# wireproxy [![ISC licensed](https://img.shields.io/badge/license-ISC-blue)](./LICENSE) [![Build status](https://github.com/octeep/wireproxy/actions/workflows/build.yml/badge.svg)](https://github.com/octeep/wireproxy/actions) [![Documentation](https://img.shields.io/badge/godoc-wireproxy-blue)](https://pkg.go.dev/github.com/octeep/wireproxy) A wireguard client that exposes itself as a socks5/http proxy or tunnels. # What is this `wireproxy` is a completely userspace application that connects to a wireguard peer, and exposes a socks5/http proxy or tunnels on the machine. This can be useful if you need to connect to certain sites via a wireguard peer, but can't be bothered to setup a new network interface for whatever reasons. # Why you might want this - You simply want to use wireguard as a way to proxy some traffic. - You don't want root permission just to change wireguard settings. Currently, I'm running wireproxy connected to a wireguard server in another country, and configured my browser to use wireproxy for certain sites. It's pretty useful since wireproxy is completely isolated from my network interfaces, and I don't need root to configure anything. # Feature - TCP static routing for client and server - SOCKS5/HTTP proxy (currently only CONNECT is supported) # TODO - UDP Support in SOCKS5 - UDP static routing # Usage ``` ./wireproxy -c [path to config] ``` ``` usage: wireproxy [-h|--help] [-c|--config ""] [-s|--silent] [-d|--daemon] [-v|--version] [-n|--configtest] Userspace wireguard client for proxying Arguments: -h --help Print help information -c --config Path of configuration file -s --silent Silent mode -d --daemon Make wireproxy run in background -v --version Print version -n --configtest Configtest mode. Only check the configuration file for validity. ``` # Build instruction ``` git clone https://github.com/octeep/wireproxy cd wireproxy make ``` # Sample config file ``` # The [Interface] and [Peer] configurations follow the same semantics and meaning # of a wg-quick configuration. To understand what these fields mean, please refer to: # https://wiki.archlinux.org/title/WireGuard#Persistent_configuration # https://www.wireguard.com/#simple-network-interface [Interface] Address = 10.200.200.2/32 # The subnet should be /32 and /128 for IPv4 and v6 respectively # MTU = 1420 (optional) PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q= DNS = 10.200.200.1 [Peer] PublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg= # PresharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs= (optional) Endpoint = my.ddns.example.com:51820 # PersistentKeepalive = 25 (optional) # TCPClientTunnel is a tunnel listening on your machine, # and it forwards any TCP traffic received to the specified target via wireguard. # Flow: # --> localhost:25565 --(wireguard)--> play.cubecraft.net:25565 [TCPClientTunnel] BindAddress = 127.0.0.1:25565 Target = play.cubecraft.net:25565 # TCPServerTunnel is a tunnel listening on wireguard, # and it forwards any TCP traffic received to the specified target via local network. # Flow: # --(wireguard)--> 172.16.31.2:3422 --> localhost:25545 [TCPServerTunnel] ListenPort = 3422 Target = localhost:25545 # Socks5 creates a socks5 proxy on your LAN, and all traffic would be routed via wireguard. [Socks5] BindAddress = 127.0.0.1:25344 # Socks5 authentication parameters, specifying username and password enables # proxy authentication. #Username = ... # Avoid using spaces in the password field #Password = ... # http creates a http proxy on your LAN, and all traffic would be routed via wireguard. [http] BindAddress = 127.0.0.1:25345 # HTTP authentication parameters, specifying username and password enables # proxy authentication. #Username = ... # Avoid using spaces in the password field #Password = ... ``` Alternatively, if you already have a wireguard config, you can import it in the wireproxy config file like this: ``` WGConfig = # Same semantics as above [TCPClientTunnel] ... [TCPServerTunnel] ... [Socks5] ... ``` Having multiple peers is also supported. `AllowedIPs` would need to be specified such that wireproxy would know which peer to forward to. ``` [Interface] Address = 10.254.254.40/32 PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= [Peer] Endpoint = 192.168.0.204:51820 PublicKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY= AllowedIPs = 10.254.254.100/32 PersistentKeepalive = 25 [Peer] PublicKey = ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ= AllowedIPs = 10.254.254.1/32, fdee:1337:c000:d00d::1/128 Endpoint = 172.16.0.185:44044 PersistentKeepalive = 25 [TCPServerTunnel] ListenPort = 5000 Target = service-one.servicenet:5000 [TCPServerTunnel] ListenPort = 5001 Target = service-two.servicenet:5001 [TCPServerTunnel] ListenPort = 5080 Target = service-three.servicenet:80 ``` ## Donation ## Stargazers over time [![Stargazers over time](https://starchart.cc/octeep/wireproxy.svg)](https://starchart.cc/octeep/wireproxy)