All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Wireguard via socks5, wireproxy, and a free VPN
I've been looking for a vps with a US ip address for light vpn usage, to un-geoblock stuff occasionally.
@kvz12 suggested a ProtonVPN free plan, which has servers in the US. If I'd heard of it before, I must have forgotten about it. I signed up for the free plan, and it seems to work fairly well. Download speed is good, though the upload is a bit slow.
They allow you to download a wireguard conf file for manual configuration, so that's good. But I didn't really want to route everything through this vpn. I'm normally connected to my server in Japan which has good connectivity.
So I used wireproxy running on my local machine to connect over wireguard and expose the connection via socks5 (127.0.0.1). As a bonus, it gets routed over my primary wireguard connection first.
https://github.com/pufferffish/wireproxy
Then, if I want to use it I can just start the wireproxy service and open a new Proton VPN Firefox container, and everything in that tab goes over Proton VPN, without disrupting everything else.
Comments
A lot of VPN clients come with split tunneling now a days.
You can assign VPN client to work on specific programs. During this time, the rest of the PC will use your regular ISP.
Sorry if I misunderstood, I don't read good, I think getting this feature split tunneling on a VPN client is rather useful for you?
I use wireguard on my Windscribe VPN and use this split tunneling feature.
I have chrome set to use VPN and firefox to not use VPN.
Torrents, Downloaders, etc... all use VPN too... While my main network is untouched.
how does splitting work with the official wireguard client? @Nanja
oh, no clue, I am using the built in wireguard for windscribe.
Wow, Socks is what we used back in the '90s.
I'm not too familiar with split tunneling. As far as I know the official wireguard client doesn't support it (tunneling certain programs only).
In any case, this is all within the same browser (Firefox) using Multi-Account containers which lets you assign a proxy to the container. I also have a container that connects to a socks5 proxy on my Mikrotik router, in case I want a direct connection that doesn't go over wireguard. The container also isolates the cookies & everything.
not everything from the past is bad
That's certainly correct.
What is a good use case to use Socks5 these days?
Wireproxy supports HTTP proxy, too, but I usually use socks5. It's just exposed on my local machine or LAN. For a public service, shadowsocks would be more appropriate (encrypted w/password).
This (what I posted about) is a good use case for socks5. It's also easy to setup with any ssh connection.
ssh -D0.0.0.0:8888 user@server_ip
splitting?
Guess how old is the email?
Yup. And one of the most insecure methods of communications. Today.
as long as you use pgp (very old school too) it is goddamn save.
No need for complications. Just DO NOT use email for secrets. That's it. There is apps for that, there is live meetings, there is pigeons.
On topic: Squid for S5 proxy? Seems standard.
There's another, more advanced tool available for WireGuard + SOCKS combo.
Its rich set of features surely deserves mentioning, see the website for details.
It even includes such rare things as Windows 10 Mobile hotspot compatibility, while being extremely lightweight, truly low-end I would say - "requires less than 1.5 MB of storage and maintains a RAM footprint under 10 MB".
And we are happy to keep using it today.
We also use FTP, which is what was used back in the '70s.
FYI, there's similar projects: wghttp, wg-http-proxy, wireproxy, onetun
Not official
https://github.com/TunnlTo/desktop-app
It doesn't.
IMO, that's one of the primary issues of the modern self-hosted VPNs.
This one just uses WireSock (see above), which supports "Selective Application Tunneling: Utilize “AllowedApps” and “DisallowedApps” to direct only chosen applications through the VPN, tailoring your network traffic".
Which nobody does
And if they use - when your pgp key goes missing you are fcked.
ok ok pgp is only for professionals. I admit it!
I totally agree.. that Mails are still existent is a f***** joke.
Really?
I disagree on some of these points. Well-tested, maybe, but totally difficult to handle and prevent unwanted usage for spam, security only.available with add-ons that are in some cases only available with extensions in clients. It can be self hosted but it's insane to do so for 99.9% of all people and migration ist really easy in your opinion? And if you don't host Mail on your own it's totally unsafe to use it as it's plain readable for the company that hosts it. No one uses PGP or S/MIME.
I remember testing this some time back, but it's purpose is different. Also, it's only available on windows, not linux or android.
WireSock uses the socks5 proxy to proxy the handshake initiate/response packets to get past deep packet inspection where wireguard is banned.
How to Bypass Egypt’s WireGuard Ban
Wireproxy is the one I'm using. Onetun seems a bit different, not providing a socks or http proxy directly. The other two are http proxies, which could be good if that's what you want to use. Wireproxy seems to be under active development, though, and provides both socks5 and http proxy support. Thanks.
Good to know something like this exists. It looks like it's only available for windows, though. I use linux mostly, but also android, and sometimes windows.
Wireguard official client on android allows app include/exclude per-tunnel
Thank you for the useful pointer david, socks is a great tool, hadnt thought about doing this.
Anyone using wireguard with namespaces to split tunnel? Containers are not a large part of my workflow on my clients so maybe more trouble than its worth, but it would be nice to tunnel just a browser and nfs.
Interesting, I didn't realize the official wireguard android client let you include/exclude apps. I found the setting, you need to edit the tunnel config to see it. It seems to work even in kernel mode.
I do know that VoWiFi always bypasses wireguard.