udptlspipe tests

Signed-off-by: Iurii Egorov <ye@amnezia.org>
udptlspipe basic implementation
2025-04-19 15:36:54 +02:00 · 2024-03-22 00:56:28 +03:00 · 2024-03-22 00:56:28 +03:00
28 changed files with 342 additions and 297 deletions
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-FROM golang:1.24 as awg
+FROM golang:1.22.1 as awg
 COPY . /awg
 WORKDIR /awg
 RUN go mod download && \
@ -6,7 +6,7 @@ RUN go mod download && \
    go build -ldflags '-linkmode external -extldflags "-fno-PIC -static"' -v -o /usr/bin

 FROM alpine:3.19
-ARG AWGTOOLS_RELEASE="1.0.20241018"
+ARG AWGTOOLS_RELEASE="1.0.20240213"
 RUN apk --no-cache add iproute2 iptables bash && \
    cd /usr/bin/ && \
    wget https://github.com/amnezia-vpn/amneziawg-tools/releases/download/v${AWGTOOLS_RELEASE}/alpine-3.19-amneziawg-tools.zip && \
--- a/2
+++ b/2
@ -9,7 +9,7 @@ MAKEFLAGS += --no-print-directory

 generate-version-and-build:
 	@export GIT_CEILING_DIRECTORIES="$(realpath $(CURDIR)/..)" && \
-	tag="$$(git describe --tags --dirty 2>/dev/null)" && \
+	tag="$$(git describe --dirty 2>/dev/null)" && \
 	ver="$$(printf 'package main\n\nconst Version = "%s"\n' "$$tag")" && \
 	[ "$$(cat version.go 2>/dev/null)" != "$$ver" ] && \
 	echo "$$ver" > version.go && \
--- a/README.md
+++ b/README.md
@ -21,7 +21,7 @@ To run amneziawg-go without forking to the background, pass `-f` or `--foregroun
 ```
 $ amneziawg-go -f wg0
 ```
-When an interface is running, you may use [`amneziawg-tools `](https://github.com/amnezia-vpn/amneziawg-tools) to configure it, as well as the usual `ip(8)` and `ifconfig(8)` commands.
+When an interface is running, you may use [`amnezia-wg-tools `](https://github.com/amnezia-vpn/amneziawg-go-tools) to configure it, as well as the usual `ip(8)` and `ifconfig(8)` commands.

 To run with more logging you may set the environment variable `LOG_LEVEL=debug`.

@ -34,11 +34,11 @@ This will run on Linux; you should run amnezia-wg instead of using default linux
 ### macOS

 This runs on macOS using the utun driver. It does not yet support sticky sockets, and won't support fwmarks because of Darwin limitations. Since the utun driver cannot have arbitrary interface names, you must either use `utun[0-9]+` for an explicit interface name or `utun` to have the kernel select one for you. If you choose `utun` as the interface name, and the environment variable `WG_TUN_NAME_FILE` is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable.
-This runs on MacOS, you should use it from [amneziawg-apple](https://github.com/amnezia-vpn/amneziawg-apple)
+This runs on MacOS, you should use it from [awg-apple](https://github.com/amnezia-vpn/awg-apple)

 ### Windows

-This runs on Windows, you should use it from [amneziawg-windows](https://github.com/amnezia-vpn/amneziawg-windows), which uses this as a module.
+This runs on Windows, you should use it from [awg-windows](https://github.com/amnezia-vpn/awg-windows), which uses this as a module.


 ## Building
--- a/conn/bind_std.go
+++ b/conn/bind_std.go
@ -298,6 +298,11 @@ func (s *StdNetBind) BatchSize() int {
 	return 1
 }

+func (s *StdNetBind) GetOffloadInfo() string {
+	return fmt.Sprintf("ipv4TxOffload: %v, ipv4RxOffload: %v\nipv6TxOffload: %v, ipv6RxOffload: %v",
+		s.ipv4TxOffload, s.ipv4RxOffload, s.ipv6TxOffload, s.ipv6RxOffload)
+}
+
 func (s *StdNetBind) Close() error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@ -331,7 +336,7 @@ type ErrUDPGSODisabled struct {
 }

 func (e ErrUDPGSODisabled) Error() string {
-	return fmt.Sprintf("disabled UDP GSO on %s, NIC(s) may not support checksum offload or peer MTU with protocol headers is greater than path MTU", e.onLaddr)
+	return fmt.Sprintf("disabled UDP GSO on %s, NIC(s) may not support checksum offload", e.onLaddr)
 }

 func (e ErrUDPGSODisabled) Unwrap() error {
--- a/conn/bind_windows.go
+++ b/conn/bind_windows.go
@ -328,6 +328,10 @@ func (bind *WinRingBind) BatchSize() int {
 	return 1
 }

