Skip to content

Instantly share code, notes, and snippets.

@xdenb43

xdenb43/Mikrotik WireGuard anti DPI.md

Forked from wiktorbgu/Mikrotik-WireGuard-anti-DPI.md
Last active February 12, 2026 05:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save xdenb43/9adb3cae277ec422dc30196f0d998403 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save xdenb43/9adb3cae277ec422dc30196f0d998403 to your computer and use it in GitHub Desktop.
Download ZIP
Mikrotik WireGuard anti DPI
Raw
Mikrotik WireGuard anti DPI.md

Important

Update 12.02.2026

  • Скрипт переделан под AWG 1.5 автором @Medium_csgo
  • Чуток подправил под свои нужды
  • убрал часть с резолвом ip ендпонта, вместо этого используется DNS Static запись

Оригинальный изначальный скрипт @wiktorbgu:

Note

  • Скрипт добавляется по пути в меню System - Scripts с именем wg-antidpi, те можно пнуть скрипт когда угодно
  • Сам прописывается в System - Scheduler при первом ручном запуске
  • учтены правки из чата antifilter.network
# wg-antipdi traffic flood | by antifilter tg chat | by @Medium_csgo
# Enable traffic-gen: /system device-mode update traffic-gen=yes
# update tested with RoS 7.21+

# SCHEDULER
# warn if schedule does not exist and create it
:local scheduleName "wg-antidpi";
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
    /log warning "[wg-antidpi] Alert : Schedule does not exist. Creating schedule ...."
    /system scheduler add name=$scheduleName interval=5m start-time=startup on-event=wg-antidpi policy=read,write,policy,test,sniff,sensitive
    /log warning "[wg-antidpi] Alert : Schedule created!"
}

# PREPARATION
:local Jc 4
:local Jmin 40
:local Jmax 70
:local TTL 64

:local i1 "c3000000010870ac9c05f49d2bff0341d26000421578ace2b50e80d3a3e8b2c2e2e5f50aebf6f7364c9fbed6be8c14606445db7e5c0f75b825ffc3d872b3c463422f0c6334b45a1d1297ee2abda6150110864de45ade52b8a2e33a7c4db399678ccb0501ce14696ae1de40c350293d31db073976e3eae493500358df59b6e16867d4c39ff670168bf0ab50e43aa0fc0814c0762227ff93f334522d9562142dcdef7241b554bfe2c27a3ab066d516f4d31a47526318c644e15d90e98899e25c0ce8a67e14df149769c3d14833d27a25e25fde8afd68f587cc573e8c88e502793b50626f4c5267a5786b2903172a0ef4eea2fa282a02e3d3385d598baa9cacb9395d6c43c5ccbbdce9845a39ded847779f00c44cf5df34f3ad2a22e63504316b748eabacb3b03a1cc3df9c8d6ab60a0255b7f8d433d6d0a671b5cf30a0af2c04a7138cc1b264382e164ebbbcc290176ac9d6672e57cac55effa9df991a0ec1b4ed63910432ff03b187c3a22206c6a4914e16d59e36f011a08f03f3ac7baed06a884f9fa3ee84ab2d097d4863f84edc87b624ca9aeafcec920339d3addc7b5fae21e59cc47c58147b244300ad857e71b8cb9772c4fed8a7a775744f0d8448c70a491e3a7fa5a98c0997be9319a32495011cafb4c2f9b3ade1ef1a5efbc00dd7374e5ea0226d62934a2847c55c0d524337d4073557e96b9ff177414ef03945503fb7c6149db4c3f4a449e70363fe259360de0df0d194f43a44dd364acadb6683262927e1b3dbcbb8e8a610ab0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
:local i2 ""
:local i3 ""
:local i4 ""
:local i5 ""

:local tohex do={
  :local n $1
  :local h ""
  :while ($n>0) do={
    :local r ($n % 16)
    :set h ([:pick "0123456789abcdef" $r ($r+1)] . $h)
    :set n ($n / 16)
  }
  :return $h
}

:local mac2hex do={
    :local m $1
    :set m ([:pick $m 0 2].[:pick $m 3 5].[:pick $m 6 8].[:pick $m 9 11].[:pick $m 12 14].[:pick $m 15 17])
    :return [:convert transform=lc $m]
}

:local hex16 do={
    :local n [:tonum $1]
    :local hi ($n >> 8)
    :local lo ($n & 255)

