + ( [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 ) || break done (( MTU-- )) fi @@ -1983,8 +1938,8 @@ best_endpoint() { rm -f /tmp/{endpoint,ip,endpoint_result} fi - # 如果失败,会有默认值 162.159.193.10:2408 或 [2606:4700:d0::a29f:c001]:2408 - [ "$IPV4$IPV6" = 01 ] && ENDPOINT=${ENDPOINT:-'[2606:4700:d0::a29f:c001]:2408'} || ENDPOINT=${ENDPOINT:-'162.159.193.10:2408'} + # 如果失败,会有默认值 162.159.192.1:2408 或 [2606:4700:d0::a29f:c001]:2408 + [ "$IPV4$IPV6" = 01 ] && ENDPOINT=${ENDPOINT:-'[2606:4700:d0::a29f:c001]:2408'} || ENDPOINT=${ENDPOINT:-'162.159.192.1:2408'} [ ! -e /tmp/noudp ] && echo "$ENDPOINT" > /tmp/best_endpoint } @@ -2447,10 +2402,38 @@ EOF fi } +# 等待进程运行结果函数 +wait_for() { + local WHAT=$1 + local TIME_OUT=0 + local MAX_TIME=30 + until [ "$TIME_OUT" -gt "$MAX_TIME" ]; do + ((TIME_OUT++)) + case "$WHAT" in + interface ) + grep -q 'CloudflareWARP' <<< "$(ip link show | awk -F': ' '{print $2}')" && echo "OK" && return + ;; + socks5 ) + grep -q 'warp-svc' <<< "$(ss -nltp | awk '{print $NF}' | awk -F \" '{print $2}')" && echo "OK" && return + ;; + [0-9]* ) + grep -q ":$WHAT" <<< "$(ss -nltp)" && echo "OK" && return + ;; + esac + sleep 1 + done + echo "NO" +} + client_install() { settings() { # 如果隧道协议选择是 MASQUE,增加相应文件 - [ "$TUNNEL_PROTOCOL" = 'is_masque' ] && warp-cli --accept-tos tunnel protocol set MASQUE >/dev/null 2>&1 || warp-cli --accept-tos tunnel protocol set WireGuard >/dev/null 2>&1 + if [ "$TUNNEL_PROTOCOL" = 'is_masque' ]; then + warp-cli --accept-tos tunnel protocol set MASQUE >/dev/null 2>&1 + else + warp-cli --accept-tos tunnel protocol set WireGuard >/dev/null 2>&1 + fi + # 设置为代理模式,如有 WARP+ 账户,修改 license 并升级 info " $(text 84) " warp-cli --accept-tos registration new >/dev/null 2>&1 @@ -2495,7 +2478,7 @@ client_install() { warp-cli --accept-tos tunnel ip add-range ::0/0 >/dev/null 2>&1 warp-cli --accept-tos mode warp >/dev/null 2>&1 warp-cli --accept-tos connect >/dev/null 2>&1 - [ "$TUNNEL_PROTOCOL" = 'is_wireguard' ] && sleep 5 || sleep 12 + grep -q 'NO' <<< "$(wait_for interface)" && error " $(text 52) " rule_add >/dev/null 2>&1 ip_case d is_luban until [[ -n "$CFWARP_WAN4" && -n "$CFWARP_WAN6" ]]; do @@ -2505,7 +2488,7 @@ client_install() { rule_del >/dev/null 2>&1 sleep 2 warp-cli --accept-tos connect >/dev/null 2>&1 - [ "$TUNNEL_PROTOCOL" = 'is_wireguard' ] && sleep 5 || sleep 12 + grep -q 'NO' <<< "$(wait_for interface)" && error " $(text 52) " rule_add >/dev/null 2>&1 ip_case d is_luban if [ "$i" = "$j" ]; then @@ -2519,8 +2502,7 @@ client_install() { warp-cli --accept-tos mode proxy >/dev/null 2>&1 warp-cli --accept-tos proxy port "$PORT" >/dev/null 2>&1 warp-cli --accept-tos connect >/dev/null 2>&1 - [ -s /var/lib/cloudflare-warp/mdm.xml ] && sleep 12 || sleep 2 - ss -nltp | awk '{print $NF}' | awk -F \" '{print $2}' | grep -q 'warp-svc' && info " $(text 86) " || error " $(text 87) " + grep -q 'OK' <<< "$(wait_for socks5)" && info " $(text 86) " || error " $(text 87) " fi } @@ -2846,7 +2828,7 @@ change_to_plus() { local