In my vps server , i install softether vpn server that use tap devie with subnet . Traffic of this devoce go throuh gateway if eth0 ip.
With some iptables trick can forward tcp to local go simple tunnel and use tls tunnel to coonect to socks server on another vps . Beacuse of many restriction on internet in our country . But mg problem is with udp traffic . How i can forward udp this way . I was test tun2soxks but i cant got it working beacuse when change metrics with way say in exampl , i lost connection to device . Can i do it with hev ?

heiher commented

Certainly. If you want to proxy UDP, you should use hev-socks5-server on server side vps. BTW, the traffic in direct access is not encrypted or obfuscated.

It should be noted that if you use the global default route, you need to bypass the socks5 server address to avoid it going through the virtual tunnel:

ip route add SOCKS5-SERVER-IP dev INTERNET-IFACE metric 10

ip route add default dev tun0 metric 20
ip -6 route add default dev tun0 metric 20

tnx for quick answer , for tap device to use tun0 as gateway what rule must add ?
i want be like this :
tap_se ==> tun0 ==> eth0

tap_se has subnet with netmask and brodcast and ip of router

heiher commented

I need more info about your network topology.

ok this is ifconfig result of my vps server , just for security reason i change eth0 inet and broadcast and gateway,

softether vpnserver and local dhcp installed that accept clients connection through l2tp or openvpn , and get them ip on subnet of tap_se

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        ether 00:16:3c:f4:70:d4  txqueuelen 1000  (Ethernet)
        RX packets 1788  bytes 185961 (185.9 KB)
        RX errors 0  dropped 24  overruns 0  frame 0
        TX packets 285  bytes 35281 (35.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet  netmask
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 409  bytes 66498 (66.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 409  bytes 66498 (66.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap_se: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        ether 5e:90:71:5b:d7:06  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

this is ip route result :

default via dev eth0 dev eth0 proto kernel scope link src dev tap_se proto kernel scope link src

and for client to have internet access have following iptables rule
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

and now i want to socksify outgoin traffic of client through socks server

heiher commented

Run hev-socks5-server directly on vpsserver, and hev-socks5-tunnel on another without softether, if encryption is not required. (or use a tcp stream wrapper to encrypt socks5 traffic between server and client. e.g. ssh port forwarding?)

vps server:

hev-socks5-server conf.yml # default config

another host:

hev-socks5-tunnel conf.yml # socks5 sever point to vpsservet

ip route add vpsserver dev eth0
ip route default dev tun0

Is there a plan to develop the original udp proxy? If not,lay4 VPN like v2ray xray is not easy to use hev-socks5-tunnel

heiher commented

Adding UDP associate support is done: f5311b0

  # Socks5 UDP relay mode (tcp|udp)
  udp: 'udp'

Please let me know if you have any other questions.

/usr/bin/hev-socks5-tunnel /usr/bin/hevsocksconfig.yaml \
& ifconfig eth0:0 netmask

ip rule add pref 300 from table tun2socks

iptables -A FORWARD -i eth0:0 -s -j ACCEPT
iptables -A FORWARD -i tun0 -d -j ACCEPT
iptables -t nat -A POSTROUTING -s -o tun0 -j MASQUERADE

ip route flush table tun2socks
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table tun2socks $ROUTE; done
ip route add default via dev tun0 table tun2socks

ip route flush cache

/usr/local/bin/xray run /usr/local/bin/config.json

Someday someone might find this script useful for NATing a local network traffic to Hev tun0 and then pass it by the tun2socks to a Xray or V2ray or V2fly client connection over socks...

I had limited Kernel Modules and was not able to utilize Tmark Iptables modules. So had to use a tun2socks adapter and do an old fashion typical nat.

Works fine with latest Hev build.

speedtest -I tun0

   Speedtest by Ookla

      Server: KPN - Amsterdam (id: 26996)
Idle Latency:    96.52 ms   (jitter: 1.17ms, low: 95.34ms, high: 97.32ms)
    Download:   452.90 Mbps (data used: 584.0 MB)                                                   
                290.17 ms   (jitter: 69.22ms, low: 95.39ms, high: 458.78ms)
      Upload:   378.08 Mbps (data used: 535.0 MB)                                                   
                121.87 ms   (jitter: 8.42ms, low: 102.21ms, high: 162.63ms)
 Packet Loss:     0.0%