[lian0]

I need to proxy my programs with different proxy servers on a daily basis. Existing solutions such as proxychains has drawbacks such as not able to proxy programs written in Go, so I wrote this to make transparent proxy on Linux handy and simple :)

[3np]

This looks mighty interesting!

One use-case that I still haven't found a workable solution for: P2P applications over UDP, where I want all incoming and outgoing connections to be tunneled through a remote endpoint (typically over VPN).

And example for how to achieve that in some way (I guess with for, say, Bitcoin, Ethereum or Bittorrent, would be simply amazing.

dokodemo-door is something I never heard about before and looks like the other half of that puzzle, as the readme notes. Going to have to look at it closer.

https://www.v2ray.com/en/configuration/protocols/dokodemo.ht...

[lian0]

Thanks for your comment! Just released v2 with iptables tproxy support. With tproxy, you have all income and outgoing UDP traffic proxied, which should support your use case now.

[ignoramous]

> One use-case that I still haven't found a workable solution for: P2P applications over UDP, where I want all incoming and outgoing connections to be tunneled through a remote endpoint (typically over VPN).

https://github.com/tailscale/tailscale ?

[3np]

I've looked at Tailscale before, but I thought it was just a managed WG architecture?

It's more the routing that is the issue which, unless I'm mistaken, falls out of scope for Tailscale (assuming one already has the VPN part sorted).

[ignoramous]

Tailscale fixes the Internet [0]: It makes it private, secure, and seamless. And because of that, one could do a lot on top of those basic uncompromising guarantees, like build a private, roaming, cross-platform P2P network, for example.

https://tailscale.com/blog/sharing-over-tailscale/

[0] Well, they aren't an ISP yet, but I wouldn't put it past them because of the founding team's previous experience leading Google Fiber.

[3np]

I still don't see it. The link you shared is for creating ad-hoc tunnels with provisioned trusted parties.

I want to have incoming and outgoing UDP from a particular process/container reachable externally, but routed through a different peer. Maybe I wasn't clear, but I'm talking about public, unathenticated and untrusted P2P networks.

I've looksed over their repos and documentation and see nothing (apart from general "anything is possible" marketing handwaving) indicating it's less work than on any other topology/protocol.

[ignoramous]

I don't quite get your usecase, but you may be looking for their "exit node" feature which just landed in the CLI (yet to be supported across their UIs)?

https://github.com/tailscale/tailscale/issues/1401

[Soft]

Isn't it still the case that net_cls cgroup is not available with cgroups v2?

[lian0]

I think it's still not available, so this tool works with cgroups v1 only at the moment. I can add support for cgroup v2 later though (there is workaround by hooking on cgroup v2 pathnames in iptables to achieve the same goal).