+func (bind *WinRingBind) GetOffloadInfo() string {
+	return ""
+}
+
 func (bind *WinRingBind) SetMark(mark uint32) error {
 	return nil
 }
--- a/conn/bindtest/bindtest.go
+++ b/conn/bindtest/bindtest.go
@ -91,6 +91,8 @@ func (c *ChannelBind) Close() error {

 func (c *ChannelBind) BatchSize() int { return 1 }

+func (c *ChannelBind) GetOffloadInfo() string { return "" }
+
 func (c *ChannelBind) SetMark(mark uint32) error { return nil }

 func (c *ChannelBind) makeReceiveFunc(ch chan []byte) conn.ReceiveFunc {
--- a/conn/conn.go
+++ b/conn/conn.go
@ -55,6 +55,8 @@ type Bind interface {
 	// BatchSize is the number of buffers expected to be passed to
 	// the ReceiveFuncs, and the maximum expected to be passed to SendBatch.
 	BatchSize() int
+
+	GetOffloadInfo() string
 }

 // BindSocketToInterface is implemented by Bind objects that support being
--- a/conn/errors_linux.go
+++ b/conn/errors_linux.go
@ -20,9 +20,7 @@ func errShouldDisableUDPGSO(err error) bool {
 		// See:
 		// https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man7/udp.7?id=806eabd74910447f21005160e90957bde4db0183#n228
 		// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/udp.c?h=v6.2&id=c9c3395d5e3dcc6daee66c6908354d47bf98cb0c#n942
-		// If gso_size + udp + ip headers > fragment size EINVAL is returned.
-		// It occurs when the peer mtu + wg headers is greater than path mtu.
-		return serr.Err == unix.EIO || serr.Err == unix.EINVAL
+		return serr.Err == unix.EIO
 	}
 	return false
 }
--- a/device/device.go
+++ b/device/device.go
@ -6,6 +6,8 @@
 package device

 import (
+	"context"
+	"fmt"
 	"runtime"
 	"sync"
 	"sync/atomic"
@ -16,6 +18,7 @@ import (
 	"github.com/amnezia-vpn/amneziawg-go/ratelimiter"
 	"github.com/amnezia-vpn/amneziawg-go/rwcancel"
 	"github.com/amnezia-vpn/amneziawg-go/tun"
+	"github.com/leninalive/udptlspipe/pipe"
 	"github.com/tevino/abool/v2"
 )

@ -95,7 +98,10 @@ type Device struct {
 	isASecOn abool.AtomicBool
 	aSecMux  sync.RWMutex
 	aSecCfg  aSecCfgType
-	junkCreator junkCreator
+
+	udptlspipe *pipe.Server
+	serverMode bool
+	udpMode bool
 }

 type aSecCfgType struct {
@ -302,8 +308,10 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
 	return nil
 }

-func NewDevice(tunDevice tun.Device, bind conn.Bind, logger *Logger) *Device {
+func NewDevice(tunDevice tun.Device, bind conn.Bind, logger *Logger, udp bool) *Device {
 	device := new(Device)
+	device.udpMode = udp
+	device.serverMode = false
 	device.state.state.Store(uint32(deviceStateDown))
 	device.closed = make(chan struct{})
 	device.log = logger
@ -416,8 +424,6 @@ func (device *Device) Close() {

 	device.rate.limiter.Close()

-	device.resetProtocol()
-
 	device.log.Verbosef("Device closed")
 	close(device.closed)
 }
@ -447,6 +453,9 @@ func (device *Device) SendKeepalivesToPeersWithCurrentKeypair() {
 // The caller must hold the net mutex.
 func closeBindLocked(device *Device) error {
 	var err error
+	if device.udptlspipe != nil {
+		err = device.udptlspipe.Shutdown(context.TODO())
+	}
 	netc := &device.net
 	if netc.netlinkCancel != nil {
 		netc.netlinkCancel.Cancel()
@ -548,6 +557,18 @@ func (device *Device) BindUpdate() error {
 	}

 	device.log.Verbosef("UDP bind has been updated")
+	device.log.Verbosef(netc.bind.GetOffloadInfo())
+
+	if !device.udpMode && device.serverMode {
+		srv, err := device.StartUDPTLSPipe(true, "0.0.0.0:443", fmt.Sprintf("127.0.0.1:%d", netc.port))
+		if err != nil {
+			netc.bind.Close()
+			return err
+		}
+
+		device.udptlspipe = srv
+	}
+
 	return nil
 }

@ -561,17 +582,14 @@ func (device *Device) isAdvancedSecurityOn() bool {
 	return device.isASecOn.IsSet()
 }

-func (device *Device) resetProtocol() {
-	// restore default message type values
-	MessageInitiationType = 1
-	MessageResponseType = 2
-	MessageCookieReplyType = 3
-	MessageTransportType = 4
-}
-
 func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {

 	if !tempASecCfg.isSet {
+		// restore default values
+		MessageInitiationType = 1
+		MessageResponseType = 2
+		MessageCookieReplyType = 3
+		MessageTransportType = 4
 		return err
 	}

