Maybe I oversimplify your problem, but from what I read, your standard route
will be using the Iranian net.
And - I guess - it is only a limited numer of IP addresses, that you would like
to reach through the tunnel.
I don't know your OS, but simply adding ip routes pointing to the tunnel for the
desired destinations would do the job.
Chris
On 09/10/2020 15:22, Roman Mamedov wrote:
On Sun, 4 Oct 2020 15:41:52 +0330
Rudi C <rudiwillalwayslove...@gmail.com> wrote:
I use Wireguard to circumvent Iran's censorship. A major problem with
it is that it's very hard to selectively proxy specific domains/apps
through Wireguard, while leaving others alone. This is an essential
feature for Iran's internet, as:
1. The connection is terrible, so avoiding using the proxy for
uncensored sites helps a lot.
2. International traffic is 2x more expensive, so avoiding the proxy
for internal traffic is very beneficial.
3. Some internal sites ban international IPs and need Iranian IPs.
The easiest way to solve this program, as far as I understand, is to
add the ability to expose the tunnel as a socks5 proxy on the client
side. This is the approach that shadowsocks, v2ray, etc have adopted.
There are mature solutions to selectively routing traffic through a
socks proxy.
I searched around, and there are docker containers that already do
this wireguard-to-socks thing; But running docker is expensive on a
non-Linux machine, so it'd be much appreciated if you could support
exposing socks and HTTP proxy servers natively.
If you tunnel to a VPS abroad, just install a SOCKS proxy on the remote end.
A good one is [1]. Then set the remote end's in-VPN IP and proxy port in your
apps to use.
[1] https://socks-relay.sourceforge.io/
To separate which sites use which proxy (or no proxy) SwitchSharp for Chrome
and FoxyProxy for Firefox, but you probably already know about those.
In case you meant connecting to commercial "VPN" services, then yes it
becomes a bit more complex, but you can try srelay on the local machine and
use the "-J" option, "outbound interface name". But I'm not sure if that would
just work on its own, or also needs some help from ip(6)tables or ip-rule.
