add ability to bypass proxy when it's enabled

Signed-off-by: Piotr Bocheński <piotr@bochen.ski>

README.md

@@ -29,6 +29,7 @@ docker run \
     --cap-add NET_ADMIN \
     --security-opt="no-new-privileges:true" \
     --publish 127.0.0.1:1080:1080/tcp \
+    --publish 127.0.0.1:1180:1180/tcp \
     --publish 127.0.0.1:53:53/udp \
     --volume "${HOME}/.config/hosts:/tmp/hosts:ro" \
     --env DEBUG="on" \
@@ -41,7 +42,7 @@ docker run \
     --env TOTP_KEY="xxxxxxxxxxxxxxxx" \
     --env PROXY_HOST="192.168.1.1" \
     --env PROXY_PORT="1080" \
-    b0ch3nski/vpnc-dnsmasq-socks5:v0.1
+    b0ch3nski/vpnc-dnsmasq-socks5:v0.2
 ```
 
 I recommend going through [init.sh](init.sh) for a better understanding how this works.

init.sh

@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 set -Eeo pipefail
 
-VPN_INTERFACE="tun123"
 RESOLV_CONF="/etc/resolv.conf"
 VPNC_CONF="/etc/vpnc/vpn.conf"
 DNS_CONF="/etc/dnsmasq.d/dns.conf"
@@ -39,6 +38,7 @@ if [ "${IPSEC_GATEWAY}" ] && [ "${IPSEC_ID}" ] && [ "${IPSEC_SECRET}" ] && [ "${
         iptables -A INPUT -s "${dns}/32" -p udp -m udp --sport 53 -m u32 --u32 "28 & 0x000F = 0x3" -j DROP
     done
 
+    : "${VPN_INTERFACE:=tun123}"
     cat << EOF > "${VPNC_CONF}"
 IPSec gateway ${IPSEC_GATEWAY}
 IPSec ID ${IPSEC_ID}
@@ -110,6 +110,13 @@ EOF
 
     # use REDSOCKS chain for all outgoing TCP connections made by microsocks user
     iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner microsocks -j REDSOCKS
+
+    # start another instance of MicroSocks to handle connections that should not go through the proxy
+    : "${MICROSOCKS_NOPROXY_PORT:=1180}"
+    echo "==> Starting MicroSocks (proxy bypass)"
+    gosu nobody microsocks -i 0.0.0.0 -p ${MICROSOCKS_NOPROXY_PORT} &
+    wait_for_port ${MICROSOCKS_NOPROXY_PORT}
+    echo "==> MicroSocks (proxy bypass) started"
 fi
 
 : "${DNS_CACHE_SIZE:=10000}"