[momothereal]

Plug for my own similar project: https://github.com/aramperes/onetun

Though admittedly, mine doesn't have SOCKS support, and the code is not as lean as yours!

[tptacek]

Neat! How does yours work? The Go version of this is easy to write, because wireguard-go has helpers to drive Netstack, which is also written in Go. But yours is in Rust. (I could have dug in, but I'm being lazy).

[momothereal]

Sure, essentially it's a TCP and UDP server that:

- receives connections and assigns a random internal port for it

- wraps the data packets in a transport(TCP/UDP) packet that's routed from the internal port to the remote

- wraps the transport in an IP packet that's routed from the address assigned the the proxy, and to the remote WireGuard address

- wraps that with WireGuard's protocol (encryption)

- sends off the encrypted packet to the public WireGuard UDP endpoint

The packet-wrapping and TCP state machine is implemented using smoltcp in Rust, which is similar to netstack in Go

The WireGuard encapsulation and state machine is implemented with boringtun, Cloudflare's implementation of the WireGuard client in Rust.

I do have a more thorough architecture explanation in the Readme: https://github.com/aramperes/onetun#architecture

[tptacek]

smoltcp! That's what I was looking for. Thanks!

[russdill]

See also https://github.com/russdill/tunsocks

Basically a kitchen sink for this sort of thing using lwIP for it's IP stack