How do I set up SOCKS5 proxy forwarder?

Started by Snowstorm1491, April 21, 2023, 04:17:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 21, 2023, 04:17:58 PM
I have a VPS running OPNsense, so it has only WAN and no LAN.

I have set up "WireGuard Road-Warrior" as wg1, so now wg1 is my "LAN".

I have also set up "WireGuard Selective Routing to External VPN Endpoint" with Mullvad as wg2, so some of the clients from wg1 will be routed through Mullvad, and other routed through WAN of the VPS.

With the clients that are routed through Mullvad, I can just use 10.64.0.1 at the end devices to connect to Mullvad's SOCKS5 proxy without additional setup.

Currently I'm trying to set up so that even clients that are not routed through Mullvad, can use Mullvad's SOCKS5 proxy, without having all their network requests to the Internet being routed through the VPN wg2.

I have installed ShadowSocks on the OPNsense, but I can't find a guide online to set up to achieve what I want.

I'm currently doing trial and error, but I don't understand the difference between "ShadowSocks: Server" and "ShadowSocks: Local".

I have attached my current settings which does not work. Anyone can give me some pointers as to what I'm doing wrong? End devices from wg1 can access the ports 8388 and 1080 on the OPNsense, but
Code Select
curl ip4.me/api/ --socks5 10.10.10.1:1080 gives
Code Select
curl: (52) Empty reply from server, while
Code Select
curl ip4.me/api/ --socks5 10.10.10.1:8388 gets timeout.
April 22, 2023, 07:34:49 PM #1
After a lot of search and trial and error, I realized my mistakes.

Mistakes:

  • ShadowSocks != SOCKS5
  • ShadowSocks cannot connect to SOCKS5 proxy
  • ShadowSocks from Mullvad is only used to connect to the VPN servers, any other Internet traffic will have to run inside the VPN connection inside ShadowSocks connection
  • Password cannot be blank

Only now I understand how the suite of ShadowSocks softwares work. I can't find this anywhere on the web, so I'm going to post this here in case someone else is searching too.

"ShadowSocks: Server" (ss-server/ssserver-rust on other supposrted platforms) is exactly what is sounds like: it lets ShadowSocks clients connect to it and the clients can tunnel their traffic via this server (and hence have the IP of the server).
"ShadowSocks: Local" (ss-local/sslocal-rust on other supported platforms) is the client that is mentioned above, it connects to ss-server and open a SOCKS5 server for SOCKS5 clients, and forward the requests from the SOCKS5 clients to the ss-server, and from the ss-server the requests go to the final destination.

SOCKS5 clients --[SOCKS5]--> ss-local --[ShadowSocks]--> ss-server --[any protocol]--> destination

So now I have it set up that wg1 clients can use any SOCKS5 supporting clients to use the WAN on the OPNsense VPS. I have attached screenshots on my current settings. I believe this is what most people will try to do.

Code Select
curl ip4.me/api/ --socks5 10.10.10.1:1080 on wg1 clients will work and show OPNsense's external IP.

Now for my use case, I have to figure out a way to make traffic from ss-server go through wg2 (Mullvad VPN, not Mullvad SOCKS5 proxy) instead of WAN.
November 24, 2023, 08:45:27 AM #2 Last Edit: November 28, 2023, 12:08:09 PM by GabriellaConrad
To set up a SOCKS5 proxy forwarder, follow these steps:
1. In your ShadowSocks Local settings, use Mullvad's SOCKS5 proxy server address and port. Ensure correct encryption settings.
2. Configure your OPNsense firewall to allow wg1 clients to access Mullvad's SOCKS5 proxy without routing all traffic through VPN wg2.
3. Make sure ShadowSocks Local is running on the correct port (e.g., 1080).
4. Test your setup with:
curl ip4.me/api/ --socks5 10.10.10.1:1080
For more guidance, refer to the details at Secure proxy. They might have the info you need.
November 24, 2023, 11:48:32 PM #3
Quote from: GabriellaConrad on November 24, 2023, 08:45:27 AM
To set up a SOCKS5 proxy forwarder, follow these steps:
1. In your ShadowSocks Local settings, use Mullvad's SOCKS5 proxy server address and port. Ensure correct encryption settings.
2. Configure your OPNsense firewall to allow wg1 clients to access Mullvad's SOCKS5 proxy without routing all traffic through VPN wg2.
3. Make sure ShadowSocks Local is running on the correct port (e.g., 1080).
4. Test your setup with:
curl ip4.me/api/ --socks5 10.10.10.1:1080


Does this work for you? I found a simpler way: just NAT a port of your selection on the server to the Mullvad SOCK5 address and port and add outbound rule to change the source address
Print
Go Up Pages1
User actions