@ -800,8 +818,54 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 	}

 	device.isASecOn.SetTo(isASecOn)
-	device.junkCreator, err = NewJunkCreator(device)
 	device.aSecMux.Unlock()

 	return err
 }
+
+func (device *Device) StartUDPTLSPipe(isServer bool, localAddr string, destAddr string) (*pipe.Server, error) {
+	// setup UDP TLS pipe server
+	cfg := &pipe.Config{
+		ListenAddr:      localAddr,
+		DestinationAddr: destAddr,
+		Password:        "amn3zias3curep4ssword",
+		ServerMode:      isServer,
+		//ProxyURL:             o.ProxyURL,
+		//VerifyCertificate:    o.VerifyCertificate,
+		//TLSServerName:        o.TLSServerName,
+		//ProbeReverseProxyURL: o.ProbeReverseProxyURL,
+	}
+
+	/*if o.TLSCertPath != "" {
+		if !o.ServerMode {
+			log.Error("TLS certificate only works in server mode")
+
+			os.Exit(1)
+		}
+
+		cert, certErr := loadX509KeyPair(o.TLSCertPath, o.TLSCertKey)
+		if certErr != nil {
+			log.Error("Failed to load TLS certificate: %v", err)
+
+			os.Exit(1)
+		}
+
+		cfg.TLSCertificate = cert
+	}*/
+
+	srv, err := pipe.NewServer(cfg)
+	if err != nil {
+		device.log.Errorf("Failed to initialize TLS server: %v", err)
+
+		return nil, err
+	}
+
+	err = srv.Start()
+	if err != nil {
+		device.log.Errorf("Failed to start the TLS server: %v", err)
+
+		return nil, err
+	}
+
+	return srv, err
+}
--- a/device/device_test.go
+++ b/device/device_test.go
@ -109,7 +109,7 @@ func genASecurityConfigs(tb testing.TB) (cfgs, endpointCfgs [2]string) {
 		"replace_peers", "true",
 		"jc", "5",
 		"jmin", "500",
-		"jmax", "1000",
+		"jmax", "501",
 		"s1", "30",
 		"s2", "40",
 		"h1", "123456",
@ -131,7 +131,7 @@ func genASecurityConfigs(tb testing.TB) (cfgs, endpointCfgs [2]string) {
 		"replace_peers", "true",
 		"jc", "5",
 		"jmin", "500",
-		"jmax", "1000",
+		"jmax", "501",
 		"s1", "30",
 		"s2", "40",
 		"h1", "123456",
@ -237,7 +237,7 @@ func genTestPair(
 		if _, ok := tb.(*testing.B); ok && !testing.Verbose() {
 			level = LogLevelError
 		}
-		p.dev = NewDevice(p.tun.TUN(), binds[i], NewLogger(level, fmt.Sprintf("dev%d: ", i)))
+		p.dev = NewDevice(p.tun.TUN(), binds[i], NewLogger(level, fmt.Sprintf("dev%d: ", i)), true)
 		if err := p.dev.IpcSet(cfg[i]); err != nil {
 			tb.Errorf("failed to configure device %d: %v", i, err)
 			p.dev.Close()
@ -274,7 +274,7 @@ func TestTwoDevicePing(t *testing.T) {
 	})
 }