    :local digits "0123456789abcdef"

    :local h1 [:pick $digits ($hi >> 4) (($hi >> 4) + 1)]
    :local h2 [:pick $digits ($hi & 15) (($hi & 15) + 1)]
    :local h3 [:pick $digits ($lo >> 4) (($lo >> 4) + 1)]
    :local h4 [:pick $digits ($lo & 15) (($lo & 15) + 1)]

    :return ($h1 . $h2 . $h3 . $h4)
}

:local hex8 do={
    :local n [:tonum $1]
    :local digits "0123456789abcdef"

    :local h1 [:pick $digits ($n >> 4) (($n >> 4) + 1)]
    :local h2 [:pick $digits ($n & 15) (($n & 15) + 1)]

    :return ($h1 . $h2)
}

:local ip2hex do={
    :local ip [:tostr $1]
    :local digits "0123456789abcdef"
    :local out ""
    
    :local p1 [:find $ip "."]
    :local o1 [:tonum [:pick $ip 0 $p1]]
    :set out ([:pick $digits ($o1 >> 4) (($o1 >> 4)+1)] . [:pick $digits ($o1 & 15) (($o1 & 15)+1)])
    
    :local p2 [:find $ip "." ($p1 + 1)]
    :local o2 [:tonum [:pick $ip ($p1 + 1) $p2]]
    :set out ($out . [:pick $digits ($o2 >> 4) (($o2 >> 4)+1)] . [:pick $digits ($o2 & 15) (($o2 & 15)+1)])
    
    :local p3 [:find $ip "." ($p2 + 1)]
    :local o3 [:tonum [:pick $ip ($p2 + 1) $p3]]
    :set out ($out . [:pick $digits ($o3 >> 4) (($o3 >> 4)+1)] . [:pick $digits ($o3 & 15) (($o3 & 15)+1)])
    
    :local o4 [:tonum [:pick $ip ($p3 + 1) [:len $ip]]]
    :set out ($out . [:pick $digits ($o4 >> 4) (($o4 >> 4)+1)] . [:pick $digits ($o4 & 15) (($o4 & 15)+1)])
    
    :return $out
}

:local ipchecksum do={
    :local header $1
    :local sum 0

    :for j from=0 to=9 do={
        :local offset ($j * 4)
        :local word [:pick $header $offset ($offset + 4)]
        :local val [:tonum ("0x" . $word)]
        :set sum ($sum + $val)
    }

    :while ($sum > 65535) do={
        :set sum (($sum & 65535) + ($sum >> 16))
    }

    :local checksum (65535 - $sum)

    :local hi ($checksum >> 8)
    :local lo ($checksum & 255)

    :local digits "0123456789abcdef"

    :local h1 [:pick $digits ($hi >> 4) (($hi >> 4) + 1)]
    :local h2 [:pick $digits ($hi & 15) (($hi & 15) + 1)]
    :local h3 [:pick $digits ($lo >> 4) (($lo >> 4) + 1)]
    :local h4 [:pick $digits ($lo & 15) (($lo & 15) + 1)]

    :return ($h1 . $h2 . $h3 . $h4)
}

:local udpchecksum do={
    :local srcHex $1
    :local dstHex $2
    :local udpLenNum $3 
    :local udpTmp $4
    :local pay $5

    :local pseudo ($srcHex . $dstHex . "0000" . "11" . [$hex16 $udpLenNum])

    :local checkdata ($pseudo . $udpTmp . $pay)

    :if (([:len $checkdata] % 4) != 0) do={
        :set checkdata ($checkdata . "00")
    }

    :local sum 0
    :local wordCount ([:len $checkdata] / 4)
    :for j from=0 to=($wordCount - 1) do={
        :local offset ($j * 4)
        :local word [:pick $checkdata $offset ($offset + 4)]
        :local val [:tonum ("0x" . $word)]
        :set sum ($sum + $val)
    }

    :while ($sum > 65535) do={
        :set sum (($sum & 65535) + ($sum >> 16))
    }

    :local checksum (65535 - $sum)
    :if ($checksum = 0) do={ :set checksum 0 }

    :local hi ($checksum >> 8)
    :local lo ($checksum & 255)
    :local digits "0123456789abcdef"
    :local h1 [:pick $digits ($hi >> 4) (($hi >> 4) + 1)]
    :local h2 [:pick $digits ($hi & 15) (($hi & 15) + 1)]
    :local h3 [:pick $digits ($lo >> 4) (($lo >> 4) + 1)]
    :local h4 [:pick $digits ($lo & 15) (($lo & 15) + 1)]