CLIENT_ACCOUNT=$(warp-cli --accept-tos registration show 2>/dev/null | awk '/type/{print $3}') unset AC && TYPE=' Free' && [ "$CLIENT_ACCOUNT" = Limited ] && CLIENT_AC='+' && TYPE='+' && check_quota client if [ "$CLIENT_MODE" = 'Warp' ]; then - [ -s /var/lib/cloudflare-warp/mdm.xml ] && sleep 12 + grep -q 'NO' <<< "$(wait_for interface)" && error " $(text 52) " rule_add >/dev/null 2>&1 ip_case d is_luban [ "$TYPE" = '+' ] && CLIENT_PLUS="$(text 63): $QUOTA" @@ -3168,7 +3150,7 @@ menu_setting() { MENU_OPTION[5]="5. ${CLIENT_INSTALLED}${CLIENT_NOT_ALLOWED_ARCHITECTURE}$(text 82)" MENU_OPTION[6]="6. $(text 123)" MENU_OPTION[7]="7. $(text 72)" - MENU_OPTION[8]="8. $(text 74)" + MENU_OPTION[8]="8. $(text 78)" MENU_OPTION[9]="9. $(text 73)" MENU_OPTION[10]="10. $(text 75)" MENU_OPTION[11]="11. $(text 80)" @@ -3178,7 +3160,7 @@ menu_setting() { MENU_OPTION[0]="0. $(text 76)" ACTION[4]() { OPTION=o; onoff; } - ACTION[5]() { client_install; }; ACTION[6]() { change_ip; }; ACTION[7]() { uninstall; }; ACTION[8]() { plus; }; ACTION[9]() { bbrInstall; }; ACTION[10]() { ver; }; + ACTION[5]() { client_install; }; ACTION[6]() { change_ip; }; ACTION[7]() { uninstall; }; ACTION[8]() { update; }; ACTION[9]() { bbrInstall; }; ACTION[10]() { ver; }; ACTION[11]() { bash <(curl -sSL https://gitlab.com/fscarmen/warp_unlock/-/raw/main/unlock.sh) -$L; }; ACTION[12]() { IS_ANEMONE=is_anemone ;install; }; ACTION[13]() { IS_PUFFERFFISH=is_pufferffish; install; }; @@ -3243,7 +3225,7 @@ menu() { fi } -# 传参选项 OPTION: 1=为 IPv4 或者 IPv6 补全另一栈WARP; 2=安装双栈 WARP; u=卸载 WARP; b=升级内核、开启BBR及DD; o=WARP开关;p=刷 WARP+ 流量; 其他或空值=菜单界面 +# 传参选项 OPTION: 1=为 IPv4 或者 IPv6 补全另一栈WARP; 2=安装双栈 WARP; u=卸载 WARP; b=升级内核、开启BBR及DD; o=WARP开关; 其他或空值=菜单界面 [ "$1" != '[option]' ] && OPTION="${1,,}" # 参数选项 URL 或 License 或转换 WARP 单双栈 @@ -3272,9 +3254,6 @@ case "$OPTION" in h ) help; exit 0 ;; - p ) - plus; exit 0 - ;; i ) change_ip; exit 0 ;; diff --git a/pc/mac.sh b/pc/mac.sh index 5fba401..a117315 100644 --- a/pc/mac.sh +++ b/pc/mac.sh @@ -296,7 +296,7 @@ install(){ sudo sed -i '' "s#PrivateKey.*#PrivateKey = $PRIVATEKEY#g;s#Address.*32#Address = ${ADDRESS4}/32#g;s#Address.*128#Address = ${ADDRESS6}/128#g;s#PublicKey.*#PublicKey = $PUBLICKEY#g" wgcf-profile.conf # 修改配置文件 wgcf-profile.conf 的内容, 更换 Endpoint 和 DNS - sudo sed -i '' 's/engage.cloudflareclient.com/162.159.193.10/g;s/1.1.1.1/8.8.8.8,&/g' wgcf-profile.conf + sudo sed -i '' 's/engage.cloudflareclient.com/162.159.192.1/g;s/1.1.1.1/8.8.8.8,&/g' wgcf-profile.conf # 把 wgcf-profile.conf 复制到/etc/wireguard/ 并命名为 wgcf.conf sudo cp -f wgcf-profile.conf /etc/wireguard/wgcf.conf diff --git a/warp-go.sh b/warp-go.sh index 3cbc991..19fe0d0 100644 --- a/warp-go.sh +++ b/warp-go.sh @@ -510,10 +510,10 @@ check_install() { # 反复测试最佳 MTU。 Wireguard Header:IPv4=60 bytes,IPv6=80 bytes,1280 ≤ MTU ≤ 1420。 ping = 8(ICMP回显示请求和回显应答报文格式长度) + 20(IP首部) 。 # 详细说明:<[WireGuard] Header / MTU sizes for Wireguard>:https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html MTU=$((1500-28)) - [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 + [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 until [[ $? = 0 || $MTU -le $((1280+80-28)) ]]; do MTU=$((MTU-10)) - [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 + [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 done if [ "$MTU" -eq $((1500-28)) ]; then @@ -523,7 +523,7 @@ check_install() { else for i in {0..8}; do (( MTU++ )) - ( [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 ) || break + ( [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 ) || break done (( MTU-- )) fi @@ -545,8 +545,8 @@ check_install() { rm -f /tmp/{endpoint,ip,endpoint_result} fi - # 如果失败,会有默认值 162.159.193.10:2408 或 [2606:4700:d0::a29f:c001]:2408 - [ "$IPV4$IPV6" = 01 ] && ENDPOINT=${ENDPOINT:-'[2606:4700:d0::a29f:c001]:2408'} || ENDPOINT=${ENDPOINT:-'162.159.193.10:2408'} + # 如果失败,会有默认值 162.159.192.1:2408 或 [2606:4700:d0::a29f:c001]:2408 + [ "$IPV4$IPV6" = 01 ] && ENDPOINT=${ENDPOINT:-'[2606:4700:d0::a29f:c001]:2408'} || ENDPOINT=${ENDPOINT:-'162.159.192.1:2408'} echo "$ENDPOINT" > /tmp/warp-go-endpoint }& @@ -849,7 +849,7 @@ MTU = 1280 [Peer] PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= -Endpoint = 162.159.193.10:1701 +Endpoint = 162.159.192.1:1701 KeepAlive = 30 # AllowedIPs = 0.0.0.0/0 # AllowedIPs = ::/0 @@ -1090,7 +1090,7 @@ EOF [[ "$LAN4" =~ ^([0-9]{1,3}\.){3} ]] && local INET4=1 [[ "$LAN6" != "::1" && "$LAN6" =~ ^[a-f0-9:]+$ ]] && local INET6=1 [ "$INET6" = 1 ] && $PING6 -c2 -w10 2606:4700:d0::a29f:c001 $PING_INTERFACE_4 >/dev/null 2>&1 && IPV6=1 && STACK=-6 - [ "$INET4" = 1 ] && ping -c2 -W3 162.159.193.10 $PING_INTERFACE_6 >/dev/null 2>&1 && IPV4=1 && STACK=-4 + [ "$INET4" = 1 ] && ping -c2 -W3 162.159.192.1 $PING_INTERFACE_6 >/dev/null 2>&1 && IPV4=1 && STACK=-4 [ "$IPV4" = 1 ] && ip4_info [ "$IPV6" = 1 ] && ip6_info @@ -1101,10 +1101,10 @@ best_mtu() { # 反复测试最佳 MTU。 Wireguard Header:IPv4=60 bytes,IPv6=80 bytes,1280 ≤ MTU ≤ 1420。 ping = 8(ICMP回显示请求和回显应答报文格式长度) + 20(IP首部) 。 # 详细说明:<[WireGuard] Header / MTU sizes for Wireguard>:https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html MTU=$((1500-28)) - [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 + [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 until [[ $? = 0 || $MTU -le $((1280+80-28)) ]]; do MTU=$((MTU-10)) - [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 + [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 done if [ "$MTU" -eq $((1500-28)) ]; then @@ -1114,7 +1114,7 @@ best_mtu() { else for i in {0..8}; do (( MTU++ )) - ( [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.193.10 >/dev/null 2>&1 ) || break + ( [ "$IPV4$IPV6" = 01 ] && $PING6 -c1 -W1 -s $MTU -Mdo 2606:4700:d0::a29f:c001 >/dev/null 2>&1 || ping -c1 -W1 -s $MTU -Mdo 162.159.192.1 >/dev/null 2>&1 ) || break done (( MTU-- )) fi @@ -1136,8 +1136,8 @@ best_endpoint() { rm -f /tmp/{endpoint,ip,endpoint_result} fi - # 如果失败,会有默认值 162.159.193.10:2408 或 [2606:4700:d0::a29f:c001]:2408 - [ "$IPV4$IPV6" = 