Most helpful, thanks.
Is there any recommendations on how best to route UDP traffic through a proxy too? Or perhaps a better way to put it, a strategy to route all traffic through a proxy?
At the moment I am thinking the best strategy would be to have tiny proxy (https://github.com/tinyproxy/tinyproxy) running in a container, and I could route all the traffic from the device through that container. The front facing interface of that container to the internet could then consist of any setup, VPNs, web proxies etc. So the question in this scenario, would be how to route all BalenaOS traffic to a proxy (in this scenario, a local proxy running in a container, although of course the process for routing to a proxy whether it is local or remote I imagine will not differ)?
Here is some further details of what is trying to be achieved. Balena is being deployed to devices in humanitarian contexts, working out of schools. While the content and purpose is completely legitimate, locations of schools can be information you may not want to be revealed, as they have often become victims of attacks. At the moment, routing the TCP traffic is a start. The X factor here seems to be ‘0.resinio.pool.ntp.org’ NTP servers which are quite unique identifiers of the type of devices being used. Potentially also the DNS resolution, especially if pulling from the local router the DNS server addresses if DNS isn’t routed through the redsocks proxy?
Not easy questions, or scenarios I realise.
To note, I am aware of https://www.balena.io/docs/reference/OS/time/ and https://github.com/balena-os/meta-balena#dnsservers. Adjusting these may tackle immediate issues, but doesn’t seem as efficient as routing all traffic.
Would also be helpful just to clarify your earlier comment:
UDP is slightly different,
redudp only deals with DNS traffic, and any other UDP traffic will still attempt to use the default interfaces.
You are saying here that DNS is routed through the proxy, it is only the other traffic that isn’t?