    :return ($h1 . $h2 . $h3 . $h4)
}

:local randhex do={

    :local bytes $1
    :local out ""
    :local digits "0123456789abcdef"

    :for i from=1 to=$bytes do={

        :local r [:rndnum from=0 to=255]

        :local h1 [:pick $digits ($r >> 4) (($r >> 4) + 1)]
        :local h2 [:pick $digits ($r & 15) (($r & 15) + 1)]

        :set out ($out . $h1 . $h2)
    }

    :return $out
}

:local parts ($i1 . "," . $i2 . "," . $i3 . "," . $i4 . "," . $i5)

:for j from=1 to=$Jc do={
    :local size [:rndnum from=$Jmin to=$Jmax]
    :local junk [$randhex $size]
    :set parts ($parts . "," . $junk)
}

# MAIN PART
:global Tx
:global Rx
/interface wireguard peers
:foreach i in=[find where disabled=no and responder!=yes] do={
    :local LocalTx [get $i tx]
    :local LocalRx [get $i rx]
    :local LastHandshake [get $i last-handshake]
    :if (([:tostr $LastHandshake] = "") or (($LastHandshake > [:totime "2m20s"]) and ($Rx->[:tostr $i] = $LocalRx))) do={
        :local PeerName [get $i name]
        :local Interface [get $i interface]
        :local EndpointAddress [get $i endpoint-address]
        :local EndpointIP [get $i current-endpoint-address]
        :local DstPort [get $i current-endpoint-port]

        #Reset source port
        :local RndPort [:rndnum from=49000 to=59999]
        /interface wireguard set $Interface listen-port=$RndPort
        :local SrcPort [/interface wireguard get $Interface listen-port]
        
        #Check route to endpoint
        :local EndpointRoute [/ip route check dst-ip=$EndpointIP once as-value]
        :if ([:len $EndpointRoute]=0) do={
            :log error "Endpoint Route check failed"
            :return
        }
        :local EndpointRouteOutInterface ($EndpointRoute->"interface")
        :local InterfaceType [/interface get $EndpointRouteOutInterface type]
        
        /tool ping $EndpointIP count=1 interval=200ms
        :local conn [/ip firewall connection find where dst-address="$EndpointIP" and protocol=icmp]
        :if ([:len $conn]=0) do={
            :log error "No WG conntrack entry for $EndpointIP:$DstPort"
            :return
        }
        :local cid [:pick $conn 0]
        :local srcip [/ip firewall connection get $cid reply-dst-address]
        
        :local eth ""
        :local gw ""
        :if ($InterfaceType = "ether" or $InterfaceType = "bridge") do={  
            :set gw ($EndpointRoute->"nexthop")
            :local srcmacRaw [/interface get $EndpointRouteOutInterface mac-address]
            :local srcmac [$mac2hex $srcmacRaw]
            :local dstmacRaw [/ip arp get [find address=$gw] mac-address]
            :local dstmac [$mac2hex $dstmacRaw]
            :set eth ($dstmac.$srcmac."0800")
        }
       
        :local srcipHex [$ip2hex $srcip]
        :local dstipHex [$ip2hex $EndpointIP]

        :local ipid [:rndnum from=0 to=65535]
        :local ipidHex [$hex16 $ipid]
        :local ttlHex [$hex8 $TTL]
        
        :local ipid [:rndnum from=0 to=65535]
        :local ipidHex [$hex16 $ipid]

        :local srcPortHex [$hex16 $SrcPort]
        :local dstPortHex [$hex16 $DstPort]
        
        #Log peer info
        :log warning ("Peer: $PeerName, Interface: $Interface")
        :log warning ("Endpoint Address: $EndpointAddress, Endpoint IP: $EndpointIP")
        :log warning ("Src Port: $SrcPort, Dst Port: $DstPort, Last Handshake: $LastHandshake")
        :log warning ("Last Rx: " . $Rx->[:tostr $i] . ", Current Rx: $LocalRx")
        :log warning ("Last Tx: " . $Tx->[:tostr $i] . ", Current Tx: $LocalTx")
        
        #Disable peer
        :log warning ("Disable peer: $PeerName")
        set $i disabled=yes
        :delay 1
        
