Comments (9)
@OnceUponATimeInAmerica
Sorry! I didn't answer in this issue.
Yes, based on this thread and #896 , it was tested and deployed.
I hope it could help.
Don't hesitate to inform me if there is any problem or ambiguity.
from x-ui.
Many thanks to Alireza for adding this capability.
It think there might be some misunderstanding in mapping WireGuard features/concepts to those of v2ray/Xray.
My own understanding is that for each node's WireGuard config, its [Interface]
section very roughly maps to v2ray's concept of an inbound
(how the node listens for connections and authenticates) and its [Peer]
section (also very roughly) maps to Xray's outbound
object definition (what address and port should it call, etc.).
Therefore, when we use the x-ui panel to create a WireGuard config ("creating inbound"), we are actually creating a WireGuard client-config
and ALSO adding a new [Peer]
section to server's (already existing) WireGuard server-config
.
The UI should automatically generate a single public/private key pair for the new client.
Server's public-private key pair must have been generated earlier (e.g. created in Xray Configs
section of the x-ui panel and later used when creating inbounds/WireGuard-clients). In other words, the panel must generate private/public key pair and listening port for the server node only once (as part of its [Interface]
section of the server config) and it does not need to show the user, server's private key (only its public key which is copied into client config).
Then later when the panel generates the final WireGuard client-config
(to be copied to clipboard), it should (perhaps) use the WireGuard .conf
file format. The panel must put in the WireGuard client config the following:
- Client's private key (generated on-demand by the panel);
- Client's virtual/VPN address (in its
[Interface]
section (this address must be unique in server's config and must be added to it as a new[Peer]
section); - Server's (already generated and fixed) public key and also its (real/physical) address and WireGuard listening port (
Endpoint
). I am not sure if server's listening WireGuard port should also be fixed (it probably must). AllowedIPs
entry in client config is usually0.0.0.0/0,::/0
Upon creation of the new client config, the panel must also add the following to its own server config (again possibly created from Xray Configs
page of the panel):
- Server config's
[Interface]
section remains unchanged, of course. - A new [Peer] section is added to the server WireGuard config (contained in Xray code config's
inbounds
array perhaps) with client's newly generatedPublicKey
and theAllowedIPs
entry usually contains the client's virtual/VPN ip4v and ipv6, e.g.AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
(same subnet as the server's). - The use of
PresharedKey
is optional and must be same in the correspondingPeer
sections of both client and server WireGuard configs.
In summary the generated WireGuard config (=copied link) for the end user must contain server's (fixed and not per client config) public key and client's private key; The client's public key must also be added to [Peers]
section of the WireGuard server config which is kept at the server (as part of Xray core config).
Also because there are no real clients and servers in WireGuard and just peers, the Wireguard client side should ( in principle) generate their own private/public key pair and provide only the public one to the "server" party; But this is inconvenient in commercial VPN setups and the VPN provider (which operates the "server") usually generates all the keys for all clients (as the x-ui panel should do in this case). The "add inbound" page of the x-ui panel, seems like the logical place to generate the client (end-user) public-private keys. But then, this creates the problem of storing client's private key at the server: It cannot be in the Xray-core config file so it must be somewhere in panel's x-ui.db
! (Maybe reuse the unused stream_settings
column for that purpose?)
Mapping WireGuard's (asymmetric, peer-based) model to Xray/x-ui's is indeed somewhat difficult but achievable and worthwhile.
ref 1.
I hope I didn't make too many mistakes and sorry for the long post.
Thank you and ممنون.
from x-ui.
@Songxwn Actually it is not true!
Wireguard protocol is a peer-to-peer protocol and not site-client.
But hopefully we can convert it to multi peer configuration with providing link+qrcode.
I should find a standard way for it.
from x-ui.
it seems that wireguard is only applicable to outbound
from x-ui.
Thanks to the developer for the answer, you can refer to this project for client access generation.
https://github.com/ngoduykhanh/wireguard-ui
from x-ui.
The concept behinh the Wireguard protocol in xray-core is for tunneling known servers.
Most Wireguard client apps are able to prepare their own key-pair. Therefore client's public key should be stored in wireguard inbound. That means we should prepare client and server together and exchange the public keys.
We cannot expect that peers could play a rule as well as clients in other potocols like VLESS.
By this concept, in my opinion it is not necessary to prepare client's configs in advance.
Wireguard links have two two models: wireguard://
and wg://
I will take a look at other applications if I can convert it to sth like multi-client interface.
Then it is also possible to convert the link in outbound modal.
from x-ui.
xray wireguard inbound is a site-client function, not a site-to-site function. I feel it is better to automatically generate Peer configuration to facilitate client access.
from x-ui.
I think the issue has been resolved in a pretty straightforward fashion in the latest update and can be closed now. Thanks to Alireza.
from x-ui.
Thank you very much for the support. I feel that after testing, it can be closed.
from x-ui.
Related Issues (20)
- How to set the European date format? HOT 23
- metadataOnly & routeOnly for SniffingObject HOT 7
- timeout for Dokodemo-Door HOT 1
- تنظیم کردن خروجی سرور ایران HOT 14
- Conflict: terminated by other getUpdates request; make sure that only one bot instance is running HOT 2
- Editing “Listening IP” without access to the control panel. HOT 3
- Json editor for inbounds created via GUI HOT 1
- docker build error HOT 1
- ریورس پنل به پنل HOT 1
- ساخته نشدن کوکی session HOT 1
- ارور database is locked HOT 5
- خطای ۵۰۰ روی سرویس سابسکریپشن HOT 3
- اضافه کردن حالت ساده و پیشرفته به پنل HOT 1
- Security Issue on dokodemo inbounds
- سرتیفیکیت کلودفلر HOT 3
- درخواست قابلیت چند اینباند با یک لینک ساب
- بهترین کانفیگ برای وارپ وایرگارد HOT 16
- When using the Shadowsocks protocol, the number of connected clients is always 1 HOT 1
- Recursively sort Xray config before saving HOT 1
- Abuse !! HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from x-ui.