A VPN provider that offers both manual wireguard configuration and socks5 proxy service

Hi all, really hoping i can get some help here. Im trying to find a vpn provider that can provide me with both a manual wireguard configuration like Surfshark has, but the capability of offering a SOCKS5 proxy service like NordVPN does. Its really specific but thats how it needs to work, a HTTP proxy would also suffice.
I’ve tried Oxy for socks5 proxys, but it doesnt seem to work for my needs, among other socks5 proxy services but it will not work for my use case scenario which is bypassing a proxy instigated on my isp.
I’ve tried just runnin the whole app over a vpn but it doesnt work correctly, ive contacted the app developer who has stated running the whole thing over a vpn breaks functionality. Not sure why but it does.

Any help would be greatly appreciated.

Can’t you run a socks or http proxy server on the client? Then configure your WireGuard client to provide VPN access to the proxy server only.

You’ve got preferences? Then you’ll need to set it up yourself unfortunately. Get a VPS and setup wireguard and a socks5 proxy.

I personally have a wireguard over shadowsocks configuration on my router at my house for use with bypassing deep packet inspection that blocks wireguard, just tunnel wireguard over shadowsocks and we’re in there. The only way I personally know to get such a granular configuration setup is to do it myself.

It would also probably be cheaper that way too.

Yes, they could run something like this.

Yeah VPS is cheaper and easier to set up. Shadowsocks took like several minutes.

Here’s the guide for Wireguard:

Shadowsocks:

Can I ask (im a bit of a noob with this), genuinely curious, why you would want WireGuard over socks, is it because socks doesn’t encrypt? So you are using socks to disguise the data as https traffic and then WireGuard over that to encrypt? But then again does https not encrypt?

Would spinning up a vm, adding vpn access to that vm for all traffic, installing this wghttp service on that vm, and then pointing prowlarr to then access a http proxy on that configured service work? (Or is that not along the lines you guys are talking about)

Your guess is absolutely right, spot on.

Modern firewalls will block wireguard by defauly unless told not to if it’s using deep packet inspection. Basically the firewall looks at the traffic for patterns and since wireguards handshake is really easy to detect, it just drops those handshake packets, stopping wireguard entirely.

Wireguard over shadowsocks essentially masquerades my wireguard traffic as HTTPS traffic. Shadowsocks doesnt encrypt necessarily but it intelligently, though reversibly, scrambles your data to make it look like a whole lot of nothing, encapsulated with HTTPS traffic, just like youre talking to a web server. In reality though, you’ve got a wireguard travelling over shadowsocks.

Its not a problem for most networks but my work uses deep packet inspection, even on our WiFi, so i use WG over SS to get past that. Cant stop me haha.

A lot of people use it in china to VPN out past their firewalls so they can access the rest of the internet like a human not under the thumb of a tyrannical government. Illegal no doubt but can you blame them?

Edit: Also on your last question, HTTPS does encrypt, but using a proxy isnt generating any HTTPS traffic, its just intended for sending and receiving said traffic(iirc). You can send whatever traffic you want over it though, afaik.

Never tested that specific scenario, but it seems like it should work. You would obviously ned to change the listen IP from 127.0.0.1 to some other IP or 0.0.0.0 so that other systems could reach the proxy.

Awesome thanks for your reply, :), that makes sense. I was confused as to why you need WireGuard if you already have shadowsocks but if I’m understanding your reply right shadowsocks encryption is less secure so adding wireguard on top is for peace of mind, that extra layer of encryption?
I also googled that wireguard is network level encryption but socks is only application level, so I guess that’s also why you might want both for the network layer encryption disguised as web browser traffic?

Yeh ive got the vm and the host system managing to talk to eachother via a bridge network connection i already tried, pinged from one side to the other both ways, ill give that a go, if i can manage to get it working on my vm, i did try squid earlier but that failed to restart the service, most guides are years old

Actually its a combination of a couple of factors.

Yes, the encryption on shadowsocks is much less thorough, it’s used less to scramble traffic and more to obfuscate traffic as HTTPS, ie make it look like web traffic. This makes it less secure in general when used alone.

The primary reason, ontop of the previous point though, is that wireguard actually IS a VPN, which is what I want. Only reason shadowsock is involved is for obfuscation to get past firewalls.

I can use wg to get into my network and after that, since it exposes a port on the wireguard peer when you bring it up, I can setup firewall rules for access to different parts of my network.

Thanks lots for your info :slight_smile:

Hi! Im trying to do a similar set up, could I message you and ask a few questions?

Yeah for sure. Shoot

Thank you! Sent you a message.