        #Generating spam
        :log warning ("Generating spam")
        
        :foreach part in=[:toarray $parts] do={
            :if ([:len $part] = 0) do={ :continue }
            :local partLen ([:len $part] / 2)
            :local udpLen ($partLen + 8)
            :local ipLen ($udpLen + 20)
            :local udpHeaderTmp ($srcPortHex.$dstPortHex.[$hex16 $udpLen]."0000")
            :local udpCsum [$udpchecksum $srcipHex $dstipHex $udpLen $udpHeaderTmp $part]
            :local udpHeader ($srcPortHex.$dstPortHex.[$hex16 $udpLen].$udpCsum)
            :local ipHeaderTmp ("45"."00".[$hex16 $ipLen].$ipidHex."0000".$ttlHex."11"."0000".$srcipHex.$dstipHex)
            :local ipCsum [$ipchecksum $ipHeaderTmp]
            :local ipHeader ("45"."00".[$hex16 $ipLen].$ipidHex."0000".$ttlHex."11".$ipCsum.$srcipHex.$dstipHex)
            :local l34 ($ipHeader.$udpHeader)
            :local fullpacket ($eth.$l34.$part)

            :log warning ("fullpacket: $fullpacket")
            /tool/traffic-generator/inject $EndpointRouteOutInterface data=$fullpacket
            :delay 5ms
        }
        
        #Enable peer
        :log warning ("Enable peer: $PeerName")
        set $i disabled=no
    }
    :set ($Tx->[:tostr $i]) $LocalTx
    :set ($Rx->[:tostr $i]) $LocalRx
}

