Ofutun
Rootless Wireguard Server with converting HTTP/HTTPS proxy to wireguard+transparent proxy proxy, transparent-proxy, wireguard
Install / Use
/learn @teemingfoota/OfutunREADME
ofutun
- Rootless Wireguard Server
- It does not require any special permissions, so it works on non-rooted android.
- NET_ADMIN capability is also not required when running as a docker container.
- (Optional) Convert HTTP/HTTPS proxy to transparent proxy
- On mobile devices, Proxy is available only when connected to Wi-Fi.
- With this tool, you can use proxies regardless of Wi-Fi/mobile connection.
Feature
- No Privilege Required
- Everything works in user space and no root privileges are required.
- Built-in TCP/IP stack by gvisor
- Terminate tcp/udp connections in the ofutun, and Convert to tcp/udp stream from ofutun.
- Convert HTTP/HTTPS proxy to transparent proxy.
- ICMP support.
sysctl -w net.ipv4.ping_group_range="0 2147483647"allows non-root users to send ICMP packets.
Pattern
Pettern1: As a Rootless Wireguard Server
$ ./ofutun --print
Pettern2: Convert HTTP/HTTPS Proxy to Transparent Proxy
$ ./ofutun --print --proxy http://proxy:1080
Pattern3: Blocks non-Proxy traffic
$ ./ofutun --print --proxy http://proxy:1080 --only-proxy
Usage
$ ./ofutun --help
Usage:
ofutun [OPTIONS]
Application Options:
-p, --print Print the configuration for the peers
--private-key= Base64-encoded private key for the server
--peer= List of peer public keys and IP addresses in the format <public-key>,<ip1>,<ip2>,...
--priv-peer= List of peer private keys and IP addresses in the format <private-key>,<ip1>,<ip2>,...
--local-ip= Local IP address to assign to the tunnel interface (default: 192.168.0.1, fc00::1)
-l, --listen-port= Port to listen on for incoming connections (default: 51820)
--dns-forwarder= DNS servers to forward queries to (default: 8.8.8.8, 1.1.1.1)
--proxy= Proxy address to use for tunneling
--proxy-insecure Ignore TLS certificate errors for the proxy
--proxy-only Only allow traffic to the proxy
--http-ports= List of HTTP ports to allow (default: 80)
--https-ports= List of HTTPS ports to allow (default: 443)
--use-sni Connect to the proxy using SNI
Help Options:
-h, --help Show this help message
Related Skills
node-connect
349.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
109.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
349.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
349.0kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
