endpoints中，wireguard不支持入站

[bigoovip]

操作系统

Linux

系统版本

debian 12

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

sing-box version 1.11.0-beta.19

Environment: go1.23.4 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: fb512212e8ce4fbb26179473870ec217963f862f
CGO: disabled

描述

以下是部署在服务器S（debian 12）上的配置，wireguard用作入站（官方文档指明端点是具有入站和出站行为的协议），服务器S有公网作为服务端提供入站，本地设备C无公网ip(作为客户端用作出站)，wireguard作为服务端入站时应该可以不设置endpoint，但在sing-box中，使用以下配置则提示“failed to send handshake initiation: no known endpoint for peer”，见下方日志。

服务器S（debian 12）上的配置

{
	"log": {
		"disabled": false,
		"level": "debug",
		"timestamp": true
	},
	"endpoints": [
		{
			"type": "wireguard",
			"tag": "wg-ep",
			"system": false,
			"name": "wg0",
			"mtu": 1408,
			"address": [
				"10.10.10.1/24"
			],
			"private_key": "私钥",
			"listen_port": 10001,
			"peers": [
				{
					"public_key": "peer公钥",
					"allowed_ips": [
						"10.10.10.0/24"
					],
					"persistent_keepalive_interval": 30,
					"reserved": [
						0,
						0,
						0
					]
				}
			]
		}
	],
	"inbounds": [
		{
			"type": "vless"
            ... // vless配置
		}
	],
	"outbounds": [
		{
			"type": "direct",
			"tag": "direct"
		}
	],
	"route": {
		"rules": [
			{
				"action": "resolve",
				"strategy": "prefer_ipv4"
			},
			{
				"action": "sniff",
				"timeout": "1s"
			},
			{
				"ip_cidr": [
					"10.10.10.0/24"
				],
				"outbound": "wg-ep"
			}
		]
	},
	"experimental": {}
}

重现方式

sing-box run -c config.json

日志

+0800 2025-01-02 16:20:36 INFO inbound/vless[reality-in]: tcp server started at 127.0.0.1:443
+0800 2025-01-02 16:20:36 INFO inbound/vless[vlesswstls-in]: tcp server started at 127.0.0.1:443
+0800 2025-01-02 16:20:36 DEBUG endpoint/wireguard[wg-ep]: routine: receive incoming v4 - started
+0800 2025-01-02 16:20:36 DEBUG endpoint/wireguard[wg-ep]: routine: receive incoming v6 - started
+0800 2025-01-02 16:20:36 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - routine: sequential sender - started
+0800 2025-01-02 16:20:36 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - routine: sequential receiver - started
+0800 2025-01-02 16:20:36 DEBUG endpoint/wireguard[wg-ep]: interface state was Down, requested Up, now Up
+0800 2025-01-02 16:20:36 INFO sing-box started (0.11s)
+0800 2025-01-02 16:20:41 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - handshake did not complete after 5 seconds, retrying (try 2)
+0800 2025-01-02 16:20:41 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - sending handshake initiation
+0800 2025-01-02 16:20:41 ERROR endpoint/wireguard[wg-ep]: peer(xxx) - failed to send handshake initiation: no known endpoint for peer
+0800 2025-01-02 16:20:46 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - handshake did not complete after 5 seconds, retrying (try 3)
+0800 2025-01-02 16:20:46 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - sending handshake initiation
+0800 2025-01-02 16:20:46 ERROR endpoint/wireguard[wg-ep]: peer(xxx) - failed to send handshake initiation: no known endpoint for peer
+0800 2025-01-02 16:20:51 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - handshake did not complete after 5 seconds, retrying (try 4)
+0800 2025-01-02 16:20:51 DEBUG endpoint/wireguard[wg-ep]: peer(xxx) - sending handshake initiation
+0800 2025-01-02 16:20:51 ERROR endpoint/wireguard[wg-ep]: peer(xxx) - failed to send handshake initiation: no known endpoint for peer

### 支持我们

- [ ] 我已经 [赞助](https://github.com/sponsors/nekohasekai/)

### 完整性要求

- [X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
- [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
- [X] 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
- [X] 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

[nekohasekai]

在客户端中设置。