Projekte

User Tools

Site Tools

Trace: wireguard_access_ipv4_to_ipv6_tunnel
network:vpn:wireguard_access_ipv4_to_ipv6_tunnel

**This is an old revision of the document!**

Table of Contents

Wireguard access IPv4 to IPv6 tunnel

Using udp2raw:

IPv4/IPv6 proxy

Install binaries from GitHub: 

curl -L https://github.com/wangyu-/udp2raw/releases/download/20230206.0/udp2raw_binaries.tar.gz -o udp2raw_binaries_20230206.0.tar.gz
mkdir udp2raw
cd udp2raw
tar -xf ../udp2raw_binaries*.tar.gz
cp udp2raw_amd64_hw_aes /usr/bin
setcap cap_net_raw+ep /usr/bin/udp2raw_amd64_hw_aes
cd ..
rm -rf udp2raw

/etc/systemd/system/udp2raw-wireguard-machine-deck.service (uses vars that are also relevant for HAProxy): 

[Unit]
Description=udp2raw forward WireGuard machine-deck
After=syslog.target network.target auditd.service
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/default/haproxy
PermissionsStartOnly=true
# Generate /usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple -g
ExecStartPre=ip6tables -I INPUT -s $(MD_IPV6_PREFIX)::235 -p tcp -m tcp --sport 38864 -j DROP
User=nobody
ExecStart=/usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple
# As root ExecStart=/usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple -a
ExecReload=/bin/kill -HUP
ExecStop=/bin/kill -s QUIT PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target

WireGuard host (PiKVM)

Install from arch repos: 

pacman -Ss udp2raw

/etc/systemd/system/udp2raw-wireguard-server.service 

[Unit]
Description=udp2raw forward server for WireGuard
After=syslog.target network.target auditd.service
[Service]
Type=simple
NotifyAccess=all
PermissionsStartOnly=true
# Generate /usr/bin/udp2raw -s -l [::]:38864 -r [::1]:38865 -k 3886538864 --cipher-mode xor --auth-mode simple -g
ExecStartPre=ip6tables -I INPUT -p tcp -m tcp --dport 38864 -j DROP
User=nobody
ExecStart=/usr/bin/udp2raw -s -l [::]:38864 -r [::1]:38865 -k 3886538864 --cipher-mode xor --auth-mode simple
# As root ExecStart=/usr/bin/udp2raw -s -l [::]:38864 -r [::1]:38865 -k 3886538864 --cipher-mode xor --auth-mode simple -a
ExecReload=/bin/kill -HUP
ExecStop=/bin/kill -s QUIT PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
network/vpn/wireguard_access_ipv4_to_ipv6_tunnel.1692137058.txt.gz · Last modified: by admin