Thanks for the link! IIUIC, wireproxy is not similar, but complementary: you can run wiretap on the server-side and wireproxy on the client and have a complete user-space solution.
The focus here is on the fact that it runs in userspace. Tailscale in userspace does something similar where it receives packet "meta-data" and then just creates the packet that came through the tunnel and sends it out the lan interface. Is this what happens here? I do like the docker option ;)
Vanilla WireGuard doesn't provide a way to run a peer in userspace that can proxy traffic between another peer and an endpoint such as a web server because you need to be privileged to do things like work with raw packets. However, https://github.com/WireGuard/wireguard-go is a userspace implementation of WireGuard and has recently incorporated Google's userspace networking stack. This project uses these two userspace tools to "fake" a privileged WireGuard peer that proxies TCP, UDP, and (a small subset of) ICMP. It was written as a pentesting/red team utility for my team but it can also serve as a general makeshift VPN when you don't have privileges on a box you want to proxy through.
learndeeply|3 years ago
no_time|3 years ago
[0]: https://news.ycombinator.com/item?id=22949604
pfundstein|3 years ago
jordemort|3 years ago
(Disclaimer: I am a contributor to Wireproxy)
omgtehlion|3 years ago
pfundstein|3 years ago
lorenzo95|3 years ago
sleepyink|3 years ago
nneonneo|3 years ago
random021|3 years ago
sleepyink|3 years ago
Edit: typo
stevefan1999|3 years ago
omgtehlion|3 years ago
luch|3 years ago
ssf and other tunneling techno are already abused by a lot of threat actors ...
unknown|3 years ago
[deleted]
kordlessagain|3 years ago