This is correct. It's significantly harder to inject the origin IP into a TCP stream. We have ways [1] of doing it, but it requires some coordination on both sides.
Have you considered enabling this out of band? For example as a network administrator I could verify a CIDR block and receive a real time stream of 5-tuples (err, 7-tuples with the proxy?) destined to my network.
zackbloom|7 years ago
1- https://blog.cloudflare.com/mmproxy-creative-way-of-preservi...
dsl|7 years ago