9

I have a socks proxy server set up using Shadowsocks and I have the client on my laptop.

The problem is that I have to configure every single program (using HTTP_PROXY env or manually) to proxy through my socks server.

I wanted to create a VPN Connection in which I config my socks credentials so that when this VPN is connected ALL my network is going through the proxy and when I don't need it I just disconnect the VPN.

Are there any tools to define a new protocol or something in VPN section?

I tried OpenVPN but seems it's not supporting what I want:

My Computer -> VPN -> Socks -> Internet.

Shayan
  • 1,503

4 Answers4

3

The problem is that I have to configure every single program (using HTTP_PROXY env or manually) to proxy through my socks server.

Forward port 80 to your proxy's port (8080 in here). A command like this would do this temporary (a restart would remove it). 

sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8080

Source: https://unix.stackexchange.com/a/85933/197095

To make this rule permanent, see this question and answer: How can I make a specific set of iptables rules permanent?

Artyom
  • 1,723
2

It's impossible to use Socks as tunneling protocol, so you can't make VPN using Socks. The reason is simple: Socks forwards only TCP (and UDP in Socks5), so other protocol can't pass through Socks.

You can use ProxyChains to pass every connection through your Socks proxy. It does same as Proxifire in MS-Windows.

SuB
  • 4,229
  • 5
  • 24
  • 33
  • ProxyChains works, but what if I want to create a VPN to my Socks connection so I can Hotspot my VPN connection? (Share a VPN connection). Or is there a way to pass the Socks through Hotspot? – Shayan Mar 08 '18 at 09:41
1

It is possible. But only TCP and DNS traffic is passed, which is enough in 99% cases.

On Openvpn server side, run a Socks5 client that supports opening a local REDIRECT socket and forwarding traffic to the next Socks5 server. My choice is Gost.

gost -L redirect://:12345 -F  socks5://U:P@Host:Port

Then main magic comes. Run actual DNS resolver that sends DNS via a proxy to the DNS server like Google via DoH.

https_dns_proxy -p 54000 -a 172.22.21.1 -b 8.8.8.8,8.8.4.4 \
  -vvvvvv -4 -t socks5://U:P@Host:Port

Using Gost, create a local DNS caching resolver, which will forward all DNS to the resolver above:

gost -L "dns://172.22.22.1:53000?mode=udp&dns=172.22.22.1:54000&ttl=300"

And redirect TCP and UDP (only DNS) of a VPN client to these things.

iptables -t nat -I PREROUTING -s 172.22.21.100 -p tcp -j REDIRECT --to 12345
iptables -t nat -I PREROUTING -s 172.22.21.100 -p udp --dport 53 -j REDIRECT --to 53000

You don't need net.ipv4.ip_forward to be 1 ! No NAT, no forwarding is done.

Pavel Piatruk
  • 21
  • 2
0

The VPN solution is too complicated, but it is possible. You have to setup a VPN server and on the VPN server you need to setup a system wide proxy.

The only question is why not to setup the system wide proxy on your client instead of vpn as described here: http://askubuntu/questions/769361/ubuntu-16-04-lts-how-to-force-all-http-https-traffic-to-use-proxy

In firefox there was a toggle proxy extension to swap the connection, nowadays there is a MM3 proxy switch for firefox quantum.

kukulo
  • 2,015
  • Fixed url: https://askubuntu.com/questions/769361/ubuntu-16-04-lts-how-to-force-all-http-https-traffic-to-use-proxy – Sepehr GH Jan 12 '20 at 06:20