01 ] && ENDPOINT=${ENDPOINT:-'[2606:4700:d0::a29f:c001]:2408'} || ENDPOINT=${ENDPOINT:-'162.159.193.10:2408'} + # 如果失败,会有默认值 162.159.192.1:2408 或 [2606:4700:d0::a29f:c001]:2408 + [ "$IPV4$IPV6" = 01 ] && ENDPOINT=${ENDPOINT:-'[2606:4700:d0::a29f:c001]:2408'} || ENDPOINT=${ENDPOINT:-'162.159.192.1:2408'} echo "$ENDPOINT" > /tmp/warp-go-endpoint } @@ -1353,7 +1353,7 @@ MTU = 1280 [Peer] PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= -Endpoint = 162.159.193.10:1701 +Endpoint = 162.159.192.1:1701 KeepAlive = 30 # AllowedIPs = 0.0.0.0/0 # AllowedIPs = ::/0 @@ -1432,7 +1432,7 @@ EOF # 如没有注册成功,脚本退出 [ ! -s /opt/warp-go/warp.conf ] && error " $(text 104) " - # warp-go 配置修改,其中用到的 162.159.193.10 和 2606:4700:d0::a29f:c001 均是 engage.cloudflareclient.com 的 IP + # warp-go 配置修改,其中用到的 162.159.192.1 和 2606:4700:d0::a29f:c001 均是 engage.cloudflareclient.com 的 IP MTU=$(cat /tmp/warp-go-mtu) && rm -f /tmp/warp-go-mtu ENDPOINT=$(cat /tmp/warp-go-endpoint) && rm -f /tmp/warp-go-endpoint MODIFY014="/Endpoint6/d; /PreUp/d; /::\/0/d; s/162.159.*/$ENDPOINT/g; s#.*AllowedIPs.*#AllowedIPs = 0.0.0.0/0#g; s#.*PostUp.*#PostUp = ip -6 rule add from $LAN6 lookup main#g; s#.*PostDown.*#PostDown = ip -6 rule delete from $LAN6 lookup main\nPostUp = ip -4 rule add from 172.17.0.0\/24 lookup main\nPostDown = ip -4 rule delete from 172.17.0.0\/24 lookup main\n\#PostUp = /opt/warp-go/NonGlobalUp.sh\n\#PostDown = /opt/warp-go/NonGlobalDown.sh#g; s#\(MTU.*\)1280#\1$MTU#g" diff --git a/wireproxy/README.md b/wireproxy/README.md index 957cf6f..18c8fcd 100644 --- a/wireproxy/README.md +++ b/wireproxy/README.md @@ -3,11 +3,11 @@ [![Build status](https://github.com/octeep/wireproxy/actions/workflows/build.yml/badge.svg)](https://github.com/octeep/wireproxy/actions) [![Documentation](https://img.shields.io/badge/godoc-wireproxy-blue)](https://pkg.go.dev/github.com/octeep/wireproxy) -A wireguard client that exposes itself as a socks5 proxy or tunnels. +A wireguard client that exposes itself as a socks5/http proxy or tunnels. # What is this `wireproxy` is a completely userspace application that connects to a wireguard peer, -and exposes a socks5 proxy or tunnels on the machine. This can be useful if you need +and exposes a socks5/http proxy or tunnels on the machine. This can be useful if you need to connect to certain sites via a wireguard peer, but can't be bothered to setup a new network interface for whatever reasons. @@ -20,9 +20,12 @@ and configured my browser to use wireproxy for certain sites. It's pretty useful wireproxy is completely isolated from my network interfaces, and I don't need root to configure anything. +Users who want something similar but for Amnezia VPN can use [this fork](https://github.com/artem-russkikh/wireproxy-awg) +of wireproxy by [@artem-russkikh](https://github.com/artem-russkikh). + # Feature - TCP static routing for client and server -- SOCKS5 proxy (currently only CONNECT is supported) +- SOCKS5/HTTP proxy (currently only CONNECT is