[FR] How can I expose the wireguard tunnel as a socks5 proxy on the client?

Thireus thireus at protonmail.ch
Wed Oct 14 13:04:28 CEST 2020


Maybe this could help: https://github.com/kizzx2/docker-wireguard-socks-proxy

> Le 9 oct. 2020 à 15:26, Max R. P. Grossmann <m at max.pm> a écrit :
> 
> Another idea would be to install WireGuard in a (tiny) virtual machine or a VPS and then ssh into that machine using
> 
> 	ssh -TD9151 user at example.com
> 
> This creates a SOCKS5 proxy on port 9151.
> 
> Then, for example, you could create two Firefox profiles; one without a proxy (for the uncensored websites) and another that utilizes the SOCKS5 proxy on port 9151. The SOCKS5 proxy exposed by ssh will route all traffic over your virtual machine (example.com above), which will in turn route it through WireGuard.
> 
> Since ssh can now be natively used under Windows, I'd be surprised if its -D option were not available. AFAIR, Putty can also do something similar.
> 
> Best,
> 
> Max
> 
> On 20/10/04 03:41pm, Rudi C wrote:
>> I use Wireguard to circumvent Iran's censorship. A major problem with
>> it is that it's very hard to selectively proxy specific domains/apps
>> through Wireguard, while leaving others alone. This is an essential
>> feature for Iran's internet, as:
>> 1. The connection is terrible, so avoiding using the proxy for
>> uncensored sites helps a lot.
>> 2. International traffic is 2x more expensive, so avoiding the proxy
>> for internal traffic is very beneficial.
>> 3. Some internal sites ban international IPs and need Iranian IPs.
>> 
>> The easiest way to solve this program, as far as I understand, is to
>> add the ability to expose the tunnel as a socks5 proxy on the client
>> side. This is the approach that shadowsocks, v2ray, etc have adopted.
>> There are mature solutions to selectively routing traffic through a
>> socks proxy.
>> 
>> I searched around, and there are docker containers that already do
>> this wireguard-to-socks thing; But running docker is expensive on a
>> non-Linux machine, so it'd be much appreciated if you could support
>> exposing socks and HTTP proxy servers natively.




More information about the WireGuard mailing list