For my home network setup, I have a Mac Mini that is connecting to a Linux server with OpenVPN (backup) & WireGuard (primary) to tunnel traffic for the entire network. Due to some lower MTU issues with WG, I have also setup nginx to act as a socks-like transparent proxy which handles the connections on behalf of the client (so that the server side can keep the LAN MTU matching with the client side as well as forcing a defragmentation of the packets before they enter the VPN tunnel). It then opens a matching proxy connection to the requested destination with a lower TUN MTU & TCP MSS set so the packets can be properly segmented and transmitted. It’s been working great so far but I was wondering about the performance and speed of this solution (I had only been redirecting TCP port 443 to nginx and little did I know that the speedtest.net service uses port 8080 behind the scenes so I had to adjust my firewall rules to be more generic and forward almost all TCP & UDP ports now). After improving all of that, the speed tests were all fast and quick along with a little more sysctl tuning!
Anyway, I decided to write a C-based solution (backup) that could theoretically handle both of these services and functions at the same time. It doesn’t have solid crypto as of yet since it was mostly an experiment so far but you could easily swap in a real stream cipher (or possibly block) if you want to. It is multi-process and multi-threaded app with some basic operating instructions in the readme.
It’s called proxytun – no exciting screenshots or anything – just code, like the old days! 🙂
Source code: https://github.com/stoops/proxytun
One thought on “Socks-like Proxy + VPN-like Tunnel [2-in-1 Experiment]”
[…] Jon Chiappetta: Socks-like Proxy + VPN-like Tunnel [2-in-1 Experiment] […]