-func TestASecurityTwoDevicePing(t *testing.T) {
+func TestTwoDevicePingASecurity(t *testing.T) {
 	goroutineLeakCheck(t)
 	pair := genTestPair(t, true, true)
 	t.Run("ping 1.0.0.1", func(t *testing.T) {
--- a/device/junk_creator.go
+++ b/device/junk_creator.go
@ -1,69 +0,0 @@
-package device
-
-import (
-	"bytes"
-	crand "crypto/rand"
-	"fmt"
-	v2 "math/rand/v2"
-)
-
-type junkCreator struct {
-	device   *Device
-	cha8Rand *v2.ChaCha8
-}
-
-func NewJunkCreator(d *Device) (junkCreator, error) {
-	buf := make([]byte, 32)
-	_, err := crand.Read(buf)
-	if err != nil {
-		return junkCreator{}, err
-	}
-	return junkCreator{device: d, cha8Rand: v2.NewChaCha8([32]byte(buf))}, nil
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) createJunkPackets() ([][]byte, error) {
-	if jc.device.aSecCfg.junkPacketCount == 0 {
-		return nil, nil
-	}
-
-	junks := make([][]byte, 0, jc.device.aSecCfg.junkPacketCount)
-	for i := 0; i < jc.device.aSecCfg.junkPacketCount; i++ {
-		packetSize := jc.randomPacketSize()
-		junk, err := jc.randomJunkWithSize(packetSize)
-		if err != nil {
-			return nil, fmt.Errorf("Failed to create junk packet: %v", err)
-		}
-		junks = append(junks, junk)
-	}
-	return junks, nil
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) randomPacketSize() int {
-	return int(
-		jc.cha8Rand.Uint64()%uint64(
-			jc.device.aSecCfg.junkPacketMaxSize-jc.device.aSecCfg.junkPacketMinSize,
-		),
-	) + jc.device.aSecCfg.junkPacketMinSize
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) appendJunk(writer *bytes.Buffer, size int) error {
-	headerJunk, err := jc.randomJunkWithSize(size)
-	if err != nil {
-		return fmt.Errorf("failed to create header junk: %v", err)
-	}
-	_, err = writer.Write(headerJunk)
-	if err != nil {
-		return fmt.Errorf("failed to write header junk: %v", err)
-	}
-	return nil
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) randomJunkWithSize(size int) ([]byte, error) {
-	junk := make([]byte, size)
-	_, err := jc.cha8Rand.Read(junk)
-	return junk, err
-}
--- a/device/junk_creator_test.go
+++ b/device/junk_creator_test.go
@ -1,124 +0,0 @@
-package device
-
-import (
-	"bytes"
-	"fmt"
-	"testing"
-
-	"github.com/amnezia-vpn/amneziawg-go/conn/bindtest"
-	"github.com/amnezia-vpn/amneziawg-go/tun/tuntest"
-)
-
-func setUpJunkCreator(t *testing.T) (junkCreator, error) {
-	cfg, _ := genASecurityConfigs(t)
-	tun := tuntest.NewChannelTUN()
-	binds := bindtest.NewChannelBinds()
-	level := LogLevelVerbose
-	dev := NewDevice(
-		tun.TUN(),
-		binds[0],
-		NewLogger(level, ""),
-	)
-
-	if err := dev.IpcSet(cfg[0]); err != nil {
-		t.Errorf("failed to configure device %v", err)
-		dev.Close()
-		return junkCreator{}, err
-	}
-
-	jc, err := NewJunkCreator(dev)
-
-	if err != nil {
-		t.Errorf("failed to create junk creator %v", err)
-		dev.Close()
-		return junkCreator{}, err
-	}
-
-	return jc, nil
-}
-
-func Test_junkCreator_createJunkPackets(t *testing.T) {
-	jc, err := setUpJunkCreator(t)
-	if err != nil {
-		return
-	}
-	t.Run("", func(t *testing.T) {
-		got, err := jc.createJunkPackets()
-		if err != nil {
-			t.Errorf(
-				"junkCreator.createJunkPackets() = %v; failed",
-				err,
-			)
-			return
-		}
-		seen := make(map[string]bool)
-		for _, junk := range got {
-			key := string(junk)
-			if seen[key] {
-				t.Errorf(
-					"junkCreator.createJunkPackets() = %v, duplicate key: %v",
-					got,
-					junk,
-				)
-				return
-			}
-			seen[key] = true
-		}
-	})
-}
-
-func Test_junkCreator_randomJunkWithSize(t *testing.T) {
-	t.Run("", func(t *testing.T) {
-		jc, err := setUpJunkCreator(t)
-		if err != nil {
-			return
-		}
-		r1, _ := jc.randomJunkWithSize(10)
-		r2, _ := jc.randomJunkWithSize(10)
-		fmt.Printf("%v\n%v\n", r1, r2)
-		if bytes.Equal(r1, r2) {
-			t.Errorf("same junks %v", err)
-			jc.device.Close()
-			return
-		}
-	})
-}
-
-func Test_junkCreator_randomPacketSize(t *testing.T) {
-	jc, err := setUpJunkCreator(t)
-	if err != nil {
-		return
-	}
-	for range [30]struct{}{} {
-		t.Run("", func(t *testing.T) {
-			if got := jc.randomPacketSize(); jc.device.aSecCfg.junkPacketMinSize > got ||
-				got > jc.device.aSecCfg.junkPacketMaxSize {
-				t.Errorf(
-					"junkCreator.randomPacketSize() = %v, not between range [%v,%v]",
-					got,
-					jc.device.aSecCfg.junkPacketMinSize,
-					jc.device.aSecCfg.junkPacketMaxSize,
-				)
-			}
-		})
-	}
-}
-
-func Test_junkCreator_appendJunk(t *testing.T) {
-	jc, err := setUpJunkCreator(t)
-	if err != nil {
-		return
-	}
-	t.Run("", func(t *testing.T) {
-		s := "apple"
-		buffer := bytes.NewBuffer([]byte(s))
-		err := jc.appendJunk(buffer, 30)
-		if err != nil &&
-			buffer.Len() != len(s)+30 {
-			t.Errorf("appendWithJunk() size don't match")
-		}
-		read := make([]byte, 50)
-		buffer.Read(read)
-		fmt.Println(string(read))
-	})
-}
--- a/device/noise_test.go
+++ b/device/noise_test.go
@ -39,7 +39,7 @@ func randDevice(t *testing.T) *Device {
 	}
 	tun := tuntest.NewChannelTUN()
 	logger := NewLogger(LogLevelError, "")
-	device := NewDevice(tun.TUN(), conn.NewDefaultBind(), logger)
+	device := NewDevice(tun.TUN(), conn.NewDefaultBind(), logger, true)
 	device.SetPrivateKey(sk)
 	return device
 }
--- a/device/peer.go
+++ b/device/peer.go
@ -7,7 +7,10 @@ package device

 import (
 	"container/list"
+	"context"
 	"errors"
+	"fmt"
+	"net/netip"
 	"sync"
 	"sync/atomic"
 	"time"
@ -187,6 +190,28 @@ func (peer *Peer) Start() {
 	device := peer.device
 	device.log.Verbosef("%v - Starting", peer)