UI окно System - Scripts

image

Raw
 export.rsc
/system script
add dont-require-permissions=yes name=wg-antidpi owner=admin policy=\
read,write,policy,test,sniff,sensitive source="# wg-antipdi traffic flood \
| by antifilter tg chat | by @Medium_csgo\r\
\n# Enable traffic-gen: /system device-mode update traffic-gen=yes\r\
\n# update tested with RoS 7.21+\r\
\n\r\
\n# SCHEDULER\r\
\n# warn if schedule does not exist and create it\r\
\n:local scheduleName \"wg-antidpi\";\r\
\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\
\n /log warning \"[wg-antidpi] Alert : Schedule does not exist. Creatin\
g schedule ....\"\r\
\n /system scheduler add name=\$scheduleName interval=5m start-time=sta\
rtup on-event=wg-antidpi policy=read,write,policy,test,sniff,sensitive\r\
\n /log warning \"[wg-antidpi] Alert : Schedule created!\"\r\
\n}\r\
\n\r\
\n# PREPARATION\r\
\n:local Jc 4\r\
\n:local Jmin 40\r\
\n:local Jmax 70\r\
\n:local TTL 64\r\
\n\r\
\n:local i1 \"c3000000010870ac9c05f49d2bff0341d26000421578ace2b50e80d3a3e8\
b2c2e2e5f50aebf6f7364c9fbed6be8c14606445db7e5c0f75b825ffc3d872b3c463422f0c\
6334b45a1d1297ee2abda6150110864de45ade52b8a2e33a7c4db399678ccb0501ce14696a\
e1de40c350293d31db073976e3eae493500358df59b6e16867d4c39ff670168bf0ab50e43a\
a0fc0814c0762227ff93f334522d9562142dcdef7241b554bfe2c27a3ab066d516f4d31a47\
526318c644e15d90e98899e25c0ce8a67e14df149769c3d14833d27a25e25fde8afd68f587\
cc573e8c88e502793b50626f4c5267a5786b2903172a0ef4eea2fa282a02e3d3385d598baa\
9cacb9395d6c43c5ccbbdce9845a39ded847779f00c44cf5df34f3ad2a22e63504316b748e\
abacb3b03a1cc3df9c8d6ab60a0255b7f8d433d6d0a671b5cf30a0af2c04a7138cc1b26438\
2e164ebbbcc290176ac9d6672e57cac55effa9df991a0ec1b4ed63910432ff03b187c3a222\
06c6a4914e16d59e36f011a08f03f3ac7baed06a884f9fa3ee84ab2d097d4863f84edc87b6\
24ca9aeafcec920339d3addc7b5fae21e59cc47c58147b244300ad857e71b8cb9772c4fed8\
a7a775744f0d8448c70a491e3a7fa5a98c0997be9319a32495011cafb4c2f9b3ade1ef1a5e\
fbc00dd7374e5ea0226d62934a2847c55c0d524337d4073557e96b9ff177414ef03945503f\
b7c6149db4c3f4a449e70363fe259360de0df0d194f43a44dd364acadb6683262927e1b3db\
cbb8e8a610ab00000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000\
0000000000000000000000000000000000000000000000000000000000000000\"\r\
\n:local i2 \"\"\r\
\n:local i3 \"\"\r\
\n:local i4 \"\"\r\
\n:local i5 \"\"\r\
\n\r\
\n:local tohex do={\r\
\n :local n \$1\r\
\n :local h \"\"\r\
\n :while (\$n>0) do={\r\
\n :local r (\$n % 16)\r\
\n :set h ([:pick \"0123456789abcdef\" \$r (\$r+1)] . \$h)\r\
\n :set n (\$n / 16)\r\
\n }\r\
\n :return \$h\r\
\n}\r\
\n\r\
\n:local mac2hex do={\r\
\n :local m \$1\r\
\n :set m ([:pick \$m 0 2].[:pick \$m 3 5].[:pick \$m 6 8].[:pick \$m 9\
\_11].[:pick \$m 12 14].[:pick \$m 15 17])\r\
\n :return [:convert transform=lc \$m]\r\
\n}\r\
\n\r\
\n:local hex16 do={\r\
\n :local n [:tonum \$1]\r\
\n :local hi (\$n >> 8)\r\
\n :local lo (\$n & 255)\r\
\n\r\
\n :local digits \"0123456789abcdef\"\r\
\n\r\
\n :local h1 [:pick \$digits (\$hi >> 4) ((\$hi >> 4) + 1)]\r\
\n :local h2 [:pick \$digits (\$hi & 15) ((\$hi & 15) + 1)]\r\
\n :local h3 [:pick \$digits (\$lo >> 4) ((\$lo >> 4) + 1)]\r\
\n :local h4 [:pick \$digits (\$lo & 15) ((\$lo & 15) + 1)]\r\
\n\r\
\n :return (\$h1 . \$h2 . \$h3 . \$h4)\r\
\n}\r\
\n\r\
\n:local hex8 do={\r\
\n :local n [:tonum \$1]\r\
\n :local digits \"0123456789abcdef\"\r\
\n\r\
\n :local h1 [:pick \$digits (\$n >> 4) ((\$n >> 4) + 1)]\r\
\n :local h2 [:pick \$digits (\$n & 15) ((\$n & 15) + 1)]\r\
\n\r\
\n :return (\$h1 . \$h2)\r\
\n}\r\
\n\r\
\n:local ip2hex do={\r\
\n :local ip [:tostr \$1]\r\
\n :local digits \"0123456789abcdef\"\r\
\n :local out \"\"\r\
\n \r\
\n :local p1 [:find \$ip \".\"]\r\
\n :local o1 [:tonum [:pick \$ip 0 \$p1]]\r\
\n :set out ([:pick \$digits (\$o1 >> 4) ((\$o1 >> 4)+1)] . [:pick \$di\
gits (\$o1 & 15) ((\$o1 & 15)+1)])\r\
\n \r\
\n :local p2 [:find \$ip \".\" (\$p1 + 1)]\r\
\n :local o2 [:tonum [:pick \$ip (\$p1 + 1) \$p2]]\r\
