WireGuard VPN with TLS Tunneling
HTML-код
- Опубликовано: 15 окт 2024
- Need a lightweight VPN system for privacy on the go? Today, we'll set up a WireGuard server and client, then I'll demonstrate how to tunnel your WireGuard traffic through a TLS WebSocket connection to circumvent some deep packet inspection systems.
All of the commands used in the video can be found here: nerdonthestree...
---
Join the Nerd Club: nerdclub.nots.co
Official website: nerdonthestree...
Discord server: discord.nots.co
Subreddit: / nerdonthestreet
Facebook page: / nerdonthestreet
Twitter feed: / nots_network
E-Mail: jacob@nerdonthestreet.com
Really useful, of the hundreds of repetitive wg tutorials it seems like you're the only one that has offered a solution to wg's lack of obfuscation. Thanks!
I tried and succeeded with This method! I have tried wstunnel before and failed but the extra scripts works wonders. I think at one place in the guide mentions a command with the old flags to wstunnel but it was easy to correct!
Its a great video for Linux Client,
Can you make video for android or ios client. As i am using wireguard server and i have most of my android and ios devices connected to it. ❤️
Mind blowing tutorial.... so much stuff... efforts needs a real appreciation.
You said it my friend!
In case anyone has the same issue, you need to enable the port for udp in your firewall :)
Incredible video, nothing but respect! Question: if the client is a router, what is the best approach? Would it be possible to tls public and private key sets from a router?
set everything up like in this video and then try tailscales
Just a note about your linked script of commands, instead of " sudo cat /etc/wireguard/client.key" it should read "sudo cat /etc/wireguard/client.pub".
Dude, fantastic video showing wireshark traffic. Please, you are talented enough that you could do more vpn analysis content. Can you also show open vpn and how that looks, when shadow socks is added?
Thanks, can we get an updated guide, as we see the wstunnel is completely rewritten, any change in install steps for Wireguard Server on Rpi?
the last part where you actually help us penetrate through firewalls is really useful. There is an uneducated bastard at work who's blocking my wireguard.
Deep packet inspection is only possible with IPv6
@@taichigoodness1798 no.
@Alex Pourin - Absolutely! I'd love to hear if the instructions as shown work for getting through your work's firewall, or if there are any other complicating factors I might not know about.
@Tai Chi Goodness - Nothing about deep packet inspection is specific to IPv6. Only allowing packets on certain ports, or only allowing packets that contain certain types of data (e.g. TLS data), is perfectly possible on IPv4.
@@NerdOnTheStreet Your right, maybe I was referring to the MAC address of devices, it doesn't manner if your running a virtual machine!
Perfect explanation, thank you bro. Just one question! How can we use this client as a gateway for other computers in the local network? Or even make this a wg or v2ray VPN server so that we can connect to it with our cell phones.
Great Video! I saw in the comments the same Question that come up myself, but no answer to it. I like to use the TLS for my connection but i need a way to setup the TLSTunnel on my SmartPhone. I actually use the WireGuard app on Iphone. Any ideas?
Great job bro! I have a question.. What if i need the client on Windows?...
One of my clients is a Windows PC. Any suggestions on how to configure wstunnel to work with Wireguard for windows?
Thank you for taking the time to make this video. Very helpful content. I successfully followed all of the steps up to the point where you had wireguard up on wg0 and you successfully used Firefox to find your server's IP rather than the public IP. However, when I attempt these same steps, I no longer have an internet connection. I am able to ping my local wireguard server but can't surf outside my house. An tips? Thanks again.
Great video!, can you make your Ik address within the interface any combo of numbers ??? Or does it have to be specific
Thank you for useful tutorial, but I am using Wireguard Windows client, what about configuration for wstunnel?
can you add videos about other tunnels? like Stunnel, udp2raw and so on. It's interesting to test the performance of all of them
and phantun
Really useful, do we have a way to use the architecture in windows ? because you used a bash script and services but windows can't handle this.
Hello!
I ask you to help with the installation of WSTunnel on the client side.
Problem:
After executing the command
sudo wg-quick up wg0
Hangs on line:
[#] source /etc/wireguard/wstunnel.sh && pre_up wg0
Then:
[#] ip link delete dev wg0
Cannot find device "wg0"
[#] ip link delete dev wg0
Cannot find device "wg0"
OS Debian 11 Stable (x64)
Hi, I have a question:
Maybe you know how to share a Wireguard client (webcam) on my website, or make the streaming for my website visitors also freely accessible? Wireguard server is also located on the same Debian server as Web server (website). This server is located on a Cloud server.
PS: VPN Tunnel already exists. I have made the configurations both on the client and on the VPN server. I can view the streaming via my Windows PC (also Wireguard client).
Thanks for great tutorial. One quick question, what certificate does wstunnel uses for https tls v1. 3? Is it self signed? Can we use a valid CA signed certificate to make this connection look more normal valid web traffic?
Should I disable IPv6 to further protect against IPv6 Deep packet Inspection?
Hello, is it possible to replace wstunnel with RocketTunnel or StarScream? Thanks
hi Bro As you know in my country surronded by Mollas , my favorite vpn vireguard not work at all.would you please give me a solution to solve this problem i so so need to this lovely VPN WireGuard.Appreciate you man.
thanks
That was great
Is there any way to add this solution for android and windows clients?
Did you find a solution bro? I want to know how to do it on a Windows machine like Client...
@@abrahambarroeta no solution?????!?!
?!?!?!!?
I wish I found this video before doing this without it. Would've been much easier to do.
I have an issue with it, my latency goes extremely high at some times and I don't know what the reason could be. any suggestions?
This is top quality! Thanks!
So if we browse a http page with the wireguard vpn on along with wstunnel, does it encrypt all the http data??
http page is unencrypted until it reaches your vpn endpoint (server) and from there it is encrypted
the best video in my day.
Thanks much. Is there a script to automate all this? It's too much work!
Is there any wstunnel client available for Android?
It's working on mobile network but still being blocked by my collage network can any one help
Any ways how to do it, but with Mikrotik as a client?
I need a how to vid on setting up a WireGuard Client on Arch ARM Raspberry Pi4.
allowedips= para aplicaiones especificas que no sea 0.0.0.0/0 como seria
I got a /64 prefix from the vps provider and I have native ipv6 in my LAN with wireguard.
What is the logic behind native ipv6?
You are the best! Thank you very much.
how much money do you want if you fix one for me?
Good Work Keep it up!
Please make video on kubernet and docker.
This is brilliant!
Thankx, man! It's very useful!
Thank you!
Useful. Thanks
this is fantastic
You're the best!
What about wg on docker?
stop using docker for everything
Now we know your IP WE WILL HACK YOU 😁 Amazing job TY !
lol as if he didn't make the cloud machine on purpose for this video xD
Hi~
root@NeatDopey-VM:~# sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/wstunnel
Failed to set capabilities on file `/usr/local/bin/wstunnel' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
How to solve it?
I have the same error. In addition, An error in systemctl start wstunnel which always fail because of permission denied even though I am have the root previledge!
Did you move the file to /usr/local/bin/wstunnel? Because it's saying it's either not permitted, or not a regular file (which I think means the file might be missing)...