+	if !device.udpMode && !device.serverMode {
+		device.log.Verbosef("Starting udptlspipe")
+
+		if device.udptlspipe != nil {
+			device.udptlspipe.Shutdown(context.TODO())
+		}
+
+		oldEndpoint, _ := netip.ParseAddrPort(peer.endpoint.val.DstToString())
+		peer.endpoint.val, _ = device.net.bind.ParseEndpoint(fmt.Sprintf("127.0.0.1:%d", oldEndpoint.Port()))
+
+		srv, err := device.StartUDPTLSPipe(
+			false,
+			fmt.Sprintf("127.0.0.1:%d", oldEndpoint.Port()),
+			fmt.Sprintf("%s:443", oldEndpoint.Addr().String()),
+		)
+		if err != nil {
+			return
+		}
+
+		device.udptlspipe = srv
+	}
+
 	// reset routine state
 	peer.stopping.Wait()
 	peer.stopping.Add(2)
--- a/device/receive.go
+++ b/device/receive.go
@ -279,12 +279,14 @@ func (device *Device) RoutineDecryption(id int) {
 			elem.counter = binary.LittleEndian.Uint64(counter)
 			// copy counter to nonce
 			binary.LittleEndian.PutUint64(nonce[0x4:0xc], elem.counter)
-			elem.packet, err = elem.keypair.receive.Open(
-				content[:0],
-				nonce[:],
-				content,
-				nil,
-			)
+			if device.udpMode {
+				elem.packet, err = elem.keypair.receive.Open(
+					content[:0],
+					nonce[:],
+					content,
+					nil,
+				)
+			}
 			if err != nil {
 				elem.packet = nil
 			}
--- a/device/send.go
+++ b/device/send.go
@ -9,6 +9,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
+	"math/rand"
 	"net"
 	"os"
 	"sync"
@ -128,7 +129,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 	var junkedHeader []byte
 	if peer.device.isAdvancedSecurityOn() {
 		peer.device.aSecMux.RLock()
-		junks, err := peer.device.junkCreator.createJunkPackets()
+		junks, err := peer.createJunkPackets()
 		peer.device.aSecMux.RUnlock()

 		if err != nil {
@ -149,7 +150,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 		if peer.device.aSecCfg.initPacketJunkSize != 0 {
 			buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
 			writer := bytes.NewBuffer(buf[:0])
-			err = peer.device.junkCreator.appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
+			err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
 			if err != nil {
 				peer.device.log.Errorf("%v - %v", peer, err)
 				peer.device.aSecMux.RUnlock()
@ -199,7 +200,7 @@ func (peer *Peer) SendHandshakeResponse() error {
 		if peer.device.aSecCfg.responsePacketJunkSize != 0 {
 			buf := make([]byte, 0, peer.device.aSecCfg.responsePacketJunkSize)
 			writer := bytes.NewBuffer(buf[:0])
-			err = peer.device.junkCreator.appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
+			err = appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
 			if err != nil {
 				peer.device.aSecMux.RUnlock()
 				peer.device.log.Errorf("%v - %v", peer, err)
@ -468,6 +469,31 @@ top:
 	}
 }

+func (peer *Peer) createJunkPackets() ([][]byte, error) {
+	if peer.device.aSecCfg.junkPacketCount == 0 {
+		return nil, nil
+	}
+
+	junks := make([][]byte, 0, peer.device.aSecCfg.junkPacketCount)
+	for i := 0; i < peer.device.aSecCfg.junkPacketCount; i++ {
+		packetSize := rand.Intn(
+			peer.device.aSecCfg.junkPacketMaxSize-peer.device.aSecCfg.junkPacketMinSize,
+		) + peer.device.aSecCfg.junkPacketMinSize
+
+		junk, err := randomJunkWithSize(packetSize)
+		if err != nil {
+			peer.device.log.Errorf(
+				"%v - Failed to create junk packet: %v",
+				peer,
+				err,
+			)
+			return nil, err
+		}
+		junks = append(junks, junk)
+	}
+	return junks, nil
+}
+
 func (peer *Peer) FlushStagedPackets() {
 	for {
 		select {
@ -530,12 +556,14 @@ func (device *Device) RoutineEncryption(id int) {
 			// encrypt content and release to consumer

 			binary.LittleEndian.PutUint64(nonce[4:], elem.nonce)
-			elem.packet = elem.keypair.send.Seal(
-				header,
-				nonce[:],
-				elem.packet,
-				nil,
-			)
+			if device.udpMode {
+				elem.packet = elem.keypair.send.Seal(
+					header,
+					nonce[:],
+					elem.packet,
+					nil,
+				)
+			}
 		}
 		elemsContainer.Unlock()
 	}
--- a/device/tun.go
+++ b/device/tun.go
@ -11,7 +11,7 @@ import (
 	"github.com/amnezia-vpn/amneziawg-go/tun"
 )