\n :set out (\$out . [:pick \$digits (\$o2 >> 4) ((\$o2 >> 4)+1)] . [:p\
ick \$digits (\$o2 & 15) ((\$o2 & 15)+1)])\r\
\n \r\
\n :local p3 [:find \$ip \".\" (\$p2 + 1)]\r\
\n :local o3 [:tonum [:pick \$ip (\$p2 + 1) \$p3]]\r\
\n :set out (\$out . [:pick \$digits (\$o3 >> 4) ((\$o3 >> 4)+1)] . [:p\
ick \$digits (\$o3 & 15) ((\$o3 & 15)+1)])\r\
\n \r\
\n :local o4 [:tonum [:pick \$ip (\$p3 + 1) [:len \$ip]]]\r\
\n :set out (\$out . [:pick \$digits (\$o4 >> 4) ((\$o4 >> 4)+1)] . [:p\
ick \$digits (\$o4 & 15) ((\$o4 & 15)+1)])\r\
\n \r\
\n :return \$out\r\
\n}\r\
\n\r\
\n:local ipchecksum do={\r\
\n :local header \$1\r\
\n :local sum 0\r\
\n\r\
\n :for j from=0 to=9 do={\r\
\n :local offset (\$j * 4)\r\
\n :local word [:pick \$header \$offset (\$offset + 4)]\r\
\n :local val [:tonum (\"0x\" . \$word)]\r\
\n :set sum (\$sum + \$val)\r\
\n }\r\
\n\r\
\n :while (\$sum > 65535) do={\r\
\n :set sum ((\$sum & 65535) + (\$sum >> 16))\r\
\n }\r\
\n\r\
\n :local checksum (65535 - \$sum)\r\
\n\r\
\n :local hi (\$checksum >> 8)\r\
\n :local lo (\$checksum & 255)\r\
\n\r\
\n :local digits \"0123456789abcdef\"\r\
\n\r\
\n :local h1 [:pick \$digits (\$hi >> 4) ((\$hi >> 4) + 1)]\r\
\n :local h2 [:pick \$digits (\$hi & 15) ((\$hi & 15) + 1)]\r\
\n :local h3 [:pick \$digits (\$lo >> 4) ((\$lo >> 4) + 1)]\r\
\n :local h4 [:pick \$digits (\$lo & 15) ((\$lo & 15) + 1)]\r\
\n\r\
\n :return (\$h1 . \$h2 . \$h3 . \$h4)\r\
\n}\r\
\n\r\
\n:local udpchecksum do={\r\
\n :local srcHex \$1\r\
\n :local dstHex \$2\r\
\n :local udpLenNum \$3 \r\
\n :local udpTmp \$4\r\
\n :local pay \$5\r\
\n\r\
\n :local pseudo (\$srcHex . \$dstHex . \"0000\" . \"11\" . [\$hex16 \$\
udpLenNum])\r\
\n\r\
\n :local checkdata (\$pseudo . \$udpTmp . \$pay)\r\
\n\r\
\n :if (([:len \$checkdata] % 4) != 0) do={\r\
\n :set checkdata (\$checkdata . \"00\")\r\
\n }\r\
\n\r\
\n :local sum 0\r\
\n :local wordCount ([:len \$checkdata] / 4)\r\
\n :for j from=0 to=(\$wordCount - 1) do={\r\
\n :local offset (\$j * 4)\r\
\n :local word [:pick \$checkdata \$offset (\$offset + 4)]\r\
\n :local val [:tonum (\"0x\" . \$word)]\r\
\n :set sum (\$sum + \$val)\r\
\n }\r\
\n\r\
\n :while (\$sum > 65535) do={\r\
\n :set sum ((\$sum & 65535) + (\$sum >> 16))\r\
\n }\r\
\n\r\
\n :local checksum (65535 - \$sum)\r\
\n :if (\$checksum = 0) do={ :set checksum 0 }\r\
\n\r\
\n :local hi (\$checksum >> 8)\r\
\n :local lo (\$checksum & 255)\r\
\n :local digits \"0123456789abcdef\"\r\
\n :local h1 [:pick \$digits (\$hi >> 4) ((\$hi >> 4) + 1)]\r\
\n :local h2 [:pick \$digits (\$hi & 15) ((\$hi & 15) + 1)]\r\
\n :local h3 [:pick \$digits (\$lo >> 4) ((\$lo >> 4) + 1)]\r\
\n :local h4 [:pick \$digits (\$lo & 15) ((\$lo & 15) + 1)]\r\
\n\r\
\n :return (\$h1 . \$h2 . \$h3 . \$h4)\r\
\n}\r\
\n\r\
\n:local randhex do={\r\
\n\r\
\n :local bytes \$1\r\
\n :local out \"\"\r\
\n :local digits \"0123456789abcdef\"\r\
\n\r\
\n :for i from=1 to=\$bytes do={\r\
\n\r\
\n :local r [:rndnum from=0 to=255]\r\
\n\r\
\n :local h1 [:pick \$digits (\$r >> 4) ((\$r >> 4) + 1)]\r\
\n :local h2 [:pick \$digits (\$r & 15) ((\$r & 15) + 1)]\r\
\n\r\
\n :set out (\$out . \$h1 . \$h2)\r\
\n }\r\
\n\r\
\n :return \$out\r\
\n}\r\
\n\r\
\n:local parts (\$i1 . \",\" . \$i2 . \",\" . \$i3 . \",\" . \$i4 . \",\" \
. \$i5)\r\
\n\r\
\n:for j from=1 to=\$Jc do={\r\
\n :local size [:rndnum from=\$Jmin to=\$Jmax]\r\
\n :local junk [\$randhex \$size]\r\
\n :set parts (\$parts . \",\" . \$junk)\r\
\n}\r\
\n\r\
\n# MAIN PART\r\
\n:global Tx\r\
\n:global Rx\r\
\n/interface wireguard peers\r\
\n:foreach i in=[find where disabled=no and responder!=yes] do={\r\
\n :local LocalTx [get \$i tx]\r\
\n :local LocalRx [get \$i rx]\r\
\n :local LastHandshake [get \$i last-handshake]\r\
\n :if (([:tostr \$LastHandshake] = \"\") or ((\$LastHandshake > [:toti\
me \"2m20s\"]) and (\$Rx->[:tostr \$i] = \$LocalRx))) do={\r\
\n :local PeerName [get \$i name]\r\
\n :local Interface [get \$i interface]\r\
