sing-box/docs/configuration/outbound/wireguard.md
世界 89c723e3e4
Improve read wait interface &
Refactor Authenticator interface to struct &
Update smux &
Update gVisor to 20231204.0 &
Update quic-go to v0.40.1 &
Update wireguard-go &
Add GSO support for TUN/WireGuard &
Fix router pre-start &
Fix bind forwarder to interface for systems stack
2024-01-03 12:21:47 +08:00

2.5 KiB

icon
material/new-box

!!! quote "Changes in sing-box 1.8.0"

:material-plus: [gso](#gso)  

Structure

{
  "type": "wireguard",
  "tag": "wireguard-out",
  
  "server": "127.0.0.1",
  "server_port": 1080,
  "system_interface": false,
  "gso": false,
  "interface_name": "wg0",
  "local_address": [
    "10.0.0.2/32"
  ],
  "private_key": "YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=",
  "peers": [
    {
      "server": "127.0.0.1",
      "server_port": 1080,
      "public_key": "Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=",
      "pre_shared_key": "31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=",
      "allowed_ips": [
        "0.0.0.0/0"
      ],
      "reserved": [0, 0, 0]
    }
  ],
  "peer_public_key": "Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=",
  "pre_shared_key": "31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=",
  "reserved": [0, 0, 0],
  "workers": 4,
  "mtu": 1408,
  "network": "tcp",

  ... // Dial Fields
}

Fields

server

==Required if multi-peer disabled==

The server address.

server_port

==Required if multi-peer disabled==

The server port.

system_interface

Use system interface.

Requires privilege and cannot conflict with exists system interfaces.

Forced if gVisor not included in the build.

interface_name

Custom interface name for system interface.

gso

!!! question "Since sing-box 1.8.0"

!!! quote ""

Only supported on Linux.

Try to enable generic segmentation offload.

local_address

==Required==

List of IP (v4 or v6) address prefixes to be assigned to the interface.

private_key

==Required==

WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:

wg genkey
echo "private key" || wg pubkey

peers

Multi-peer support.

If enabled, server, server_port, peer_public_key, pre_shared_key will be ignored.

peers.allowed_ips

WireGuard allowed IPs.

peers.reserved

WireGuard reserved field bytes.

$outbound.reserved will be used if empty.

peer_public_key

==Required if multi-peer disabled==

WireGuard peer public key.

pre_shared_key

WireGuard pre-shared key.

reserved

WireGuard reserved field bytes.

workers

WireGuard worker count.

CPU count is used by default.

mtu

WireGuard MTU.

1408 will be used if empty.

network

Enabled network

One of tcp udp.

Both is enabled by default.

Dial Fields

See Dial Fields for details.