Window to Europe — secured tunneling solution.
- Encapsulation to IP/UDP, no additional fields
- AES encryption
- DNS proxy
- Multiple clients support using connection tracker
Project is in MVP status now, being updated and should be considered as unstable. So:
- Multithreading not implemented
- Connection tracker has minimal implementation
- Server contains error: some websites are not accessible
You can pass custom config file as the only w2e_client/w2e_server CLI argument.
If none provided, program will try to use default.config.
OS: Linux
Operating principle: Pass packets to userspace via NFQUEUE.
Dependencies:
sudo apt install -y build-essential git cmake ninja-build libnetfilter-queue-dev libnetfilter-queue1 iptables xxd
cmake -B build
cmake --build build
Server config...
Open DNS server address to substitute in DNS queries (may be empty = don't change)
Server's IP address
May be multiple sections. Describes clients.
Client's ID in range [0-255]. Corresponding client's source port is calculated as <prefix>|<id>. Value must be unique in configuration file.
Client's AES key.
- Create a Debian VM
- Set up firewall rule
allow udp:43520-43775 - Set static external and internal IP
- Inside VM
- Enlarge MTU
sudo ip l s dev ens4 mtu 1500 - Turn offloads off
sudo ethtool -K ens4 tx off sg off tso off gro off rx-gro-hw off - Turn IPv6 off
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1; sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 - Install git
sudo apt install git -y - Clone the code
git clone https://github.com/6uoMycop/W2E.git cd W2E/- Install dependencies and build (see above)
cd build/w2e_server/- Check IP address
ip aand adjust configvim ./default.config - Run server
sudo nohup ./w2e_server &
- Enlarge MTU
Actual on march 2025
For free tier and no billing use e2-micro instance, set standard disk, turn snapshots off, turn logging off.
OS: Windows
Operating principle: Pass packets to userspace via WinDivert.
cmake.exe -S . -B build
cmake.exe --build ./build --config Release
Client config...
Server's IP address.
May be multiple sections. Describes clients.
Client's ID in range [0-255]. Corresponding client's source port is calculated as <prefix>|<id>. Value must be unique in configuration file.
IP address to use as Source address of encapsulated packets.
Client's AES key.
- You can stop
WinDivertservice on client using
sc stop WinDivert
- If your build fails with
CMake Error: failed to create symbolic link
you should elevate to Administrator mode.
- Example iptables rule to pass packets to
NFQUEUE0
iptables -t raw -A PREROUTING -p udp --sport 1900 -i ens4 -j NFQUEUE --queue-bypass --queue-balance 0:1
iptables -t raw -A PREROUTING -p udp --sport 443 -i ens4 -j NFQUEUE --queue-bypass --queue-balance 0:1
iptables -t raw -A PREROUTING -p tcp --sport 443 -i ens4 -j NFQUEUE --queue-bypass --queue-balance 0:1
iptables -t raw -A PREROUTING -p tcp --sport 80 -i ens4 -j NFQUEUE --queue-bypass --queue-balance 0:1
iptables -t raw -A PREROUTING -p udp --sport 53 -i ens4 -j NFQUEUE --queue-bypass --queue-balance 0:1
iptables -t raw -A PREROUTING -p udp --dport 43520:43775 -i ens4 -j NFQUEUE --queue-bypass --queue-balance 0:1
- Enlarge MTU (linux server)
ip l s dev ens4 mtu 1500
- Turn offloads off (linux server)
ethtool -K ens4 tx off sg off tso off gro off rx-gro-hw off
- Disable IPv6 (linux server)
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
- Decrease MTU (Windows client)
Windows decrease MTU...
netsh interface ipv4 show subinterfaces
MTU Состояние определения носителя Вх. байт Исх. байт Интерфейс
4294967295 1 0 467389 Loopback Pseudo-Interface 1
1500 1 30151331950 479444648 Беспроводная сеть
1500 5 0 0 Подключение по локальной сети* 1
1500 1 0 363096 Ethernet 2
1500 5 0 0 Подключение по локальной сети* 2
netsh interface ipv4 set subinterface <INTERFACE_NAME> mtu=1440 store=active
store - одно из следующих значений:
active: настройка действует только до следующей перезагрузки. persistent: постоянная настройка.
- You can use
w2e_get_counters.shto read counters on server. Refer tow2e_ctrs_tdeclaration and script itself.