supported) # TODO - UDP Support in SOCKS5 @@ -30,11 +33,12 @@ anything. # Usage ``` -./wireproxy -c [path to config] +./wireproxy [-c path to config] ``` ``` -usage: wireproxy [-h|--help] -c|--config "" [-d|--daemon] +usage: wireproxy [-h|--help] [-c|--config ""] [-s|--silent] + [-d|--daemon] [-i|--info ""] [-v|--version] [-n|--configtest] Userspace wireguard client for proxying @@ -43,18 +47,26 @@ Arguments: -h --help Print help information -c --config Path of configuration file + Default paths: /etc/wireproxy/wireproxy.conf, $HOME/.config/wireproxy.conf + -s --silent Silent mode -d --daemon Make wireproxy run in background + -i --info Specify the address and port for exposing health status + -v --version Print version -n --configtest Configtest mode. Only check the configuration file for validity. + ``` # Build instruction ``` git clone https://github.com/octeep/wireproxy cd wireproxy -go build ./cmd/wireproxy +make ``` +# Use with VPN +Instructions for using wireproxy with Firefox container tabs and auto-start on MacOS can be found [here](/UseWithVPN.md). + # Sample config file ``` # The [Interface] and [Peer] configurations follow the same semantics and meaning @@ -65,6 +77,7 @@ go build ./cmd/wireproxy Address = 10.200.200.2/32 # The subnet should be /32 and /128 for IPv4 and v6 respectively # MTU = 1420 (optional) PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q= +# PrivateKey = $MY_WIREGUARD_PRIVATE_KEY # Alternatively, reference environment variables DNS = 10.200.200.1 [Peer] @@ -89,6 +102,16 @@ Target = play.cubecraft.net:25565 ListenPort = 3422 Target = localhost:25545 +# STDIOTunnel is a tunnel connecting the standard input and output of the wireproxy +# process to the specified TCP target via wireguard. +# This is especially useful to use wireproxy as a ProxyCommand parameter in openssh +# For example: +# ssh -o ProxyCommand='wireproxy -c myconfig.conf' ssh.myserver.net +# Flow: +# Piped command -->(wireguard)--> ssh.myserver.net:22 +[STDIOTunnel] +Target = ssh.myserver.net:22 + # Socks5 creates a socks5 proxy on your LAN, and all traffic would be routed via wireguard. [Socks5] BindAddress = 127.0.0.1:25344 @@ -98,6 +121,16 @@ BindAddress = 127.0.0.1:25344 #Username = ... # Avoid using spaces in the password field #Password = ... + +# http creates a http proxy on your LAN, and all traffic would be routed via wireguard. +[http] +BindAddress = 127.0.0.1:25345 + +# HTTP authentication parameters, specifying username and password enables +# proxy authentication. +#Username = ... +# Avoid using spaces in the password field +#Password = ... ``` Alternatively, if you already have a wireguard config, you can import it in the @@ -115,3 +148,109 @@ WGConfig = [Socks5] ... ``` + +Having multiple peers is also supported. `AllowedIPs` would need to be specified +such that wireproxy would know which peer to forward to. +``` +[Interface] +Address = 10.254.254.40/32 +PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= + +[Peer] +Endpoint = 