How to install SOCKS5 on your VPS
Focusing on Dante, as I find it to be the easiest to install. First thing first, assuming you are using Ubuntu, do the usual
apt-get update && apt-get upgrade
Installing Dante from source on Ubuntu 16.04
The best way to install Dante is to use its source package for the latest available version which is currently version 1.4.2 . You can download the latest version from this Link to Dante Download Page. Copy the source link and download the Dante package using below ‘wget’ command.
# cd /usr/src
# wget http://www.inet.no/dante/files/dante-1.4.2.tar.gz
Once the package has been downloaded, then extract it within the current directory using below command.
# tar -zxf dante-1.4.2.tar.gz
Change directory to the extracted folder to compile and install the package.
# cd dante-1.4.2/
Make sure that you have 'gcc'
and 'make'
utilities installed on your system prior to compile and installation of Dante package. You can use below command to install.
# apt-get install gcc make
Now let’s run the below command to compile the source with required prefix as shown.
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-client --without-libwrap --without-bsdauth --without-gssapi --without-krb5 --without-upnp --without-pam
At the end of the compilation process, you will get its configuration status as shown below.
Configure status: Client: Disabled, using --disable-client Server: Enabled Preloading: Enabled Libwrap: Disabled, using --without-libwrap BSD Auth: Disabled, using --without-bsdauth PAM: Disabled, using --without-pam GSSAPI: Not found/disabled KRB5: Not found/disabled SASL: Not found/disabled UPNP: Not found/disabled Compatability: issetugid setproctitle strlcpy strvis Modules: redirect: Not found bandwidth: Not found ldap: Not found
After that run the following ‘make’ command to install the compiled packages.
# make && make install
You can check the installed version of Dante using below command.
# /usr/sbin/sockd -v Dante v1.4.2. Copyright (c) 1997 - 2014 Inferno Nettverk A/S, Norway
Configuring Dante-server service script
Now we are going to create the configuration file for the dante-server’s start/stop script. To do so create a new file in ‘/etc/init.d/’ directory and place the following contents in it using your command line editor.
# vim /etc/init.d/sockd
#! /bin/sh
### BEGIN INIT INFO
# Provides: sockd
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start the dante SOCKS server.
# Description: SOCKS (v4 and v5) proxy server daemon (sockd).
# This server allows clients to connect to it and
# request proxying of TCP or UDP network traffic
# with extensive configuration possibilities.
### END INIT INFO
#
# dante SOCKS server init.d file. Based on /etc/init.d/skeleton:
# Version: @(#)skeleton 1.8 03-Mar-1998 [email protected]
# Via: https://gitorious.org/dante/pkg-debian
PATH=/sbin:/usr/sbin:/bin:/usr/bin
NAME=sockd
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS="-D"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
DESC="Dante SOCKS daemon"
CONFFILE=/etc/$NAME.conf
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
set -e
# This function makes sure that the Dante server can write to the pid-file.
touch_pidfile ()
{
if [ -r $CONFFILE ]; then
uid="`sed -n -e 's/[[:space:]]//g' -e 's/#.*//' -e '/^user\.privileged/{s/[^:]*://p;q;}' $CONFFILE`"
if [ -n "$uid" ]; then
touch $PIDFILE
chown $uid $PIDFILE
fi
fi
}
case "$1" in
start)
if ! egrep -cve '^ *(#|$)' \
-e '^(logoutput|user\.((not)?privileged|libwrap)):' \
$CONFFILE > /dev/null
then
echo "Not starting $DESC: not configured."
exit 0
fi
echo -n "Starting $DESC: "
touch_pidfile
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
echo "$NAME."
;;
reload|force-reload)
#
# If the daemon can reload its config files on the fly
# for example by sending it SIGHUP, do it here.
#
# Make this a do-nothing entry, if the daemon responds to changes in its config file
# directly anyway.
#
echo "Reloading $DESC configuration files."
start-stop-daemon --stop --signal 1 --quiet --pidfile \
$PIDFILE --exec $DAEMON -- -D
;;
restart)
#
# If the "reload" option is implemented, move the "force-reload"
# option to the "reload" entry above. If not, "force-reload" is
# just the same as "restart".
#
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
sleep 1
touch_pidfile
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- -D
echo "$NAME."
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
*)
N=/etc/init.d/$NAME
# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $N {start|stop|restart|status|force-reload}" >&2
exit 1
;;
esac
exit 0
Save and close the file using 'wq!'
and give it execution permissions and update thh startup script using below commands.
# chmod +x /etc/init.d/sockd
# update-rc.d sockd defaults
Dante-server Sockd Configuration
First we start the global server settings before going to configure the advance settings of access rules. There are two types of rules that have to be defined in its configuration file. Client rules are mainly designed to specify which client is granted access to which socks server. In the socks rule section the actual application request is evaluated. By adding port numbers or rages access to the specific hosts or networks can be limited.
Let’s create the sockd configuration by placing the following parameters into the 'sockd.conf'
file.
# vim /etc/sockd.conf
logoutput: /var/log/socks.log
internal: ens160 port = 1080
external: ens160
method: username
user.privileged: root
user.notprivileged: nobody
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
Starting Dante-server service
Once you have configured the danted-server sockd configuration file, then start its service and check the status its started without any error.
# /etc/init.d/sockd start
# /etc/init.d/sockd status
# /etc/init.d/sockd status
Use below command to check its listening state of port ‘1080’.
# netstat -tulp
tcp 0 0 k-vm:socks *:* LISTEN 70839/sockd
In case you are unable to start your sockd service, then check your logs from ‘/var/log/socks.log’ file and modify 'sockd.conf'
file.
To stop 'sockd'
service you can kill its process number or use below command.
# /etc/init.d/sockd stop [ ok ] Stopping sockd (via systemctl): sockd.service.
Create user for Dante
Dante uses unix authentication and password will be sent via clear text, so it’s best to have a dedicated user for it
useradd -M proxyuser # create user without home
usermod -L proxyuser # disable login
passwd dante # chage password
Try the proxy
Do this on your client machine to make sure everything works
curl --max-time 5 -x socks4://proxyuser:passssssword@ip:port https://api.ipify.org\?format\=json && echo