The architecture for this setup is illustrated below:
Install udp2raw, Wireguard and generate keys
cd/tmpwgethttps://github.com/wangyu-/udp2raw/releases/download/20230206.0/udp2raw_binaries.tar.gztarxvfzudp2raw_binaries.tar.gzcpudp2raw_amd64/usr/local/bin/udp2rawrmudp2raw*# based on Ubuntuaptinstallwireguard# we'll work on /etc/wireguardcd/etc/wireguard# generate privatekeywggenkey|sudotee/etc/wireguard/private.keysudochmodgo=/etc/wireguard/private.key# obtain public keysudocat/etc/wireguard/private.key|wgpubkey|sudotee/etc/wireguard/public.key
When eveything is installend and configured, just run in all endpoints next commands:
sudowg-quickupwg0# for status check:wg# udp2raw logs at:tail-f/var/log/udp2raw.log# enable automatic wireward service in Ubuntusudosystemctlenablewg-quick@wg0.service# start and stop service like alwayssudosystemctlstartwg-quick@wg0.servicesudosystemctlstopwg-quick@wg0.servicesudosystemctlstatuswg-quick@wg0.service
Configuration Files
Endpoint A /etc/wireguard/wg0
# local settings for Endpoint A[Interface]PrivateKey=WMUerfcUpSxUlOp1UmaS2uwelnk8AxhAFrlIWpjheWM=Address=192.168.111.1/24ListenPort=51822# receive wg through udp2rawMTU=1342PreUp=udp2raw-s-l167.99.130.97:55055-r127.0.0.1:51822-k"The2password."-a>/var/log/udp2raw.log2>&1&PostDown=killalludp2raw||true# Enable NAT for traffic forwarding (corporate and fallback internet access)PreUp=echo1>/proc/sys/net/ipv4/ip_forward||truePreUp=iptables-tnat-IPOSTROUTING-oeth0-jMASQUERADE||truePreDown=iptables-tnat-DPOSTROUTING-oeth0-jMASQUERADE||true# remote settings for Endpoint B[Peer]PublicKey=XWl8HeAinHlAZTvaCXDlmO9n/CQLg5qH8jmtROK4jBg=AllowedIPs=192.168.111.2/32PersistentKeepalive=120# remote settings for Endpoint C[Peer]PublicKey=I+gi8l9QRe00W8pTpp8CSoIabz/RXXQXwquXj7eKNwU=AllowedIPs=192.168.111.3/32PersistentKeepalive=120
Endpoint B /etc/wireguard/wg0
# Endpoint B[Interface]PrivateKey=+BB3NI2SUYeKcRoPrZE2+Ot5KnLZJBycPzJ17kfbn34=Address=192.168.111.2/24# Route configuration for public IPPreUp=iproutedeldefault||truePreUp=iprouteadd167.99.130.97via10.2.0.1deveth0||truePostDown=iproutedel167.99.130.97via10.2.0.1deveth0||truePostDown=iprouteadddefaultvia10.2.0.1||trueMTU=1342PreUp=udp2raw-c-l127.0.0.1:50001-r167.99.130.97:55055-k"The2password."-a>/var/log/udp2raw.log2>&1&PostDown=killalludp2raw||true# Endpoint A[Peer]PublicKey=z73wM1b7fhMRA8fmeQw4FntRvgJ9JwTdsQHssXHg3DE=Endpoint=127.0.0.1:50001AllowedIPs=0.0.0.0/0PersistentKeepalive=120
Endpoint C /etc/wireguard/wg0
# Endpoint C[Interface]PrivateKey=YCGzsfeed8QumpfE8bdWRheMzBiUsTB7vXj0YVOQQX0=Address=192.168.111.3/24# Route configuration for public IPPreUp=iproutedeldefault||truePreUp=iprouteadd167.99.130.97via10.2.0.1deveth0||truePostDown=iproutedel167.99.130.97via10.2.0.1deveth0||truePostDown=iprouteadddefaultvia10.2.0.1||trueMTU=1342PreUp=udp2raw-c-l127.0.0.1:50001-r167.99.130.97:55055-k"The2password."-a>/var/log/udp2raw.log2>&1&PostDown=killalludp2raw||true# Endpoint A[Peer]PublicKey=z73wM1b7fhMRA8fmeQw4FntRvgJ9JwTdsQHssXHg3DE=Endpoint=127.0.0.1:50001AllowedIPs=0.0.0.0/0PersistentKeepalive=120
