TCP Wireguard with socat

Tim Sedlmeyer tim at
Mon Mar 12 16:44:18 CET 2018

Glad you got it working with ssf. If you are still interested in
getting it to work with socat, I have done so and it is pretty easy to

On the server side of the connection:

socat -d -d TCP-LISTEN:443,reuseaddr TUN:,up

On the client side:

socat TCP:server_address:443 TUN:,up

This will create tunnel interfaces on each side which forwards any
data flowing through them over a socat established TCP connection
between the machines. Running 'ip link show' on either end will show
the new tun interface.

In your wireguard configuration set the server to listen on any port
besides 443 since socat is using this port for the TCP connection. On
the client side configure the endpoint for the server peer to be

On Mon, Mar 12, 2018 at 11:14 AM, Gianluca Gabrielli
<tuxmealux at> wrote:
> Yes, I can confirm now. Wireguard + ssf[1] (UDP forwarding) works very well.
> I will proceed doing some benchmark to understand how much this solution is downgrading performance.
> [1]
> Cheers,
> Gianluca
> _______________________________________________
> WireGuard mailing list
> WireGuard at

More information about the WireGuard mailing list