-const DefaultMTU = 1420
+const DefaultMTU = 1280

 func (device *Device) RoutineTUNEventReader() {
 	device.log.Verbosef("Routine: event worker - started")
--- a/device/uapi.go
+++ b/device/uapi.go
@ -259,6 +259,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy

 		device.net.Lock()
 		device.net.port = uint16(port)
+		device.serverMode = true
 		device.net.Unlock()

 		if err := device.BindUpdate(); err != nil {
--- a/device/util.go
+++ b/device/util.go
@ -0,0 +1,25 @@
+package device
+
+import (
+	"bytes"
+	crand "crypto/rand"
+	"fmt"
+)
+
+func appendJunk(writer *bytes.Buffer, size int) error {
+	headerJunk, err := randomJunkWithSize(size)
+	if err != nil {
+		return fmt.Errorf("failed to create header junk: %v", err)
+	}
+	_, err = writer.Write(headerJunk)
+	if err != nil {
+		return fmt.Errorf("failed to write header junk: %v", err)
+	}
+	return nil
+}
+
+func randomJunkWithSize(size int) ([]byte, error) {
+	junk := make([]byte, size)
+	_, err := crand.Read(junk)
+	return junk, err
+}
--- a/device/util_test.go
+++ b/device/util_test.go
@ -0,0 +1,27 @@
+package device
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+)
+
+func Test_randomJunktWithSize(t *testing.T) {
+	junk, err := randomJunkWithSize(30)
+	fmt.Println(string(junk), len(junk), err)
+}
+
+func Test_appendJunk(t *testing.T) {
+	t.Run("", func(t *testing.T) {
+		s := "apple"
+		buffer := bytes.NewBuffer([]byte(s))
+		err := appendJunk(buffer, 30)
+		if err != nil &&
+			buffer.Len() != len(s)+30 {
+			t.Errorf("appendWithJunk() size don't match")
+		}
+		read := make([]byte, 50)
+		buffer.Read(read)
+		fmt.Println(string(read))
+	})
+}
--- a/go.mod
+++ b/go.mod
@ -1,17 +1,29 @@
 module github.com/amnezia-vpn/amneziawg-go

-go 1.24
+go 1.21.6
+
+toolchain go1.21.8

 require (
+	github.com/leninalive/udptlspipe v0.0.0-20240313123600-80348db0072f
 	github.com/tevino/abool/v2 v2.1.0
-	golang.org/x/crypto v0.36.0
-	golang.org/x/net v0.37.0
-	golang.org/x/sys v0.31.0
+	golang.org/x/crypto v0.19.0
+	golang.org/x/net v0.21.0
+	golang.org/x/sys v0.17.0
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
-	gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6
+	gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259
 )

