diff --git a/docs/configuration/endpoint/index.md b/docs/configuration/endpoint/index.md new file mode 100644 index 00000000..e40333db --- /dev/null +++ b/docs/configuration/endpoint/index.md @@ -0,0 +1,32 @@ +--- +icon: material/new-box +--- + +!!! question "Since sing-box 1.11.0" + +# Endpoint + +Endpoint is protocols that has both inbound and outbound behavior. + +### Structure + +```json +{ + "endpoints": [ + { + "type": "", + "tag": "" + } + ] +} +``` + +### Fields + +| Type | Format | +|-------------|---------------------------| +| `wireguard` | [WireGuard](./wireguard/) | + +#### tag + +The tag of the endpoint. diff --git a/docs/configuration/endpoint/index.zh.md b/docs/configuration/endpoint/index.zh.md new file mode 100644 index 00000000..69ba2d09 --- /dev/null +++ b/docs/configuration/endpoint/index.zh.md @@ -0,0 +1,32 @@ +--- +icon: material/new-box +--- + +!!! question "自 sing-box 1.11.0 起" + +# 端点 + +端点是具有入站和出站行为的协议。 + +### 结构 + +```json +{ + "endpoints": [ + { + "type": "", + "tag": "" + } + ] +} +``` + +### 字段 + +| 类型 | 格式 | +|-------------|---------------------------| +| `wireguard` | [WireGuard](./wiregaurd/) | + +#### tag + +端点的标签。 diff --git a/docs/configuration/endpoint/wireguard.md b/docs/configuration/endpoint/wireguard.md new file mode 100644 index 00000000..2d792e02 --- /dev/null +++ b/docs/configuration/endpoint/wireguard.md @@ -0,0 +1,138 @@ +--- +icon: material/new-box +--- + +!!! question "Since sing-box 1.11.0" + +### Structure + +```json +{ + "type": "wireguard", + "tag": "wg-ep", + + "system": false, + "name": "", + "mtu": 1408, + "gso": false, + "address": [], + "private_key": "", + "listen_port": 10000, + "peers": [ + { + "address": "127.0.0.1", + "port": 10001, + "public_key": "", + "pre_shared_key": "", + "allowed_ips": [], + "persistent_keepalive_interval": 0, + "reserved": [0, 0, 0] + } + ], + "udp_timeout": "", + "workers": 0, + + ... // Dial Fields +} +``` + +### Fields + +#### system + +Use system interface. + +Requires privilege and cannot conflict with exists system interfaces. + +#### name + +Custom interface name for system interface. + +#### mtu + +WireGuard MTU. + +`1408` will be used by default. + +#### gso + +!!! quote "" + + Only supported on Linux. + +Try to enable generic segmentation offload. + +#### address + +==Required== + +List of IP (v4 or v6) address prefixes to be assigned to the interface. + +#### private_key + +==Required== + +WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility: + +```shell +wg genkey +echo "private key" || wg pubkey +``` + +or `sing-box generate wg-keypair`. + +#### peers + +==Required== + +List of WireGuard peers. + +#### peers.address + +WireGuard peer address. + +#### peers.port + +WireGuard peer port. + +#### peers.public_key + +==Required== + +WireGuard peer public key. + +#### peers.pre_shared_key + +WireGuard peer pre-shared key. + +#### peers.allowed_ips + +==Required== + +WireGuard allowed IPs. + +#### peers.persistent_keepalive_interval + +WireGuard persistent keepalive interval, in seconds. + +Disabled by default. + +#### peers.reserved + +WireGuard reserved field bytes. + +#### udp_timeout + +UDP NAT expiration time. + +`5m` will be used by default. + +#### workers + +WireGuard worker count. + +CPU count is used by default. + +### Dial Fields + +See [Dial Fields](/configuration/shared/dial/) for details. diff --git a/docs/configuration/endpoint/wireguard.zh.md b/docs/configuration/endpoint/wireguard.zh.md