0

I have a working VPN setup with Wireguard and a working SOCKS5 proxy that are running on the same server. I am trying to forward traffic from the VPN interface to the SOCKS proxy before going out to the internet.

The following flow of traffic is working:

Client -> VPN -> VPN Server (wg0 -> eth0) -> Internet

The Wireguard config for the above is as follow:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 1234
PrivateKey = PRIVATE_KEY

I want to set the server up so that traffic will flow as follow:

Client -> VPN -> VPN Server (wg0) -> SOCKS5 Proxy -> (eth0) Internet

I have tried to add this to the Wireguard PostUp field to have iptables send the traffic to the SOCKS5 port.

iptables -t nat -A PREROUTING -p udp --destination-port 80 -j REDIRECT --to-port 1234

This didn't seem to work as the client wasn't able to reach the internet.

Note: I have quite limited knowledge of networking and iptables.

Jan
  • 101
  • 1
  • You need a proxy receiving layer 4 traffic (tcp or udp) on one side, and changing it into socks5 request/traffic on the other side. As the "client" isn't aware of this, this has to be a transparent proxy. Try for example redsocks. I'm sure there are other possible choices. From a quick search, expect trouble with UDP and probably some special settings to use for DNS because of this. – A.B Feb 27 '21 at 21:10
  • @A.B thanks for the tips. I've only briefly tried to look into this further and I think that I'll have to wait with these changes to the server until I have more time to dig into it. – Jan Mar 03 '21 at 12:18

0 Answers0