Wireguard + Socks proxy

I'm trying to setup an socks proxy that listens on one of the lan interfaces and on one of the wireguard interfaces.
I tried several socks proxy softwares but I can't get it to work.
The proxies itself do work but the traffic is not going through the wireguard initerface.
For example with dante:

errorlog: syslog
logoutput: /var/log/sockd.log
internal: br-lan port = 1080
external: wgc0
clientmethod: none
socksmethod: none
user.privileged: root
user.notprivileged: nobody

client pass {
        from: <clientip> to:
        log: error connect disconnect
client block {
        from: to:
        log: connect error
socks pass {
        from: to:
        log: error connect disconnect
socks block {
        from: to:
        log: connect error

The proxy is working but a simple test with curl shows my wan ip.
And the wg interface shows tx/rx bytes = 0.
What is the trick here?

dante log shows it has bound itseslf to the wg interface:

sockd[21254]: debug: int_ifname2sockaddr(): interface wgc0 missing address on index 8 ... skipping
sockd[21254]: debug: socks_bind(): trying to bind address 10.x.x.x.x on fd 7.  Retries is 0
sockd[21254]: debug: socks_bind(): bound address 10.x.x.x.55135 on fd 7

ping -I wgc0
works and the wgc0 interface packets are increasing after this.
So the wg interface is working too.

Is there are way to create a virtual interface just for the purpose to run some daemon on it?

I got this working somewhat...
After trying several approaches, I came up with this:
I created a dummy interface with a different subnet:
LAN Interface is:

Dummy interface got assigned his own firewall zone.
Dante is listening on the LAN interface as internal and on the dummy interface as external.

Then I used the PBR package to setup policy based routing. (could also be done with build in uci capabilities, I guess?)
Marking packets in the OUTPUT chain from the source address

This works, but the firewall zone for SOCKS5 isn't working.
I can set everything to reject/drop for this zone and remove all forward rules from other zones to this zone but I'm still able to ping

Why is that?

I have the exact same problem. Any luck solving it?

This seemed promising initially, but didn't do anything either: https://serverfault.com/a/674389

The last attempt was to bind dante's both internal and external ifs to wg and forward its listening port to lan. Nope, it still used my wan.

Alright, desperate measures. Solved it tho.

Download OpenWrt SDK. Get it from the same dir where you download your device's firmware.
For example:
My latest stable upgrade link is: https://downloads.openwrt.org/releases/22.03.3/targets/ramips/mt76x8/openwrt-22.03.3-ramips-mt76x8-tplink_archer-c20-v5-squashfs-sysupgrade.bin
Remove that file name, scroll down, look for openwrt-sdk-

Unpack and cd into.

./scripts/feeds update -a
./scripts/feeds install gcc # dunno, maybe not needed
export STAGING_DIR=path_to_SDK/staging_dir/toolchain-your_arch # note that your_arch

Test it.

#include <stdio.h>

int main()
	printf("\nHello, world!\n\n");
	return 0;

And then,
path_to_SDK/staging_dir/toolchain-your_arch/bin/your_arch-openwrt-linux-gcc hello.c

scp a.out root@your_device:/root/

ssh root@your_device -C './a.out' # should print Hello, world!

Grab bindToInterface.c from https://github.com/JsBergbau/BindToInterface
Edit and uncomment //#define DEBUG to see if it's actually doing anything.

path_to_SDK/staging_dir/toolchain-your_arch/bin/your_arch-openwrt-linux-gcc -nostartfiles -fpic -shared bindToInterface.c -o bindToInterface.so -ldl -D_GNU_SOURCE
scp bindToInterface.so root@your_device:/root/

r u n i t !

ssh root@your_device
BIND_INTERFACE=wgc0 DNS_OVERRIDE_IP= LD_PRELOAD=/root/bindToInterface.so dropbear -F -E -p your_wgc0_ip:10022

Head to Admin > Network > Firewall > Port Forwards and add:
Source zone: lan
External port: 10022
Destination zone: wgc0
Internal IP: your_wgc0_ip
Internal port: 10022

ssh -D 31337 -N root@your_device

Your local socks proxy is now running on port 31337.