 require (
-	github.com/google/btree v1.1.3 // indirect
-	golang.org/x/time v0.9.0 // indirect
+	github.com/AdguardTeam/golibs v0.20.0 // indirect
+	github.com/andybalholm/brotli v1.0.6 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/gobwas/httphead v0.1.0 // indirect
+	github.com/gobwas/pool v0.2.1 // indirect
+	github.com/gobwas/ws v1.3.2 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/quic-go/quic-go v0.40.1 // indirect
+	github.com/refraction-networking/utls v1.6.2 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,20 +1,63 @@
-github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
-github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/AdguardTeam/golibs v0.20.0 h1:A9FIdYq7wUKhFYy3z+YZ/Aw5oFUYgW+xgaVAJ0pnnPY=
+github.com/AdguardTeam/golibs v0.20.0/go.mod h1:3WunclLLfrVAq7fYQRhd6f168FHOEMssnipVXCxDL/w=
+github.com/ameshkov/udptlspipe v1.3.1 h1:e+eC2Yb+04KPzH9b/Uktwn6W6lw5CgbFdHnGfAaofx8=
+github.com/ameshkov/udptlspipe v1.3.1/go.mod h1:UnpDx2J//7WS/RRe5hb2UVZpwJzHga95ArLkPS9aRBk=
+github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
+github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.3.2 h1:zlnbNHxumkRvfPWgfXu8RBwyNR1x8wh9cf5PTOCqs9Q=
+github.com/gobwas/ws v1.3.2/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
+github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
+github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
+github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/leninalive/udptlspipe v0.0.0-20240313123600-80348db0072f h1:VR2M22cXDtgp78N1mkCmxiXj1zYIP9ScUXS8gMHi6Vs=
+github.com/leninalive/udptlspipe v0.0.0-20240313123600-80348db0072f/go.mod h1:U3O6PfEGIxmmxAkOucn8Ty1akGF/1N1lDPeHPLCz3Cg=
+github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
+github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
+github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/quic-go/quic-go v0.40.1 h1:X3AGzUNFs0jVuO3esAGnTfvdgvL4fq655WaOi1snv1Q=
+github.com/quic-go/quic-go v0.40.1/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c=
+github.com/refraction-networking/utls v1.6.2 h1:iTeeGY0o6nMNcGyirxkD5bFIsVctP5InGZ3E0HrzS7k=
+github.com/refraction-networking/utls v1.6.2/go.mod h1:yil9+7qSl+gBwJqztoQseO6Pr3h62pQoY1lXiNR/FPs=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/tevino/abool/v2 v2.1.0 h1:7w+Vf9f/5gmKT4m4qkayb33/92M+Um45F2BkHOR+L/c=
 github.com/tevino/abool/v2 v2.1.0/go.mod h1:+Lmlqk6bHDWHqN1cbxqhwEAwMPXgc8I1SDEamtseuXY=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
-gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6 h1:6B7MdW3OEbJqOMr7cEYU9bkzvCjUBX/JlXk12xcANuQ=
-gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6/go.mod h1:5DMfjtclAbTIjbXqO1qCe2K5GKKxWz2JHvCChuTcJEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
+gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
--- a/ipc/uapi_windows.go
+++ b/ipc/uapi_windows.go
@ -62,7 +62,7 @@ func init() {
 func UAPIListen(name string) (net.Listener, error) {
 	listener, err := (&namedpipe.ListenConfig{
 		SecurityDescriptor: UAPISecurityDescriptor,
-	}).Listen(`\\.\pipe\ProtectedPrefix\Administrators\AmneziaWG\` + name)
+	}).Listen(`\\.\pipe\ProtectedPrefix\Administrators\WireGuard\` + name)
 	if err != nil {
 		return nil, err
 	}
--- a/main.go
+++ b/main.go
@ -33,7 +33,7 @@ const (
 )

 func printUsage() {
-	fmt.Printf("Usage: %s [-f/--foreground] INTERFACE-NAME\n", os.Args[0])
+	fmt.Printf("Usage: %s [-f/--foreground] [-u/--udptlspipe] INTERFACE-NAME\n", os.Args[0])
 }

 func warning() {
@ -46,49 +46,49 @@ func warning() {
 		return
 	}

-	fmt.Fprintln(os.Stderr, "┌──────────────────────────────────────────────────────────────┐")
-	fmt.Fprintln(os.Stderr, "│                                                              │")
-	fmt.Fprintln(os.Stderr, "│       Running amneziawg-go is not required because this      │")
-	fmt.Fprintln(os.Stderr, "│       kernel has first class support for AmneziaWG. For      │")
-	fmt.Fprintln(os.Stderr, "│       information on installing the kernel module,           │")
-	fmt.Fprintln(os.Stderr, "│       please visit:                                          │")
-	fmt.Fprintln(os.Stderr, "| https://github.com/amnezia-vpn/amneziawg-linux-kernel-module │")
-	fmt.Fprintln(os.Stderr, "│                                                              │")
-	fmt.Fprintln(os.Stderr, "└──────────────────────────────────────────────────────────────┘")
+	fmt.Fprintln(os.Stderr, "┌──────────────────────────────────────────────────────┐")
+	fmt.Fprintln(os.Stderr, "│                                                      │")
+	fmt.Fprintln(os.Stderr, "│   Running wireguard-go is not required because this  │")
+	fmt.Fprintln(os.Stderr, "│   kernel has first class support for WireGuard. For  │")
+	fmt.Fprintln(os.Stderr, "│   information on installing the kernel module,       │")
+	fmt.Fprintln(os.Stderr, "│   please visit:                                      │")
+	fmt.Fprintln(os.Stderr, "│         https://www.wireguard.com/install/           │")
+	fmt.Fprintln(os.Stderr, "│                                                      │")
+	fmt.Fprintln(os.Stderr, "└──────────────────────────────────────────────────────┘")
 }

 func main() {
 	if len(os.Args) == 2 && os.Args[1] == "--version" {
-		fmt.Printf("amneziawg-go %s\n\nUserspace AmneziaWG daemon for %s-%s.\nInformation available at https://amnezia.org\n", Version, runtime.GOOS, runtime.GOARCH)
+		fmt.Printf("wireguard-go v%s\n\nUserspace WireGuard daemon for %s-%s.\nInformation available at https://www.wireguard.com.\nCopyright (C) Jason A. Donenfeld <Jason@zx2c4.com>.\n", Version, runtime.GOOS, runtime.GOARCH)
 		return
 	}

 	warning()

