{"id":25484926,"url":"https://github.com/whyvl/wireproxy","last_synced_at":"2025-04-29T18:25:34.086Z","repository":{"id":37609454,"uuid":"468743437","full_name":"whyvl/wireproxy","owner":"whyvl","description":"Wireguard client that exposes itself as a socks5 proxy","archived":false,"fork":false,"pushed_at":"2025-02-18T12:27:21.000Z","size":189,"stargazers_count":4767,"open_issues_count":59,"forks_count":291,"subscribers_count":32,"default_branch":"master","last_synced_at":"2025-02-18T18:03:05.971Z","etag":null,"topics":["golang","network","proxy","socks5","socks5-proxy","vpn","wireguard","wireguard-tunnel"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/whyvl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"liberapay":"octeep"}},"created_at":"2022-03-11T12:32:10.000Z","updated_at":"2025-02-18T16:54:40.000Z","dependencies_parsed_at":"2023-02-03T04:50:12.383Z","dependency_job_id":"8950b4fd-087d-49fc-a620-525c942b3f49","html_url":"https://github.com/whyvl/wireproxy","commit_stats":null,"previous_names":["octeep/wireproxy","whyvl/wireproxy","pufferffish/wireproxy"],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyvl%2Fwireproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyvl%2Fwireproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyvl%2Fwireproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyvl%2Fwireproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/whyvl","download_url":"https://codeload.github.com/whyvl/wireproxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251557969,"owners_count":21608743,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","network","proxy","socks5","socks5-proxy","vpn","wireguard","wireguard-tunnel"],"created_at":"2025-02-18T18:03:03.345Z","updated_at":"2025-04-29T18:25:34.067Z","avatar_url":"https://github.com/whyvl.png","language":"Go","readme":"# wireproxy\n\n[![ISC licensed](https://img.shields.io/badge/license-ISC-blue)](./LICENSE)\n[![Build status](https://github.com/octeep/wireproxy/actions/workflows/build.yml/badge.svg)](https://github.com/octeep/wireproxy/actions)\n[![Documentation](https://img.shields.io/badge/godoc-wireproxy-blue)](https://pkg.go.dev/github.com/octeep/wireproxy)\n\nA wireguard client that exposes itself as a socks5/http proxy or tunnels.\n\n# What is this\n\n`wireproxy` is a completely userspace application that connects to a wireguard peer,\nand exposes a socks5/http proxy or tunnels on the machine. This can be useful if you need\nto connect to certain sites via a wireguard peer, but can't be bothered to setup a new network\ninterface for whatever reasons.\n\n# Why you might want this\n\n- You simply want to use wireguard as a way to proxy some traffic.\n- You don't want root permission just to change wireguard settings.\n\nCurrently, I'm running wireproxy connected to a wireguard server in another country,\nand configured my browser to use wireproxy for certain sites. It's pretty useful since\nwireproxy is completely isolated from my network interfaces, and I don't need root to configure\nanything.\n\nUsers who want something similar but for Amnezia VPN can use [this fork](https://github.com/artem-russkikh/wireproxy-awg)\nof wireproxy by [@artem-russkikh](https://github.com/artem-russkikh).\n\n# Sponsor\n\nThis project is supported by [IPRoyal](https://iproyal.com/?r=795836). You can get premium quality proxies at unbeatable prices\nwith a discount using [this referral link](https://iproyal.com/?r=795836)! 