How do I set up SOCKS5 proxy forwarder?

[Snowstorm1491]

I have a VPS running OPNsense, so it has only WAN and no LAN.

I have set up "WireGuard Road-Warrior" as wg1, so now wg1 is my "LAN".

I have also set up "WireGuard Selective Routing to External VPN Endpoint" with Mullvad as wg2, so some of the clients from wg1 will be routed through Mullvad, and other routed through WAN of the VPS.

With the clients that are routed through Mullvad, I can just use 10.64.0.1 at the end devices to connect to Mullvad's SOCKS5 proxy without additional setup.

Currently I'm trying to set up so that even clients that are not routed through Mullvad, can use Mullvad's SOCKS5 proxy, without having all their network requests to the Internet being routed through the VPN wg2.

I have installed ShadowSocks on the OPNsense, but I can't find a guide online to set up to achieve what I want.

I'm currently doing trial and error, but I don't understand the difference between "ShadowSocks: Server" and "ShadowSocks: Local".

I have attached my current settings which does not work. Anyone can give me some pointers as to what I'm doing wrong? End devices from wg1 can access the ports 8388 and 1080 on the OPNsense, but

Code: [Select]

curl ip4.me/api/ --socks5 10.10.10.1:1080 gives

Code: [Select]

curl: (52) Empty reply from server, while

Code: [Select]

curl ip4.me/api/ --socks5 10.10.10.1:8388 gets timeout.

[Snowstorm1491]

After a lot of search and trial and error, I realized my mistakes.

Mistakes:

• ShadowSocks != SOCKS5
• ShadowSocks cannot connect to SOCKS5 proxy
• ShadowSocks from Mullvad is only used to connect to the VPN servers, any other Internet traffic will have to run inside the VPN connection inside ShadowSocks connection
• Password cannot be blank

Only now I understand how the suite of ShadowSocks softwares work. I can't find this anywhere on the web, so I'm going to post this here in case someone else is searching too.

"ShadowSocks: Server" (ss-server/ssserver-rust on other supposrted platforms) is exactly what is sounds like: it lets ShadowSocks clients connect to it and the clients can tunnel their traffic via this server (and hence have the IP of the server).
"ShadowSocks: Local" (ss-local/sslocal-rust on other supported platforms) is the client that is mentioned above, it connects to ss-server and open a SOCKS5 server for SOCKS5 clients, and forward the requests from the SOCKS5 clients to the ss-server, and from the ss-server the requests go to the final destination.

SOCKS5 clients --[SOCKS5]--> ss-local --[ShadowSocks]--> ss-server --[any protocol]--> destination

So now I have it set up that wg1 clients can use any SOCKS5 supporting clients to use the WAN on the OPNsense VPS. I have attached screenshots on my current settings. I believe this is what most people will try to do.

Code: [Select]

curl ip4.me/api/ --socks5 10.10.10.1:1080 on wg1 clients will work and show OPNsense's external IP.

Now for my use case, I have to figure out a way to make traffic from ss-server go through wg2 (Mullvad VPN, not Mullvad SOCKS5 proxy) instead of WAN.

[GabriellaConrad]

To set up a SOCKS5 proxy forwarder, follow these steps:
1. In your ShadowSocks Local settings, use Mullvad's SOCKS5 proxy server address and port. Ensure correct encryption settings.
2. Configure your OPNsense firewall to allow wg1 clients to access Mullvad's SOCKS5 proxy without routing all traffic through VPN wg2.
3. Make sure ShadowSocks Local is running on the correct port (e.g., 1080).
4. Test your setup with:
curl ip4.me/api/ --socks5 10.10.10.1:1080
For more guidance, refer to the details at Secure proxy. They might have the info you need.

[Snowstorm1491]

To set up a SOCKS5 proxy forwarder, follow these steps:
1. In your ShadowSocks Local settings, use Mullvad's SOCKS5 proxy server address and port. Ensure correct encryption settings.
2. Configure your OPNsense firewall to allow wg1 clients to access Mullvad's SOCKS5 proxy without routing all traffic through VPN wg2.
3. Make sure ShadowSocks Local is running on the correct port (e.g., 1080).
4. Test your setup with:
curl ip4.me/api/ --socks5 10.10.10.1:1080

Does this work for you? I found a simpler way: just NAT a port of your selection on the server to the Mullvad SOCK5 address and port and add outbound rule to change the source address