[FR] How can I expose the wireguard tunnel as a socks5 proxy on the client?

Roman Mamedov rm at romanrm.net
Fri Oct 9 15:22:14 CEST 2020

On Sun, 4 Oct 2020 15:41:52 +0330
Rudi C <rudiwillalwaysloveyou at gmail.com> wrote:

> I use Wireguard to circumvent Iran's censorship. A major problem with
> it is that it's very hard to selectively proxy specific domains/apps
> through Wireguard, while leaving others alone. This is an essential
> feature for Iran's internet, as:
> 1. The connection is terrible, so avoiding using the proxy for
> uncensored sites helps a lot.
> 2. International traffic is 2x more expensive, so avoiding the proxy
> for internal traffic is very beneficial.
> 3. Some internal sites ban international IPs and need Iranian IPs.
> The easiest way to solve this program, as far as I understand, is to
> add the ability to expose the tunnel as a socks5 proxy on the client
> side. This is the approach that shadowsocks, v2ray, etc have adopted.
> There are mature solutions to selectively routing traffic through a
> socks proxy.
> I searched around, and there are docker containers that already do
> this wireguard-to-socks thing; But running docker is expensive on a
> non-Linux machine, so it'd be much appreciated if you could support
> exposing socks and HTTP proxy servers natively.

If you tunnel to a VPS abroad, just install a SOCKS proxy on the remote end.
A good one is [1]. Then set the remote end's in-VPN IP and proxy port in your
apps to use.

[1] https://socks-relay.sourceforge.io/

To separate which sites use which proxy (or no proxy) SwitchSharp for Chrome
and FoxyProxy for Firefox, but you probably already know about those.

In case you meant connecting to commercial "VPN" services, then yes it
becomes a bit more complex, but you can try srelay on the local machine and
use the "-J" option, "outbound interface name". But I'm not sure if that would
just work on its own, or also needs some help from ip(6)tables or ip-rule.

With respect,

More information about the WireGuard mailing list