Skip to content

Instantly share code, notes, and snippets.

@xdenb43

xdenb43/Mikrotik WireGuard anti DPI.md

Forked from wiktorbgu/Mikrotik-WireGuard-anti-DPI.md
Last active November 3, 2025 04:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save xdenb43/9adb3cae277ec422dc30196f0d998403 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save xdenb43/9adb3cae277ec422dc30196f0d998403 to your computer and use it in GitHub Desktop.
Download ZIP
Mikrotik WireGuard anti DPI
Raw
Mikrotik WireGuard anti DPI.md

Подправил скрипт @wiktorbgu:

Note

  • Скрипт добавляется по пути в меню System - Scripts с именем wg-antidpi, те можно пнуть скрипт когда угодно
  • Сам прописывается в System - Scheduler при первом ручном запуске
  • учтены правки из чата antifilter.network
# wg-antipdi traffic flood | by antifilter tg chat
# Enable traffic-gen: /system device-mode update traffic-gen=yes

# SCHEDULER
# warn if schedule does not exist and create it
:local scheduleName "wg-antidpi";
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
    /log warning "[wg-antidpi] Alert : Schedule does not exist. Creating schedule ...."
    /system scheduler add name=$scheduleName interval=5m start-time=startup on-event=wg-antidpi policy=read,write,policy,test,sniff,sensitive
    /log warning "[wg-antidpi] Alert : Schedule created!"
}

# MAIN PART
:global Tx
:global Rx
/interface wireguard peers
:foreach i in=[find where disabled=no and responder!=yes] do={
    :local LocalTx [get $i tx]
    :local LocalRx [get $i rx]
    :local LastHandshake [get $i last-handshake]
    :if (([:tostr $LastHandshake] = "") or (($LastHandshake > [:totime "2m20s"]) and ($Rx->[:tostr $i] = $LocalRx))) do={
        :local PeerName [get $i name]
        :local Interface [get $i interface]
        :local EndpointAddress [get $i endpoint-address]
        :local EndpointIP [get $i current-endpoint-address]
        :local DstPort [get $i current-endpoint-port]
        :local RawHeader [:rndstr length=4 from=123456789abcdef]
        
        #Reset source port
        /interface wireguard set $Interface listen-port=0
        :local SrcPort [/interface wireguard get $Interface listen-port]
        
        #Log peer info
        :log warning ("Peer: $PeerName, Interface: $Interface")
        :log warning ("Endpoint Address: $EndpointAddress, Endpoint IP: $EndpointIP")
        :log warning ("Src Port: $SrcPort, Dst Port: $DstPort, Last Handshake: $LastHandshake")
        :log warning ("Last Rx: " . $Rx->[:tostr $i] . ", Current Rx: $LocalRx")
        :log warning ("Last Tx: " . $Tx->[:tostr $i] . ", Current Tx: $LocalTx")
        
        #Disable peer
        :log warning ("Disable peer: $PeerName")
        set $i disabled=yes
        :delay 1
        
        #Generating spam
        :log warning ("Generating spam")
        /tool traffic-generator stream remove [find]
        /tool traffic-generator packet-template remove [find]
        :delay 1
        /tool traffic-generator packet-template add header-stack=mac,ip,udp,raw ip-dst=$EndpointIP name=packet-template-wg raw-header=$RawHeader special-footer=no udp-dst-port=$DstPort udp-src-port=$SrcPort
        :delay 1
        /tool traffic-generator stream add disabled=no mbps=1 name=stream1 id=3 packet-size=1450 pps=0 tx-template=packet-template-wg
        :delay 1
        /tool traffic-generator quick duration=4
        
        #Enable peer
        :log warning ("Enable peer: $PeerName")
        set $i disabled=no
    }
    :set ($Tx->[:tostr $i]) $LocalTx
    :set ($Rx->[:tostr $i]) $LocalRx
}

