From: Chris <wireguard@spam-free.eu>
To: wireguard@lists.zx2c4.com
Subject: Re: [FR] How can I expose the wireguard tunnel as a socks5 proxy on the client?
Date: Fri, 9 Oct 2020 16:19:22 +0200 [thread overview]
Message-ID: <d888c808-fffb-1d61-cdf4-752e61e33fd1@spam-free.eu> (raw)
In-Reply-To: <20201009182214.0169140f@natsu>
Maybe I oversimplify your problem, but from what I read, your standard route
will be using the Iranian net.
And - I guess - it is only a limited numer of IP addresses, that you would like
to reach through the tunnel.
I don't know your OS, but simply adding ip routes pointing to the tunnel for the
desired destinations would do the job.
Chris
On 09/10/2020 15:22, Roman Mamedov wrote:
> On Sun, 4 Oct 2020 15:41:52 +0330
> Rudi C <rudiwillalwaysloveyou@gmail.com> wrote:
>
>> I use Wireguard to circumvent Iran's censorship. A major problem with
>> it is that it's very hard to selectively proxy specific domains/apps
>> through Wireguard, while leaving others alone. This is an essential
>> feature for Iran's internet, as:
>> 1. The connection is terrible, so avoiding using the proxy for
>> uncensored sites helps a lot.
>> 2. International traffic is 2x more expensive, so avoiding the proxy
>> for internal traffic is very beneficial.
>> 3. Some internal sites ban international IPs and need Iranian IPs.
>>
>> The easiest way to solve this program, as far as I understand, is to
>> add the ability to expose the tunnel as a socks5 proxy on the client
>> side. This is the approach that shadowsocks, v2ray, etc have adopted.
>> There are mature solutions to selectively routing traffic through a
>> socks proxy.
>>
>> I searched around, and there are docker containers that already do
>> this wireguard-to-socks thing; But running docker is expensive on a
>> non-Linux machine, so it'd be much appreciated if you could support
>> exposing socks and HTTP proxy servers natively.
> If you tunnel to a VPS abroad, just install a SOCKS proxy on the remote end.
> A good one is [1]. Then set the remote end's in-VPN IP and proxy port in your
> apps to use.
>
> [1] https://socks-relay.sourceforge.io/
>
> To separate which sites use which proxy (or no proxy) SwitchSharp for Chrome
> and FoxyProxy for Firefox, but you probably already know about those.
>
> In case you meant connecting to commercial "VPN" services, then yes it
> becomes a bit more complex, but you can try srelay on the local machine and
> use the "-J" option, "outbound interface name". But I'm not sure if that would
> just work on its own, or also needs some help from ip(6)tables or ip-rule.
>
next prev parent reply other threads:[~2020-10-09 14:19 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-04 12:11 Rudi C
2020-10-09 13:22 ` Roman Mamedov
2020-10-09 13:30 ` Rudi C
2020-10-09 13:34 ` Roman Mamedov
2020-10-09 13:46 ` Rudi C
2020-10-09 14:05 ` Roman Mamedov
2020-10-09 14:08 ` David Kerr
2020-10-09 14:19 ` Chris [this message]
2020-10-09 14:32 ` Roman Mamedov
2020-10-09 14:26 ` Max R. P. Grossmann
2020-10-14 11:04 ` Thireus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d888c808-fffb-1d61-cdf4-752e61e33fd1@spam-free.eu \
--to=wireguard@spam-free.eu \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).