🚀\n\n![IPRoyal](/assets/iproyal.png)\n\n# Feature\n\n- TCP static routing for client and server\n- SOCKS5/HTTP proxy (currently only CONNECT is supported)\n\n# TODO\n\n- UDP Support in SOCKS5\n- UDP static routing\n\n# Usage\n\n```bash\n./wireproxy [-c path to config]\n```\n\n```bash\nusage: wireproxy [-h|--help] [-c|--config \"\u003cvalue\u003e\"] [-s|--silent]\n                 [-d|--daemon] [-i|--info \"\u003cvalue\u003e\"] [-v|--version]\n                 [-n|--configtest]\n\n                 Userspace wireguard client for proxying\n\nArguments:\n\n  -h  --help        Print help information\n  -c  --config      Path of configuration file\n                    Default paths: /etc/wireproxy/wireproxy.conf, $HOME/.config/wireproxy.conf\n  -s  --silent      Silent mode\n  -d  --daemon      Make wireproxy run in background\n  -i  --info        Specify the address and port for exposing health status\n  -v  --version     Print version\n  -n  --configtest  Configtest mode. Only check the configuration file for\n                    validity.\n```\n\n# Build instruction\n\n```bash\ngit clone https://github.com/octeep/wireproxy\ncd wireproxy\nmake\n```\n\n# Install\n\n```bash\ngo install github.com/pufferffish/wireproxy/cmd/wireproxy@v1.0.9 # or @latest\n```\n\n# Use with VPN\n\nInstructions for using wireproxy with Firefox container tabs and auto-start on MacOS can be found [here](/UseWithVPN.md).\n\n# Sample config file\n\n```ini\n# The [Interface] and [Peer] configurations follow the same semantics and meaning\n# of a wg-quick configuration. To understand what these fields mean, please refer to:\n# https://wiki.archlinux.org/title/WireGuard#Persistent_configuration\n# https://www.wireguard.com/#simple-network-interface\n[Interface]\nAddress = 10.200.200.2/32 # The subnet should be /32 and /128 for IPv4 and v6 respectively\n# MTU = 1420 (optional)\nPrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q=\n# PrivateKey = $MY_WIREGUARD_PRIVATE_KEY # Alternatively, reference environment variables\nDNS = 10.200.200.1\n\n[Peer]\nPublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg=\n# PresharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs= (optional)\nEndpoint = my.ddns.example.com:51820\n# PersistentKeepalive = 25 (optional)\n\n# TCPClientTunnel is a tunnel listening on your machine,\n# and it forwards any TCP traffic received to the specified target via wireguard.\n# Flow:\n# \u003can app on your LAN\u003e --\u003e localhost:25565 --(wireguard)--\u003e play.cubecraft.net:25565\n[TCPClientTunnel]\nBindAddress = 127.0.0.1:25565\nTarget = play.cubecraft.net:25565\n\n# TCPServerTunnel is a tunnel listening on wireguard,\n# and it forwards any TCP traffic received to the specified target via local network.\n# Flow:\n# \u003can app on your wireguard network\u003e --(wireguard)--\u003e 172.16.31.2:3422 --\u003e localhost:25545\n[TCPServerTunnel]\nListenPort = 3422\nTarget = localhost:25545\n\n# STDIOTunnel is a tunnel connecting the standard input and output of the wireproxy\n# process to the specified TCP target via wireguard.\n# This is especially useful to use wireproxy as a ProxyCommand parameter in openssh\n# For example:\n#    ssh -o ProxyCommand='wireproxy -c myconfig.conf' ssh.myserver.net\n# Flow:\n# Piped command --\u003e(wireguard)--\u003e ssh.myserver.net:22\n[STDIOTunnel]\nTarget = ssh.myserver.net:22\n\n# Socks5 creates a socks5 proxy on your LAN, and all traffic would be routed via wireguard.\n[Socks5]\nBindAddress = 127.0.0.1:25344\n\n# Socks5 authentication parameters, specifying username and password enables\n# proxy authentication.\n#Username = ...\n# Avoid using spaces in the password field\n#Password = ...\n\n# http creates a http proxy on your LAN, and all traffic would be routed via wireguard.\n[http]\nBindAddress = 127.0.0.1:25345\n\n# HTTP authentication parameters, specifying username and password enables\n# proxy authentication.\n#Username = ...\n# Avoid using spaces in the password field\n#Password = ...