Skip to content

Asking for optimizing suggestion #39

@aabbccgg

Description

@aabbccgg

I'm grateful to your works, it is such a wonderful upgrade of warp tools which use the wireguard protocol.

And I had configured the usque as a socks5 service with "CAP_NET_ADMIN" privilege, the service config as follows:

[Unit]
Description=Usque SOCKS5 Proxy for Warp
Documentation=https://github.com/Diniboy1123/usque
After=network.target nss-lookup.target

[Service]
User=nobody

ExecStart=/usr/local/bin/usque -c /usr/local/etc/warp-usque/config.json socks -b 127.0.0.1 -p 445 -u warp -w warp -d 1.1.1.1 -d 1.0.0.1 -d 2606:4700:4700::1111 -d 2606:4700:4700::1001 -s zt-masque.cloudflareclient.com
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

After set the "CAP_NET_ADMIN", I don't see the warning of UDP buffer size anymore, does it means I had solved this problem?

Furthermore, I wonder if I set the SNI correctly like "-s zt-masque.cloudflareclient.com" that I used a zerotrust tunnel.

Last but not least, I set the user as "nobody", does it safe enough, and do you have any other suggestion of performance optimization for me?

I'm looking forward to your reply, thank you sincerely.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions