Great little tool!<p>I use it to selectively proxy Firefox tabs using multi-account containers to a home router that speaks Wireguard (but no application-layer proxying protocol or SSH).
<a href="https://github.com/dariost/soks">https://github.com/dariost/soks</a> works better for what I needed to do with wireguard. It does more or less the same thing but it reuses an existing wireguard interface. I detailed my use in this blog post <a href="https://www.nicoco.fr/blog/2023/09/10/wireguard/" rel="nofollow">https://www.nicoco.fr/blog/2023/09/10/wireguard/</a> (yes, shameless plug).
There's also onetun. <a href="https://github.com/aramperes/onetun">https://github.com/aramperes/onetun</a>
Is there completely userspace server implementation? Without tun/tap devices, etc. I guess some kind of userspace IP stack is necessary for that, although not sure.
Neat! This is a great replacement for my SSH tunnels when I need a different IP.<p>Somewhat related tool: pproxy, can, among many other things, "convert" different tunnel protocols into each other. Also features routing capabilities. I used it to turn an SSH SOCKS5 into an HTTP proxy. <a href="https://github.com/moreati/pproxy">https://github.com/moreati/pproxy</a>
Several multi-protocol proxy clients support this functionality, some notable open-source examples include:<p><pre><code> - [sing-box](https://github.com/SagerNet/sing-box)
- [clash-meta](https://github.com/muink/Clash.Meta) and other clash-based clients
- [xray](https://github.com/xtls/xray-core)
</code></pre>
Close-sourced client include [Surge Mac/iOS](<a href="https://nssurge.com/" rel="nofollow">https://nssurge.com/</a>).
How's the performance? My memory is that "vanilla" SOCKS is really easy to do (just run ssh with the right option and tell your application to use it) but really slow. I suspect this is mostly for cases where you don't <i>have</i> a normal SOCKS/ssh server, but I'm curious if it offers a benefit there too.
Nice! I was just thinking it would be sweet to have something like this to proxy all my Thunderbird email connections through my Tailscale exit node, without having to direct all my traffic through the exit node.
Neat!<p>If you want something like this specifically for Mullvad VPN, I've had a good experience with <a href="https://github.com/imiric/mullvad-proxy">https://github.com/imiric/mullvad-proxy</a> (not my project, just forked it for some updates). What I like is that it embeds the Mullvad CLI tool, so switching servers is trivial, and it's all isolated from the host machine. It's also "just" nginx and some scripts, so it should have good SOCKS5 support.
Just a note: sing-box can do the same thing too. (<a href="https://sing-box.sagernet.org/configuration/outbound/wireguard/#structure" rel="nofollow">https://sing-box.sagernet.org/configuration/outbound/wiregua...</a>)
Would this work for watching video via an Apple TV? Apparently it’s possible to configure the ATV to use SOCKS, but the wireproxy implementation notes mention lack of UDP at the moment. So that would preclude video streaming, correct?
I'd really like to see an application level VPN that plays well with Go to `Dial` a `net.Conn` or `Listen` for a `net.Listener` in my Go application.
This hybrid approach addresses a significant user pain point - the ease of routing specific traffic through VPN tunnels. However, while Wireproxy's utility in personal and small-scale deployments is evident, its scalability and security in larger, enterprise-level applications warrant further scrutiny. The reliance on user-space operation, though advantageous for certain aspects of performance and compatibility, introduces potential bottlenecks and security concerns