\n```\n\nAlternatively, if you already have a wireguard config, you can import it in the\nwireproxy config file like this:\n\n```ini\nWGConfig = \u003cpath to the wireguard config\u003e\n\n# Same semantics as above\n[TCPClientTunnel]\n...\n\n[TCPServerTunnel]\n...\n\n[Socks5]\n...\n```\n\nHaving multiple peers is also supported. `AllowedIPs` would need to be specified\nsuch that wireproxy would know which peer to forward to.\n\n```ini\n[Interface]\nAddress = 10.254.254.40/32\nPrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=\n\n[Peer]\nEndpoint = 192.168.0.204:51820\nPublicKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY=\nAllowedIPs = 10.254.254.100/32\nPersistentKeepalive = 25\n\n[Peer]\nPublicKey = ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ=\nAllowedIPs = 10.254.254.1/32, fdee:1337:c000:d00d::1/128\nEndpoint = 172.16.0.185:44044\nPersistentKeepalive = 25\n\n\n[TCPServerTunnel]\nListenPort = 5000\nTarget = service-one.servicenet:5000\n\n[TCPServerTunnel]\nListenPort = 5001\nTarget = service-two.servicenet:5001\n\n[TCPServerTunnel]\nListenPort = 5080\nTarget = service-three.servicenet:80\n```\n\nWireproxy can also allow peers to connect to it:\n\n```ini\n[Interface]\nListenPort = 5400\n...\n\n[Peer]\nPublicKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY=\nAllowedIPs = 10.254.254.100/32\n# Note there is no Endpoint defined here.\n```\n\n# Health endpoint\n\nWireproxy supports exposing a health endpoint for monitoring purposes.\nThe argument `--info/-i` specifies an address and port (e.g. `localhost:9080`), which exposes a HTTP server that provides health status metric of the server.\n\nCurrently two endpoints are implemented:\n\n`/metrics`: Exposes information of the wireguard daemon, this provides the same information you would get with `wg show`. [This](https://www.wireguard.com/xplatform/#example-dialog) shows an example of what the response would look like.\n\n`/readyz`: This responds with a json which shows the last time a pong is received from an IP specified with `CheckAlive`. When `CheckAlive` is set, a ping is sent out to addresses in `CheckAlive` per `CheckAliveInterval` seconds (defaults to 5) via wireguard. If a pong has not been received from one of the addresses within the last `CheckAliveInterval` seconds (+2 seconds for some leeway to account for latency), then it would respond with a 503, otherwise a 200.\n\nFor example:\n\n```ini\n[Interface]\nPrivateKey = censored\nAddress = 10.2.0.2/32\nDNS = 10.2.0.1\nCheckAlive = 1.1.1.1, 3.3.3.3\nCheckAliveInterval = 3\n\n[Peer]\nPublicKey = censored\nAllowedIPs = 0.0.0.0/0\nEndpoint = 149.34.244.174:51820\n\n[Socks5]\nBindAddress = 127.0.0.1:25344\n```\n\n`/readyz` would respond with\n\n```text\n\u003c HTTP/1.1 503 Service Unavailable\n\u003c Date: Thu, 11 Apr 2024 00:54:59 GMT\n\u003c Content-Length: 35\n\u003c Content-Type: text/plain; charset=utf-8\n\u003c\n{\"1.1.1.1\":1712796899,\"3.3.3.3\":0}\n```\n\nAnd for:\n\n```ini\n[Interface]\nPrivateKey = censored\nAddress = 10.2.0.2/32\nDNS = 10.2.0.1\nCheckAlive = 1.1.1.1\n```\n\n`/readyz` would respond with\n\n```text\n\u003c HTTP/1.1 200 OK\n\u003c Date: Thu, 11 Apr 2024 00:56:21 GMT\n\u003c Content-Length: 23\n\u003c Content-Type: text/plain; charset=utf-8\n\u003c\n{\"1.1.1.1\":1712796979}\n```\n\nIf nothing is set for `CheckAlive`, an empty JSON object with 200 will be the response.\n\nThe peer which the ICMP ping packet is routed to depends on the `AllowedIPs` set for each peers.\n\n# Stargazers over time\n\n[![Stargazers over time](https://starchart.cc/octeep/wireproxy.svg)](https://starchart.cc/octeep/wireproxy)\n","funding_links":["https://liberapay.com/octeep"],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhyvl%2Fwireproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhyvl%2Fwireproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhyvl%2Fwireproxy/lists"}