Standalone mode?

[lendenis]

Hello,

Does wiretap works as a https or socks proxy, without executing any commands on wireguard server?

So it would be a standalone mode that expose a port for proxy passing through wireguard server.

[luker983]

Wiretap does not work as an https or socks proxy out of the box. Clients are transparently proxied through the server using routing rules and WireGuard instead. There is an option to expose client services to Wiretap servers via SOCKS using the wiretap expose command, but it doesn't sound like that's what you want.

If you are requesting that a new feature be added, would you please share some more details that explain your use-case? Another tool built with SOCKS/HTTP proxy in mind like Chisel might work out better for you if you're not interested in a transparent proxy solution, but always open to hearing how we might make Wiretap better!

[lendenis]

It might be a new feature, here is my use case:

I need to have a SOCKS/HTTP proxy which is over wireguard tunnel without changing anything on the wireguard server (or executing any other command/process on the wireguard server) also without having a tun interface on the client laptop.

There is a wireguard tunnel pre-connected on the laptop to a commercial vpn provider. I need to access another wireguard server over commercial vpn server. Multiple wireguard tunnels at the same time would cause trouble on routing, ip rules, forwarding etc.

So basically, I am looking possibility to run wiretap on my client laptop, which has already a different wireguard tunnel connection and have a SOCKS/HTTPS proxy, so client can access the the services from browser using proxy.

[luker983]

Thank you for the clarification. This is probably something that can be accomplished with another tool like https://github.com/pufferffish/wireproxy or fairly easily scripted using the examples in the wireguard-go repo as a starting point: https://github.com/WireGuard/wireguard-go/blob/master/tun/netstack/examples/http_client.go.

We'll consider adding something like this for instances where clients do not want to or cannot create interfaces and still want to interact with a Wiretap network, but to stay in scope of this project the assumption will remain that servers have been deployed using Wiretap.