Ash Yes, I made mention of this earlier but they said my requests don't make sense 🙂
Now, I use my CORE TUNNEL where all the features of SSH are elegant and then I add the Dynamic listening ports from CORE TUNNEL to Surge as a socks5 policy instead of an EXTERNAL policy because Surge is unable to launch ssh processes in my past experience. And then I make core tunnel obey some filters (ads, tracking filters and more) in Surge by placing the IN-PORT rules that makes use of coretunnelssh policy below those filters in [Rule]. By doing this, you get all the elegant SSH features in Core tunnel combined with the sophisticated features in Surge 🙂
COR€TU₦₦€L$$H = socks5, 127.0.0.1, 1010, test-url=http://duckduckgo.com, interface=lo0, allow-other-interface=false, ip-version=v4-only, udp-relay=false
127.0.0.1:1010 is the dynamic Port forwarding IP and port in core tunnel as shown in the equivalent command below:
ssh -N -4 -D 127.0.0.1:1010 -o BindInterface=lo0 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o ServerAliveInterval=15 -p p0rt user@sshh0stname
Actually, the secondary source of all my connections is through lo0 which is an interface by another Proxy-rule based software instead of Wi-Fi (en0) which is the primary source for lo0. So you might not need to add the bindinterface=lo0 (Core tunnel) and interface=lo0 (Surge) in your configurations.
- Meanwhile, don't forget to add the IP address connected in core tunnel to "tun-excluded-routes" and "skip-proxy" parameters in surge to prevent loop/ring connections OR
MY OWN CASE (a 3rd party proxy rule based software which has it's own VIF using the lo0 is serving as my own enhanced mode 🙂 )
- I do not need to add the IPs to the parameters because I do not set as system proxy and I put off enhanced mode and then configure your browsers to listen to Surge via your desired IN-PORT rules (my own case). You can use Proxy SwitchOmega to do that.