You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+5-10Lines changed: 5 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -164,6 +164,7 @@ On the Client machine, run Wiretap's `configure` command to generate starting co
164
164
165
165
> [!IMPORTANT]
166
166
> By default the listening port will be configured to be the same as the port specified in the `--endpoint IP:port`. This can be overwritten using the `--port` argument.
167
+
> If creating an outbound connection, by default the listening port will be configured to be the same as the port specified in the `--outbound-endpoint IP:port`. This can be overwritten using the `--sport` argument.
> The 51821 ListenPort in `wiretap.conf` needs to be available for use on the Client, but does NOT need to be accessible to the Server over real-world networks. See the [How It Works](#how-it-works) section for details. Use `--simple` in both the `config` command and the Server's `serve` command if your setup requires a single interface on the Client
224
+
> The 51821 ListenPort in `wiretap.conf` needs to be available for use on the Client, but does NOT need to be accessible to the Server over real-world networks. See the [How It Works](#how-it-works) section for details. Use `--simple` in the `configure` command if your setup requires a single interface on the Client. The Server will auto-detect that configuration.
224
225
225
226
Install the resulting `wiretap_relay.conf` and `wiretap.conf` configs files into WireGuard on the Client:
226
227
@@ -230,22 +231,16 @@ Install the resulting `wiretap_relay.conf` and `wiretap.conf` configs files into
230
231
> [!TIP]
231
232
> You can modify the AllowedIPs in the `wiretap.conf` file any time after generating the config files, just reload the config file with `wg-quick down ./wiretap.conf && wg-quick up ./wiretap.conf` (or re-import them into the GUI) after making the change. No changes are needed on the Server to update them.
232
233
233
-
> [!WARNING]
234
-
> In the default configuration, with the Client listening for an initial Server connection, the Server will still also listen on port 51820 so that other Servers can attach to it later. There is currently no way to change this when running the `configure` command, but when running `wiretap serve` you can manually change this in the `wiretap_server.conf` file, or using the `WIRETAP_RELAY_INTERFACE_PORT` environment variable.
235
-
236
234
Don't forget to disable or remove the tunnels when you're done (e.g., `sudo wg-quick down ./wiretap.conf && sudo wg-quick down ./wiretap_relay.conf`)
237
235
238
236
### Outbound Connections
239
-
You can use the `--outbound` flag to configure the Client to Initiate the UDP connection to the Server. If you do, the `--endpoint` value will instead be used to tell the Client where to connect to the Server, and the `--port` value (explicit or implicit) will configure the Server's listening port.
237
+
You can use the `--outbound-endpoint` flag to configure the Client to Initiate the UDP connection to the Server. If you do, the `--outbound-endpoint` value will instead be used to tell the Client where to connect to the Server, and the `--sport` value (explicit or implicit) will configure the Server's listening port.
240
238
241
-
In this case the Client will listen on 51820 in case other Servers need to be added using the default Inbound mode, but this can be changed via the `ListenPort` variable in the `wiretap_relay.conf` file if needed.
239
+
In this case the Client will listen on 51820 in case other Servers need to be added using the default Inbound mode, but this can be changed by passing a value to the `--port` flag when running the `configure` command.
242
240
243
241
### Simple Mode
244
242
While not recommended, you can add the `--simple` flag to configure Wiretap as a more traditional one-Client-and-one-Server VPN. Most of Wiretap's dynamic configuration features (any Wiretap commands you would run after establishing the initial connection) will be unavailable in this mode.
245
243
246
-
> [!WARNING]
247
-
> When starting the Server, you may need to also use the `--simple` flag. The Server currently does not support automatically detecting this configuration.
248
-
249
244
## Serve
250
245
251
246
On the remote machine, upload the Wiretap binary and then run one of the commands from the output of `configure` to start Wiretap in Server mode:
This command will modify the Client's E2EE configuration (`wiretap.conf`) to allow communication with the new Server, so you need to re-import it. For example, `sudo wg-quick down ./wiretap.conf && sudo wg-quick up ./wiretap.conf`. If you are attaching a new Server directly to the Client, the Relay config will also need to be refreshed in the same way.
363
358
364
-
Now you can use any of the `serve` command options to start Wiretap on the new Server, just like you did after running the `config` command. It will then join the Wiretap network by connecting to the existing Server.
359
+
Now you can use any of the `serve` command options to start Wiretap on the new Server, just like you did after running the `configure` command. It will then join the Wiretap network by connecting to the existing Server.
365
360
366
361
At this point the new routes should be usable! You can confirm that everything looks correct with `wiretap status`:
0 commit comments