From: Thireus <thireus@protonmail.ch>
To: "Max R. P. Grossmann" <m@max.pm>
Cc: Rudi C <rudiwillalwaysloveyou@gmail.com>, wireguard@lists.zx2c4.com
Subject: Re: [FR] How can I expose the wireguard tunnel as a socks5 proxy on the client?
Date: Wed, 14 Oct 2020 11:04:28 +0000 [thread overview]
Message-ID: <BAFA6A11-22BE-4A91-B1AD-ADA979A94BE6@protonmail.ch> (raw)
In-Reply-To: <20201009142612.nyremqtnp2yjp257@desktop42>
Maybe this could help: https://github.com/kizzx2/docker-wireguard-socks-proxy
> Le 9 oct. 2020 à 15:26, Max R. P. Grossmann <m@max.pm> a écrit :
>
> Another idea would be to install WireGuard in a (tiny) virtual machine or a VPS and then ssh into that machine using
>
> ssh -TD9151 user@example.com
>
> This creates a SOCKS5 proxy on port 9151.
>
> Then, for example, you could create two Firefox profiles; one without a proxy (for the uncensored websites) and another that utilizes the SOCKS5 proxy on port 9151. The SOCKS5 proxy exposed by ssh will route all traffic over your virtual machine (example.com above), which will in turn route it through WireGuard.
>
> Since ssh can now be natively used under Windows, I'd be surprised if its -D option were not available. AFAIR, Putty can also do something similar.
>
> Best,
>
> Max
>
> On 20/10/04 03:41pm, Rudi C wrote:
>> I use Wireguard to circumvent Iran's censorship. A major problem with
>> it is that it's very hard to selectively proxy specific domains/apps
>> through Wireguard, while leaving others alone. This is an essential
>> feature for Iran's internet, as:
>> 1. The connection is terrible, so avoiding using the proxy for
>> uncensored sites helps a lot.
>> 2. International traffic is 2x more expensive, so avoiding the proxy
>> for internal traffic is very beneficial.
>> 3. Some internal sites ban international IPs and need Iranian IPs.
>>
>> The easiest way to solve this program, as far as I understand, is to
>> add the ability to expose the tunnel as a socks5 proxy on the client
>> side. This is the approach that shadowsocks, v2ray, etc have adopted.
>> There are mature solutions to selectively routing traffic through a
>> socks proxy.
>>
>> I searched around, and there are docker containers that already do
>> this wireguard-to-socks thing; But running docker is expensive on a
>> non-Linux machine, so it'd be much appreciated if you could support
>> exposing socks and HTTP proxy servers natively.
prev parent reply other threads:[~2020-10-16 13:17 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-04 12:11 Rudi C
2020-10-09 13:22 ` Roman Mamedov
2020-10-09 13:30 ` Rudi C
2020-10-09 13:34 ` Roman Mamedov
2020-10-09 13:46 ` Rudi C
2020-10-09 14:05 ` Roman Mamedov
2020-10-09 14:08 ` David Kerr
2020-10-09 14:19 ` Chris
2020-10-09 14:32 ` Roman Mamedov
2020-10-09 14:26 ` Max R. P. Grossmann
2020-10-14 11:04 ` Thireus [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BAFA6A11-22BE-4A91-B1AD-ADA979A94BE6@protonmail.ch \
--to=thireus@protonmail.ch \
--cc=m@max.pm \
--cc=rudiwillalwaysloveyou@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).