UI окно System - Scripts

image

Raw
 export.rsc
/system script
add dont-require-permissions=no name=wg-antidpi owner=admin policy=\
read,write,policy,test,sniff,sensitive source="# wg-antipdi traffic flood \
| by antifilter tg chat\r\
\n# Enable traffic-gen: /system device-mode update traffic-gen=yes\r\
\n\r\
\n# SCHEDULER\r\
\n# warn if schedule does not exist and create it\r\
\n:local scheduleName \"wg-antidpi\";\r\
\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\
\n /log warning \"[wg-antidpi] Alert : Schedule does not exist. Creatin\
g schedule ....\"\r\
\n /system scheduler add name=\$scheduleName interval=5m start-time=sta\
rtup on-event=wg-antidpi policy=read,write,policy,test,sniff,sensitive\r\
\n /log warning \"[wg-antidpi] Alert : Schedule created!\"\r\
\n}\r\
\n\r\
\n# MAIN PART\r\
\n:global Tx\r\
\n:global Rx\r\
\n/interface wireguard peers\r\
\n:foreach i in=[find where disabled=no and responder!=yes] do={\r\
\n :local LocalTx [get \$i tx]\r\
\n :local LocalRx [get \$i rx]\r\
\n :local LastHandshake [get \$i last-handshake]\r\
\n :if (([:tostr \$LastHandshake] = \"\") or ((\$LastHandshake > [:toti\
me \"2m20s\"]) and (\$Rx->[:tostr \$i] = \$LocalRx))) do={\r\
\n :local PeerName [get \$i name]\r\
\n :local Interface [get \$i interface]\r\
\n :local EndpointAddress [get \$i endpoint-address]\r\
\n :local EndpointIP [get \$i current-endpoint-address]\r\
\n :local DstPort [get \$i current-endpoint-port]\r\
\n :local RawHeader [:rndstr length=4 from=123456789abcdef]\r\
\n \r\
\n #Reset source port\r\
\n /interface wireguard set \$Interface listen-port=0\r\
\n :local SrcPort [/interface wireguard get \$Interface listen-port\
]\r\
\n \r\
\n #Log peer info\r\
\n :log warning (\"Peer: \$PeerName, Interface: \$Interface\")\r\
\n :log warning (\"Endpoint Address: \$EndpointAddress, Endpoint IP\
: \$EndpointIP\")\r\
\n :log warning (\"Src Port: \$SrcPort, Dst Port: \$DstPort, Last H\
andshake: \$LastHandshake\")\r\
\n :log warning (\"Last Rx: \" . \$Rx->[:tostr \$i] . \", Current R\
x: \$LocalRx\")\r\
\n :log warning (\"Last Tx: \" . \$Tx->[:tostr \$i] . \", Current T\
x: \$LocalTx\")\r\
\n \r\
\n #Disable peer\r\
\n :log warning (\"Disable peer: \$PeerName\")\r\
\n set \$i disabled=yes\r\
\n :delay 1\r\
\n \r\
\n #Generating spam\r\
\n :log warning (\"Generating spam\")\r\
\n /tool traffic-generator stream remove [find]\r\
\n /tool traffic-generator packet-template remove [find]\r\
\n :delay 1\r\
\n /tool traffic-generator packet-template add header-stack=mac,ip,\
udp,raw ip-dst=\$EndpointIP name=packet-template-wg raw-header=\$RawHeader\
\_special-footer=no udp-dst-port=\$DstPort udp-src-port=\$SrcPort\r\
\n :delay 1\r\
\n /tool traffic-generator stream add disabled=no mbps=1 name=strea\
m1 id=3 packet-size=1450 pps=0 tx-template=packet-template-wg\r\
\n :delay 1\r\
\n /tool traffic-generator quick duration=4\r\
\n \r\
\n #Enable peer\r\
\n :log warning (\"Enable peer: \$PeerName\")\r\
\n set \$i disabled=no\r\
\n }\r\
\n :set (\$Tx->[:tostr \$i]) \$LocalTx\r\
\n :set (\$Rx->[:tostr \$i]) \$LocalRx\r\
\n}"
@xdenb43
Copy link
Author

xdenb43 commented Oct 17, 2025
edited
Loading

@just-mironov Поясните пожалуйста, каким мониторингом поделиться и какой именно файл недоступен?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment