PitchHut logo
Log in / Sign up
WrapGuard
by
mark
Effortlessly tunnel all network traffic through WireGuard.
Preview url
Visit project
Pitch

WrapGuard provides a userspace proxy that allows applications to route their network traffic through a WireGuard VPN seamlessly. With no need for container privileges or kernel modifications, it uses LD_PRELOAD for easy interception, supporting both incoming and outgoing connections with standard WireGuard configuration.

Description

WrapGuard is a powerful userspace WireGuard proxy designed to facilitate transparent network tunneling for applications. This innovative solution allows all network traffic to flow through a WireGuard VPN without the need for container privileges or kernel modules, offering a seamless integration for various applications.

Key Features

  • Pure Userspace Operation: No TUN interface creation is required, eliminating the need for NET_ADMIN capabilities.
  • Transparent Interception: Employing LD_PRELOAD, WrapGuard intercepts all network calls, ensuring that all outgoing and incoming traffic is directed through the VPN.
  • Bidirectional Support: Handles both incoming and outgoing connections, making it versatile for different networking needs.
  • Standard Configuration: Utilizes standard WireGuard configuration files, simplifying setup and integration.

Quick Start Usage

WrapGuard can be utilized to route network connections through a WireGuard VPN effortlessly. Here are a few examples:

# Route outgoing connections through WireGuard
wrapguard --config=~/wg0.conf -- curl https://icanhazip.com

# Route incoming connections through WireGuard
wrapguard --config=~/wg0.conf -- node -e 'http.createServer().listen(8080)'

Configuration Example

A standard WireGuard configuration file would look like this:

[Interface]
PrivateKey = <your-private-key>
Address = 10.0.0.2/24

[Peer]
PublicKey = <server-public-key>
Endpoint = server.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Operational Overview

WrapGuard operates by first parsing the provided configuration and initializing the WireGuard userspace implementation. The dynamic library leverages LD_PRELOAD to intercept key network system calls, allowing for the redirection of packets between intercepted connections and the WireGuard tunnel, all processed in memory without kernel involvement.

Important Considerations

  • Current limitations include support exclusively for IPv4.
  • The tool works with TCP and UDP protocols only.
  • Some performance overhead may be encountered due to the userspace processing of packets.

Testing the Setup

To test outgoing and incoming connections, WrapGuard can be run as follows:

# Test outgoing connection
wrapguard --config=example-wg0.conf -- curl https://example.com

# Test incoming connection
wrapguard --config=example-wg0.conf -- python3 -m http.server 8080

WrapGuard represents an efficient and effective method for managing network traffic through a WireGuard VPN, making it an essential tool for users seeking greater control and flexibility in their network configurations.

0 comments

No comments yet.

Sign in to be the first to comment.