new file mode 100644 index 00000000..8941b630 --- /dev/null +++ b/docs/configuration/endpoint/wireguard.zh.md @@ -0,0 +1,140 @@ +--- +icon: material/new-box +--- + +!!! question "自 sing-box 1.11.0 起" + +### 结构 + +```json +{ + "type": "wireguard", + "tag": "wg-ep", + + "system": false, + "name": "", + "mtu": 1408, + "gso": false, + "address": [], + "private_key": "", + "listen_port": 10000, + "peers": [ + { + "address": "127.0.0.1", + "port": 10001, + "public_key": "", + "pre_shared_key": "", + "allowed_ips": [], + "persistent_keepalive_interval": 0, + "reserved": [0, 0, 0] + } + ], + "udp_timeout": "", + "workers": 0, + + ... // 拨号字段 +} +``` + +### 字段 + +#### system_interface + +使用系统设备。 + +需要特权且不能与已有系统接口冲突。 + +#### name + +为系统接口自定义设备名称。 + +#### mtu + +WireGuard MTU。 + +默认使用 1408。 + +#### gso + +!!! quote "" + + 仅支持 Linux。 + +尝试启用通用分段卸载。 + +#### address + +==必填== + +接口的 IPv4/IPv6 地址或地址段的列表您。 + +要分配给接口的 IP(v4 或 v6)地址段列表。 + +#### private_key + +==必填== + +WireGuard 需要 base64 编码的公钥和私钥。 这些可以使用 wg(8) 实用程序生成: + +```shell +wg genkey +echo "private key" || wg pubkey +``` + +或 `sing-box generate wg-keypair`. + +#### peers + +==必填== + +WireGuard 对等方的列表。 + +#### peers.address + +对等方的 IP 地址。 + +#### peers.port + +对等方的 WireGuard 端口。 + +#### peers.public_key + +==必填== + +对等方的 WireGuard 公钥。 + +#### peers.pre_shared_key + +对等方的预共享密钥。 + +#### peers.allowed_ips + +==必填== + +对等方的允许 IP 地址。 + +#### peers.persistent_keepalive_interval + +对等方的持久性保持活动间隔,以秒为单位。 + +默认禁用。 + +#### peers.reserved + +对等方的保留字段字节。 + +#### udp_timeout + +UDP NAT 过期时间。 + +默认使用 `5m`。 + +#### workers + +WireGuard worker 数量。 + +默认使用 CPU 数量。 + +### 拨号字段 + +参阅 [拨号字段](/zh/configuration/shared/dial/)。 diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index 420f77a9..353bb0ef 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -360,7 +360,9 @@ Performance may degrade slightly, so it is not recommended to enable on when it #### udp_timeout -UDP NAT expiration time in seconds, default is 300 (5 minutes). +UDP NAT expiration time. + +`5m` will be used by default. #### stack diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md index e7f69483..147d4cf2 100644 --- a/docs/configuration/inbound/tun.zh.md +++ b/docs/configuration/inbound/tun.zh.md @@ -356,7 +356,9 @@ tun 接口的 IPv6 前缀。 #### udp_timeout -UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。 +UDP NAT 过期时间。 + +默认使用 `5m`。 #### stack diff --git a/docs/configuration/index.md b/docs/configuration/index.md index 0c22fc25..05e6a87d 100644 --- a/docs/configuration/index.md +++ b/docs/configuration/index.md @@ -9,6 +9,7 @@ sing-box uses JSON for configuration files. "log": {}, "dns": {}, "ntp": {}, + "endpoints": [], "inbounds": [], "outbounds": [], "route": {}, @@ -23,6 +24,7 @@ sing-box uses JSON for configuration files. | `log` | [Log](./log/) | | `dns` | [DNS](./dns/) | | `ntp` | [NTP](./ntp/) | +| `endpoints` | [Endpoint](./endpoint/) | | `inbounds` | [Inbound](./inbound/) | | `outbounds` | [Outbound](./outbound/) | | `route` | [Route](./route/) | diff --git a/docs/configuration/index.zh.md b/docs/configuration/index.zh.md index 0d24a7ca..6aeb4857 100644 --- a/docs/configuration/index.zh.md +++ b/docs/configuration/index.zh.md @@ -8,6 +8,7 @@ sing-box 使用 JSON 作为配置文件格式。 { "log": {}, "dns": {}, + "endpoints": [], "inbounds": [], "outbounds": [], "route": {}, @@ -21,6 +22,7 @@ sing-box 使用 JSON 作为配置文件格式。 |----------------|------------------------| | `log` | [日志](./log/) | | `dns` | [DNS](./dns/) | +| `endpoints` | [端点](./endpoint/) | | `inbounds` | [入站](./inbound/) | | `outbounds` | [出站](./outbound/) | | `route` | [路由](./route/) | diff --git a/docs/configuration/outbound/wireguard.md b/docs/configuration/outbound/wireguard.md index c3f51f1f..e3d2671a 100644 --- a/docs/configuration/outbound/wireguard.md +++ b/docs/configuration/outbound/wireguard.md @@ -1,3 +1,11 @@ +--- +icon: material/delete-clock +--- + +!!! failure "Deprecated in sing-box 1.11.0" + + WireGuard outbound is deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-wireguard-outbound-to-endpoint). + !!! quote "Changes in sing-box 1.8.0" :material-plus: [gso](#gso) @@ -15,7 +23,7 @@ "gso": false, "interface_name": "wg0", "local_address": [ - "10.0.0.2/32" + "10.0.0.1/32" ], "private_key": "YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=", "peers": [ diff --git a/docs/configuration/outbound/wireguard.zh.md b/docs/configuration/outbound/wireguard.zh.md index 5de28132..63f2ddfd 100644 --- a/docs/configuration/outbound/wireguard.zh.md +++ b/docs/configuration/outbound/wireguard.zh.md @@ -1,3 +1,11 @@ +--- +icon: material/delete-clock +--- + +!!! failure "已在 sing-box 1.11.0 废弃" + + WireGuard 出站已被启用,且将在 sing-box 1.13.0 中被移除,参阅 [迁移指南](/migration/#migrate-wireguard-outbound-to-endpoint)。 + !!! quote "sing-box 1.8.0 中的更改" :material-plus: [gso](#gso) @@ -15,7 +23,7 @@ "gso": false, "interface_name": "wg0", "local_address": [ - "10.0.0.2/32" + "10.0.0.1/32" ], "private_key": "YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=", "peer_public_key": "Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=", diff --git a/docs/configuration/shared/listen.md b/docs/configuration/shared/listen.md index fa6a05b9..3e1b000f 100644 --- a/docs/configuration/shared/listen.md +++ b/docs/configuration/shared/listen.md @@ -68,9 +68,9 @@ Enable UDP fragmentation. #### udp_timeout -UDP NAT expiration time in seconds. +UDP NAT expiration time. -`5m` is used by default. +`5m` will be used by default. #### detour diff --git a/docs/configuration/shared/listen.zh.md b/docs/configuration/shared/listen.zh.md index 3b472c4d..4f8ca9d6 100644 --- a/docs/configuration/shared/listen.zh.md +++ b/docs/configuration/shared/listen.zh.md @@ -69,7 +69,7 @@ icon: material/delete-clock #### udp_timeout -UDP NAT 过期时间,以秒为单位。 +UDP NAT 过期时间。 默认使用 `5m`。 diff --git a/docs/deprecated.md b/docs/deprecated.md index 5dcec562..b72ee11e 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -28,6 +28,13 @@ Destination override fields (`override_address` / `override_port`) in direct out and can be replaced by rule actions, check [Migration](../migration/#migrate-destination-override-fields-to-route-options). +#### WireGuard outbound + +WireGuard outbound is deprecated and can be replaced by endpoint, +check [Migration](../migration/#migrate-wireguard-outbound-to-endpoint). + +Old outbound will be removed in sing-box 1.13.0. + ## 1.10.0 #### TUN address fields are merged diff --git a/docs/deprecated.zh.md b/docs/deprecated.zh.md index 6f6c839f..220725a9 100644 --- a/docs/deprecated.zh.md +++ b/docs/deprecated.zh.md @@ -27,6 +27,13 @@ direct 出站中的目标地址覆盖字段(`override_address` / `override_por 旧字段将在 sing-box 1.13.0 中被移除。 +#### WireGuard 出站 + +WireGuard 出站已废弃且可以通过端点替代, +参阅 [迁移指南](/migration/#migrate-wireguard-outbound-to-endpoint)。 + +旧出站将在 sing-box 1.13.0 中被移除。 + ## 1.10.0 #### Match source 规则项已重命名 diff --git a/docs/migration.md b/docs/migration.md index ea1afa2d..480c0d50 100644 --- a/docs/migration.md +++ b/docs/migration.md @@ -194,6 +194,78 @@ Destination override fields in direct outbound are deprecated and can be replace } ``` +### Migrate WireGuard outbound to endpoint + +WireGuard outbound is deprecated and can be replaced by endpoint. + +!!! info "References" + + [Endpoint](/configuration/endpoint/) / + [WireGuard Endpoint](/configuration/endpoint/wireguard/) / + [WireGuard Outbound](/configuration/outbound/wireguard/) + +=== ":material-card-remove: Deprecated" + + ```json + { + "outbounds": [ + { + "type": "wireguard", + "tag": "wg-out", + + "server": "127.0.0.1", + "server_port": 10001, + "system_interface": true, + "gso": true, + "interface_name": "wg0", + "local_address": [ + "10.0.0.1/32" + ], + "private_key": "", + "peer_public_key": "", + "pre_shared_key": "", + "reserved": [0, 0, 0], + "mtu": 1408 + } + ] + } + ``` + +=== ":material-card-multiple: New" + + ```json + { + "endpoints": [ + { + "type": "wireguard", + "tag": "wg-ep", + "system": true, + "name": "wg0", + "mtu": 1408, + "gso": true, + "address": [ + "10.0.0.2/32" + ], + "private_key": "", + "listen_port": 10000, + "peers": [ + { + "address": "127.0.0.1", + "port": 10001, + "public_key": "", + "pre_shared_key": "", + "allowed_ips": [ + "0.0.0.0/0" + ], + "persistent_keepalive_interval": 30, + "reserved": [0, 0, 0] + } + ] + } + ] + } + ``` + ## 1.10.0 ### TUN address fields are merged diff --git a/docs/migration.zh.md b/docs/migration.zh.md index 73afbb05..f03f63b0 100644 --- a/docs/migration.zh.md +++ b/docs/migration.zh.md @@ -104,7 +104,6 @@ icon: material/arrange-bring-forward ### 迁移旧的入站字段到规则动作 - 入站选项已被弃用,且可以被规则动作替代。 !!! info "参考" @@ -196,6 +195,78 @@ direct 出站中的目标地址覆盖字段已废弃,且可以被路由字段 } ``` +### 迁移 WireGuard 出站到端点 + +WireGuard 出站已被弃用,且可以被端点替代。 + +!!! info "参考" + + [端点](/zh/configuration/endpoint/) / + [WireGuard 端点](/zh/configuration/endpoint/wireguard/) / + [WireGuard 出站](/zh/configuration/outbound/wireguard/) + +=== ":material-card-remove: 弃用的" + + ```json + { + "outbounds": [ + { + "type": "wireguard", + "tag": "wg-out", + + "server": "127.0.0.1", + "server_port": 10001, + "system_interface": true, + "gso": true, + "interface_name": "wg0", + "local_address": [ + "10.0.0.1/32" + ], + "private_key": "", + "peer_public_key": "", + "pre_shared_key": "", + "reserved": [0, 0, 0], + "mtu": 1408 + } + ] + } + ``` + +=== ":material-card-multiple: 新的" + + ```json + { + "endpoints": [ + { + "type": "wireguard", + "tag": "wg-ep", + "system": true, + "name": "wg0", + "mtu": 1408, + "gso": true, + "address": [ + "10.0.0.2/32" + ], + "private_key": "", + "listen_port": 10000, + "peers": [ + { + "address": "127.0.0.1", + "port": 10001, + "public_key": "", + "pre_shared_key": "", + "allowed_ips": [ + "0.0.0.0/0" + ], + "persistent_keepalive_interval": 30, + "reserved": [0, 0, 0] + } + ] + } + ] + } + ``` + ## 1.10.0 ### TUN 地址字段已合并 diff --git a/mkdocs.yml b/mkdocs.yml index 66e8a2e9..4854fa4a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -112,6 +112,9 @@ nav: - V2Ray Transport: configuration/shared/v2ray-transport.md - UDP over TCP: configuration/shared/udp-over-tcp.md - TCP Brutal: configuration/shared/tcp-brutal.md + - Endpoint: + - configuration/endpoint/index.md + - WireGuard: configuration/endpoint/wireguard.md - Inbound: - configuration/inbound/index.md - Direct: configuration/inbound/direct.md @@ -241,6 +244,7 @@ plugins: Multiplex: 多路复用 V2Ray Transport: V2Ray 传输层 + Endpoint: 端点 Inbound: 入站 Outbound: 出站