.png)
3 hours ago
1
WrapGuard enables any application to transparently route ALL network traffic through a WireGuard VPN without requiring container privileges or kernel modules.
- Pure Userspace: No TUN interface creation, no NET_ADMIN capability needed
- Transparent Interception: Uses LD_PRELOAD to intercept all network calls
- Bidirectional Support: Both incoming and outgoing connections work
- Standard Config: Uses standard WireGuard configuration files
This will create:
- wrapguard - The main executable
- libwrapguard.so - The LD_PRELOAD library
# Route outgoing connections through WireGuard
wrapguard --config=~/wg0.conf -- curl https://icanhazip.com
# Route incoming connections through WireGuard
wrapguard --config=~/wg0.conf -- node -e 'http.createServer().listen(8080)'
WrapGuard uses standard WireGuard configuration files:
[Interface]
PrivateKey = <your-private-key>
Address = 10.0.0.2/24
[Peer]
PublicKey = <server-public-key>
Endpoint = server.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
- Main Process: Parses config, initializes WireGuard userspace implementation
- LD_PRELOAD Library: Intercepts network system calls (socket, connect, send, recv, etc.)
- Virtual Network Stack: Routes packets between intercepted connections and WireGuard tunnel
- Memory-based TUN: No kernel interface needed, packets processed entirely in memory
- Currently only supports IPv4
- TCP and UDP protocols only
- Performance overhead due to userspace packet processing
# Test outgoing connection
wrapguard --config=example-wg0.conf -- curl https://example.com
# Test incoming connection
wrapguard --config=example-wg0.conf -- python3 -m http.server 8080
![TES Renewal Skywind – Progress update and gameplay demo [video]](https://www.youtube.com/img/desktop/supported_browsers/opera.png)
