# Wireguard access IPv4 to IPv6 tunnel

Using [udp2raw](https://github.com/wangyu-/udp2raw):

## IPv4/IPv6 proxy
Install binaries from GitHub:
```bash
curl -L https://github.com/wangyu-/udp2raw/releases/download/20230206.0/udp2raw_binaries.tar.gz -o udp2raw_binaries_20230206.0.tar.gz
mkdir udp2raw
cd udp2raw
tar -xf ../udp2raw_binaries*.tar.gz
cp udp2raw_amd64_hw_aes /usr/bin
# This is for testing as a unpriviledged user see below
setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /usr/bin/udp2raw_amd64_hw_aes
cd ..
rm -rf udp2raw
```
`/etc/systemd/system/udp2raw-wireguard-machine-deck.service` (uses vars that are also relevant for HAProxy):
```ini
[Unit]
Description=udp2raw forward WireGuard machine-deck
After=syslog.target network.target auditd.service
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/default/haproxy
PermissionsStartOnly=true
# Generate /usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple -g
ExecStartPre=ip6tables -I INPUT -s $(MD_IPV6_PREFIX)::235 -p tcp -m tcp --sport 38864 -j DROP
DynamicUser=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
ExecStart=/usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple
# As root ExecStart=/usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple -a
ExecReload=/bin/kill -HUP
ExecStop=/bin/kill -s QUIT
PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
```
## WireGuard host (PiKVM)
Install from arch repos:
```bash
pacman -Ss udp2raw
```
`/etc/systemd/system/udp2raw-wireguard-server.service`
```ini
[Unit]
Description=udp2raw forward server for WireGuard
After=syslog.target network.target auditd.service
[Service]
Type=simple
NotifyAccess=all
PermissionsStartOnly=true
# Generate /usr/bin/udp2raw -s -l [::]:38864 -r [::1]:38865 -k 3886538864 --cipher-mode xor --auth-mode simple -g
ExecStartPre=ip6tables -I INPUT -p tcp -m tcp --dport 38864 -j DROP
User=nobody
ExecStart=/usr/bin/udp2raw -s -l [::]:38864 -r [::1]:38865 -k 3886538864 --cipher-mode xor --auth-mode simple
# As root ExecStart=/usr/bin/udp2raw -s -l [::]:38864 -r [::1]:38865 -k 3886538864 --cipher-mode xor --auth-mode simple -a
ExecReload=/bin/kill -HUP
ExecStop=/bin/kill -s QUIT PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
```