\n :local EndpointAddress [get \$i endpoint-address]\r\
\n :local EndpointIP [get \$i current-endpoint-address]\r\
\n :local DstPort [get \$i current-endpoint-port]\r\
\n\r\
\n #Reset source port\r\
\n :local RndPort [:rndnum from=49000 to=59999]\r\
\n /interface wireguard set \$Interface listen-port=\$RndPort\r\
\n :local SrcPort [/interface wireguard get \$Interface listen-port\
]\r\
\n \r\
\n #Check route to endpoint\r\
\n :local EndpointRoute [/ip route check dst-ip=\$EndpointIP once a\
s-value]\r\
\n :if ([:len \$EndpointRoute]=0) do={\r\
\n :log error \"Endpoint Route check failed\"\r\
\n :return\r\
\n }\r\
\n :local EndpointRouteOutInterface (\$EndpointRoute->\"interface\"\
)\r\
\n :local InterfaceType [/interface get \$EndpointRouteOutInterface\
\_type]\r\
\n \r\
\n /tool ping \$EndpointIP count=1 interval=200ms\r\
\n :local conn [/ip firewall connection find where dst-address=\"\$\
EndpointIP\" and protocol=icmp]\r\
\n :if ([:len \$conn]=0) do={\r\
\n :log error \"No WG conntrack entry for \$EndpointIP:\$DstPor\
t\"\r\
\n :return\r\
\n }\r\
\n :local cid [:pick \$conn 0]\r\
\n :local srcip [/ip firewall connection get \$cid reply-dst-addres\
s]\r\
\n \r\
\n :local eth \"\"\r\
\n :local gw \"\"\r\
\n :if (\$InterfaceType = \"ether\" or \$InterfaceType = \"bridge\"\
) do={ \r\
\n :set gw (\$EndpointRoute->\"nexthop\")\r\
\n :local srcmacRaw [/interface get \$EndpointRouteOutInterface\
\_mac-address]\r\
\n :local srcmac [\$mac2hex \$srcmacRaw]\r\
\n :local dstmacRaw [/ip arp get [find address=\$gw] mac-addres\
s]\r\
\n :local dstmac [\$mac2hex \$dstmacRaw]\r\
\n :set eth (\$dstmac.\$srcmac.\"0800\")\r\
\n }\r\
\n \r\
\n :local srcipHex [\$ip2hex \$srcip]\r\
\n :local dstipHex [\$ip2hex \$EndpointIP]\r\
\n\r\
\n :local ipid [:rndnum from=0 to=65535]\r\
\n :local ipidHex [\$hex16 \$ipid]\r\
\n :local ttlHex [\$hex8 \$TTL]\r\
\n \r\
\n :local ipid [:rndnum from=0 to=65535]\r\
\n :local ipidHex [\$hex16 \$ipid]\r\
\n\r\
\n :local srcPortHex [\$hex16 \$SrcPort]\r\
\n :local dstPortHex [\$hex16 \$DstPort]\r\
\n \r\
\n #Log peer info\r\
\n :log warning (\"Peer: \$PeerName, Interface: \$Interface\")\r\
\n :log warning (\"Endpoint Address: \$EndpointAddress, Endpoint IP\
: \$EndpointIP\")\r\
\n :log warning (\"Src Port: \$SrcPort, Dst Port: \$DstPort, Last H\
andshake: \$LastHandshake\")\r\
\n :log warning (\"Last Rx: \" . \$Rx->[:tostr \$i] . \", Current R\
x: \$LocalRx\")\r\
\n :log warning (\"Last Tx: \" . \$Tx->[:tostr \$i] . \", Current T\
x: \$LocalTx\")\r\
\n \r\
\n #Disable peer\r\
\n :log warning (\"Disable peer: \$PeerName\")\r\
\n set \$i disabled=yes\r\
\n :delay 1\r\
\n \r\
\n #Generating spam\r\
\n :log warning (\"Generating spam\")\r\
\n \r\
\n :foreach part in=[:toarray \$parts] do={\r\
\n :if ([:len \$part] = 0) do={ :continue }\r\
\n :local partLen ([:len \$part] / 2)\r\
\n :local udpLen (\$partLen + 8)\r\
\n :local ipLen (\$udpLen + 20)\r\
\n :local udpHeaderTmp (\$srcPortHex.\$dstPortHex.[\$hex16 \$ud\
pLen].\"0000\")\r\
\n :local udpCsum [\$udpchecksum \$srcipHex \$dstipHex \$udpLen\
\_\$udpHeaderTmp \$part]\r\
\n :local udpHeader (\$srcPortHex.\$dstPortHex.[\$hex16 \$udpLe\
n].\$udpCsum)\r\
\n :local ipHeaderTmp (\"45\".\"00\".[\$hex16 \$ipLen].\$ipidHe\
x.\"0000\".\$ttlHex.\"11\".\"0000\".\$srcipHex.\$dstipHex)\r\
\n :local ipCsum [\$ipchecksum \$ipHeaderTmp]\r\
\n :local ipHeader (\"45\".\"00\".[\$hex16 \$ipLen].\$ipidHex.\
\"0000\".\$ttlHex.\"11\".\$ipCsum.\$srcipHex.\$dstipHex)\r\
\n :local l34 (\$ipHeader.\$udpHeader)\r\
\n :local fullpacket (\$eth.\$l34.\$part)\r\
\n\r\
\n :log warning (\"fullpacket: \$fullpacket\")\r\
\n /tool/traffic-generator/inject \$EndpointRouteOutInterface d\
ata=\$fullpacket\r\
\n :delay 5ms\r\
\n }\r\
\n \r\
\n #Enable peer\r\
\n :log warning (\"Enable peer: \$PeerName\")\r\
\n set \$i disabled=no\r\
\n }\r\
\n :set (\$Tx->[:tostr \$i]) \$LocalTx\r\
\n :set (\$Rx->[:tostr \$i]) \$LocalRx\r\
\n}"
@xdenb43
Copy link
Author

