github.com/inazumav/sing-box@v0.0.0-20230926072359-ab51429a14f1/docs/configuration/outbound/wireguard.md (about)

     1  ### Structure
     2  
     3  ```json
     4  {
     5    "type": "wireguard",
     6    "tag": "wireguard-out",
     7    
     8    "server": "127.0.0.1",
     9    "server_port": 1080,
    10    "system_interface": false,
    11    "interface_name": "wg0",
    12    "local_address": [
    13      "10.0.0.2/32"
    14    ],
    15    "private_key": "YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=",
    16    "peers": [
    17      {
    18        "server": "127.0.0.1",
    19        "server_port": 1080,
    20        "public_key": "Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=",
    21        "pre_shared_key": "31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=",
    22        "allowed_ips": [
    23          "0.0.0.0/0"
    24        ],
    25        "reserved": [0, 0, 0]
    26      }
    27    ],
    28    "peer_public_key": "Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=",
    29    "pre_shared_key": "31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=",
    30    "reserved": [0, 0, 0],
    31    "workers": 4,
    32    "mtu": 1408,
    33    "network": "tcp",
    34  
    35    ... // Dial Fields
    36  }
    37  ```
    38  
    39  !!! warning ""
    40  
    41      WireGuard is not included by default, see [Installation](/#installation).
    42  
    43  !!! warning ""
    44  
    45      gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](/#installation).
    46  
    47  ### Fields
    48  
    49  #### server
    50  
    51  ==Required if multi-peer disabled==
    52  
    53  The server address.
    54  
    55  #### server_port
    56  
    57  ==Required if multi-peer disabled==
    58  
    59  The server port.
    60  
    61  #### system_interface
    62  
    63  Use system tun support.
    64  
    65  Requires privilege and cannot conflict with system interfaces.
    66  
    67  Forced if gVisor not included in the build.
    68  
    69  #### interface_name
    70  
    71  Custom device name when `system_interface` enabled.
    72  
    73  #### local_address
    74  
    75  ==Required==
    76  
    77  List of IP (v4 or v6) address prefixes to be assigned to the interface.
    78  
    79  #### private_key
    80  
    81  ==Required==
    82  
    83  WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:
    84  
    85  ```shell
    86  wg genkey
    87  echo "private key" || wg pubkey
    88  ```
    89  
    90  #### peers
    91  
    92  Multi-peer support. 
    93  
    94  If enabled, `server, server_port, peer_public_key, pre_shared_key` will be ignored.
    95  
    96  #### peers.allowed_ips
    97  
    98  WireGuard allowed IPs.
    99  
   100  #### peers.reserved
   101  
   102  WireGuard reserved field bytes.
   103  
   104  `$outbound.reserved` will be used if empty.
   105  
   106  #### peer_public_key
   107  
   108  ==Required if multi-peer disabled==
   109  
   110  WireGuard peer public key.
   111  
   112  #### pre_shared_key
   113  
   114  WireGuard pre-shared key.
   115  
   116  #### reserved
   117  
   118  WireGuard reserved field bytes.
   119  
   120  #### workers
   121  
   122  WireGuard worker count.
   123  
   124  CPU count is used by default.
   125  
   126  #### mtu
   127  
   128  WireGuard MTU.
   129  
   130  1408 will be used if empty.
   131  
   132  #### network
   133  
   134  Enabled network
   135  
   136  One of `tcp` `udp`.
   137  
   138  Both is enabled by default.
   139  
   140  ### Dial Fields
   141  
   142  See [Dial Fields](/configuration/shared/dial) for details.