-	var foreground bool
-	var interfaceName string
-	if len(os.Args) < 2 || len(os.Args) > 3 {
+	var foreground = false
+	var udp = false
+	var interfaceName = ""
+	if len(os.Args) < 2 || len(os.Args) > 4 {
 		printUsage()
 		return
 	}

-	switch os.Args[1] {
+	for _, arg := range os.Args[1:] {
+		switch arg {
+		case "-f", "--foreground":
+			foreground = true

-	case "-f", "--foreground":
-		foreground = true
-		if len(os.Args) != 3 {
-			printUsage()
-			return
-		}
-		interfaceName = os.Args[2]
+		case "-u", "--udp":
+			udp = true

-	default:
-		foreground = false
-		if len(os.Args) != 2 {
-			printUsage()
-			return
+		default:
+			interfaceName = arg
 		}
-		interfaceName = os.Args[1]
+	}
+
+	if interfaceName == "" {
+		printUsage()
+		return
 	}

 	if !foreground {
@ -145,7 +145,7 @@ func main() {
 		fmt.Sprintf("(%s) ", interfaceName),
 	)

-	logger.Verbosef("Starting amneziawg-go version %s", Version)
+	logger.Verbosef("Starting wireguard-go version %s", Version)

 	if err != nil {
 		logger.Errorf("Failed to create TUN device: %v", err)
@ -222,7 +222,7 @@ func main() {
 		return
 	}

-	device := device.NewDevice(tdev, conn.NewDefaultBind(), logger)
+	device := device.NewDevice(tdev, conn.NewDefaultBind(), logger, udp)

 	logger.Verbosef("Device started")

--- a/main_windows.go
+++ b/main_windows.go
@ -30,13 +30,13 @@ func main() {
 	}
 	interfaceName := os.Args[1]

-	fmt.Fprintln(os.Stderr, "Warning: this is a test program for Windows, mainly used for debugging this Go package. For a real AmneziaWG for Windows client, please visit: https://amnezia.org")
+	fmt.Fprintln(os.Stderr, "Warning: this is a test program for Windows, mainly used for debugging this Go package. For a real WireGuard for Windows client, the repo you want is <https://git.zx2c4.com/wireguard-windows/>, which includes this code as a module.")

 	logger := device.NewLogger(
 		device.LogLevelVerbose,
 		fmt.Sprintf("(%s) ", interfaceName),
 	)
-	logger.Verbosef("Starting amneziawg-go version %s", Version)
+	logger.Verbosef("Starting wireguard-go version %s", Version)

 	tun, err := tun.CreateTUN(interfaceName, 0)
 	if err == nil {
@ -49,7 +49,7 @@ func main() {
 		os.Exit(ExitSetupFailed)
 	}

-	device := device.NewDevice(tun, conn.NewDefaultBind(), logger)
+	device := device.NewDevice(tun, conn.NewDefaultBind(), logger, true)
 	err = device.Up()
 	if err != nil {
 		logger.Errorf("Failed to bring up device: %v", err)
--- a/tun/netstack/examples/http_client.go
+++ b/tun/netstack/examples/http_client.go
@ -26,7 +26,7 @@ func main() {
 	if err != nil {
 		log.Panic(err)
 	}
-	dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, ""))
+	dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, ""), true)
 	err = dev.IpcSet(`private_key=087ec6e14bbed210e7215cdc73468dfa23f080a1bfb8665b2fd809bd99d28379
 public_key=c4c8e984c5322c8184c72265b92b250fdb63688705f504ba003c88f03393cf28
 allowed_ip=0.0.0.0/0
--- a/tun/netstack/examples/http_server.go
+++ b/tun/netstack/examples/http_server.go
@ -28,7 +28,7 @@ func main() {
 	if err != nil {
 		log.Panic(err)
 	}
-	dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, ""))
+	dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, ""), true)
 	dev.IpcSet(`private_key=003ed5d73b55806c30de3f8a7bdab38af13539220533055e635690b8b87ad641
 listen_port=58120
 public_key=f928d4f6c1b86c12f2562c10b07c555c5c57fd00f59e90c8d8d88767271cbf7c
--- a/tun/netstack/examples/ping_client.go
+++ b/tun/netstack/examples/ping_client.go
@ -30,7 +30,7 @@ func main() {
 	if err != nil {
 		log.Panic(err)
 	}
-	dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, ""))
+	dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, ""), true)
 	dev.IpcSet(`private_key=a8dac1d8a70a751f0f699fb14ba1cff7b79cf4fbd8f09f44c6e6a90d0369604f
 public_key=25123c5dcd3328ff645e4f2a3fce0d754400d3887a0cb7c56f0267e20fbf3c5b
 endpoint=163.172.161.0:12912
Author	SHA1	Message	Date
Iurii Egorov	253dbf58ef	udptlspipe tests Signed-off-by: Iurii Egorov <ye@amnezia.org>	2024-03-22 00:56:28 +03:00
Iurii Egorov	28bf1e21f0	udptlspipe basic implementation	2024-03-22 00:56:28 +03:00