xdenb43 commented Nov 24, 2025

@just-mironov теперь увидел. с гитахаба уехало на гист
https://gist.github.com/xdenb43/b6c5044baccd8c8136d40b40adf7d3a0

@skros79
Copy link

skros79 commented Nov 27, 2025

добрый день, подскажите у меня на vps поднят CHR, к нему клиентом подключается микрот по wireguard, я правильно понимаю что скрипт нужно запускать на CHR

@xdenb43
Copy link
Author

xdenb43 commented Nov 27, 2025

@skros79
запускайте там, где только responder в пирах.

Хотя можете везде запустить, респондер автоматически отсеивается
И траффик генератор не забудьте добавить

@skros79
Copy link

skros79 commented Nov 27, 2025
edited
Loading

у меня эта галка нигде не стоит (видимо по старой инструкции делал).......ставится как я понял на сервере, а на клиенте не ставится, соответсвенно запускать скрипт на клиенте...... верно?

@skros79
Copy link

skros79 commented Nov 27, 2025

вообщем если меняешь порт, то где до 5 пингов проходит до внутреннего айпи впс, а дальше опять таймауты, в логах ошибка
wireguard1: ********Handshake for peer did not complete after 5 seconds, retrying (try 2)
скриптом в логах пишется что генерация спама, но видимо мне этот метод не поможет?

@xdenb43
Copy link
Author

xdenb43 commented Nov 27, 2025

@skros79 вам помогут здесь: https://t.me/it_network_people

@Jenstel
Copy link

Jenstel commented Jan 28, 2026

c WARP работает?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment