Add transparent proxy/fallback mode for traffic outside AllowedIPs

[herenickname]

I’m using WireProxy as a WireGuard→SOCKS5 proxy, with DNS-based routing to decide whether a given destination should go through my internal VPN subnet or directly over the user’s regular Internet uplink. In my WireGuard config, AllowedIPs only contains the internal subnet(s).

However, as soon as WireProxy is enabled, all non-internal traffic is dropped—only addresses that DNS resolves into the internal subnet actually load. Everything else “breaks” unless it’s explicitly covered by AllowedIPs.

I’d like WireProxy to support a transparent (or “fallback”) mode where:

Traffic to destinations matching AllowedIPs is proxied over the WireGuard tunnel (via SOCKS5).

All other traffic is routed directly via the host’s default gateway, so that Internet resources not in the VPN subnet continue to work without having to enumerate them in AllowedIPs.

Preferably this would be controlled by a new configuration flag or command‐line switch. Thanks.

[ellegance]

Isn't it the same as Disallowed IPs option in Wireguard? Right now it seems does not work in wireproxy
If it is, I agree that this thing would be useful to access local resources, for example.