192.168.0.204:51820 +PublicKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY= +AllowedIPs = 10.254.254.100/32 +PersistentKeepalive = 25 + +[Peer] +PublicKey = ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ= +AllowedIPs = 10.254.254.1/32, fdee:1337:c000:d00d::1/128 +Endpoint = 172.16.0.185:44044 +PersistentKeepalive = 25 + + +[TCPServerTunnel] +ListenPort = 5000 +Target = service-one.servicenet:5000 + +[TCPServerTunnel] +ListenPort = 5001 +Target = service-two.servicenet:5001 + +[TCPServerTunnel] +ListenPort = 5080 +Target = service-three.servicenet:80 +``` + +Wireproxy can also allow peers to connect to it: +``` +[Interface] +ListenPort = 5400 +... + +[Peer] +PublicKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY= +AllowedIPs = 10.254.254.100/32 +# Note there is no Endpoint defined here. +``` +# Health endpoint +Wireproxy supports exposing a health endpoint for monitoring purposes. +The argument `--info/-i` specifies an address and port (e.g. `localhost:9080`), which exposes a HTTP server that provides health status metric of the server. + +Currently two endpoints are implemented: + +`/metrics`: Exposes information of the wireguard daemon, this provides the same information you would get with `wg show`. [This](https://www.wireguard.com/xplatform/#example-dialog) shows an example of what the response would look like. + +`/readyz`: This responds with a json which shows the last time a pong is received from an IP specified with `CheckAlive`. When `CheckAlive` is set, a ping is sent out to addresses in `CheckAlive` per `CheckAliveInterval` seconds (defaults to 5) via wireguard. If a pong has not been received from one of the addresses within the last `CheckAliveInterval` seconds (+2 seconds for some leeway to account for latency), then it would respond with a 503, otherwise a 200. + +For example: +``` +[Interface] +PrivateKey = censored +Address = 10.2.0.2/32 +DNS = 10.2.0.1 +CheckAlive = 1.1.1.1, 3.3.3.3 +CheckAliveInterval = 3 + +[Peer] +PublicKey = censored +AllowedIPs = 0.0.0.0/0 +Endpoint = 149.34.244.174:51820 + +[Socks5] +BindAddress = 127.0.0.1:25344 +``` +`/readyz` would respond with +``` +< HTTP/1.1 503 Service Unavailable +< Date: Thu, 11 Apr 2024 00:54:59 GMT +< Content-Length: 35 +< Content-Type: text/plain; charset=utf-8 +< +{"1.1.1.1":1712796899,"3.3.3.3":0} +``` + +And for: +``` +[Interface] +PrivateKey = censored +Address = 10.2.0.2/32 +DNS = 10.2.0.1 +CheckAlive = 1.1.1.1 +``` +`/readyz` would respond with +``` +< HTTP/1.1 200 OK +< Date: Thu, 11 Apr 2024 00:56:21 GMT +< Content-Length: 23 +< Content-Type: text/plain; charset=utf-8 +< +{"1.1.1.1":1712796979} +``` + +If nothing is set for `CheckAlive`, an empty JSON object with 200 will be the response. + +The peer which the ICMP ping packet is routed to depends on the `AllowedIPs` set for each peers. + +# Stargazers over time +[![Stargazers over time](https://starchart.cc/octeep/wireproxy.svg)](https://starchart.cc/octeep/wireproxy) \ No newline at end of file