Distroname and release: OpenBSD
Dante on OpenBSD
install dante
pkg_add dante
Change the config, to something like so:
The config, actually contains 3 sections
The main section, with "shared" configurations
The "client pass" defines, which clients are allowed to talk to the dante
The "socks pass" defines rules for the sockd service, like rules, authentication method.
Now edit, the configuration, /etc/sockd.conf, so it looks like this...
/etc/sockd.conf
internal: em0 port = 1080
external: em0
socksmethod: username none
user.privileged: root
user.unprivileged: _sockd
#logoutput: syslog/user
#debug: 1
logoutput: /var/log/sockd.log
## client access rules
#define clients who can talk to the server. The "client pass" is checked before the "socks pass" sections!
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
# block connections to localhost, or they will appear to come from the proxy.
socks block {
from: 0/0 to: lo
log: error connect disconnect
}
#define the socks server access
socks pass {
from: 192.168.39.0/24 to: 0.0.0.0/0
command: bind connect udpassociate
log: error connect disconnect
#No authentication
# socksmethod: none
#Username authentication
socksmethod: username
#Username OR none authentication (Why would you ever need this?)
# socksmethod: username none
# Require the users to be part of the group "socks5users"
group: socks5users
}
Then restart the server, for the changes to take effect.
/etc/rc.d/sockd restart
Users and Groups
As the configuration states, we need an user, which must be member of an group.
Create an group, since we require users to authenticate, and be part of an group:
groupadd socks5users
Create test user, which cannot login to the system:
useradd -s /sbin/nologin test
useradd: Warning: home directory `/home/test' doesn't exist, and -m was not specified
Set an password:
passwd test
Add the user to the group:
Warning, will set the primary group! You might not actually want this! Consider using -G instead of -g
If you have created the user from scratch, from the example, you are fine.
usermod -gsocks5users test
Switch to any client you have, which can access this server!
You can test with curl, like so from an client. Notice that the authentication depends on how you have configured the "socks pass" section.
If it should require username/password or none. Or maybe even, either.
Test from an client with curl:
curl -x socks5://test:testtest@192.168.39.45:1080 ifconfig.me
Without authentication
curl -x socks5://192.168.39.45:1080 ifconfig.me
Now edit, the configuration, /etc/sockd.conf, so it looks like this...
/etc/sockd.conf
internal: em0 port = 1080
external: em0
socksmethod: username none
user.privileged: root
user.unprivileged: _sockd
#logoutput: syslog/user
#debug: 1
logoutput: /var/log/sockd.log
## client access rules
#define clients who can talk to the server. The "client pass" is checked before the "socks pass" sections!
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
# block connections to localhost, or they will appear to come from the proxy.
socks block {
from: 0/0 to: lo
log: error connect disconnect
}
#define the socks server access
socks pass {
from: 192.168.39.0/24 to: 0.0.0.0/0
command: bind connect udpassociate
log: error connect disconnect
#No authentication
# socksmethod: none
#Username authentication
socksmethod: username
#Username OR none authentication (Why would you ever need this?)
# socksmethod: username none
# Require the users to be part of the group "socks5users"
group: socks5users
}
Then restart the server, for the changes to take effect.
/etc/rc.d/sockd restart
Users and Groups
As the configuration states, we need an user, which must be member of an group.Create an group, since we require users to authenticate, and be part of an group:
groupadd socks5usersCreate test user, which cannot login to the system:
useradd -s /sbin/nologin test useradd: Warning: home directory `/home/test' doesn't exist, and -m was not specifiedSet an password:
passwd testAdd the user to the group:
Warning, will set the primary group! You might not actually want this! Consider using -G instead of -g
If you have created the user from scratch, from the example, you are fine.
usermod -gsocks5users testSwitch to any client you have, which can access this server!
You can test with curl, like so from an client. Notice that the authentication depends on how you have configured the "socks pass" section.
If it should require username/password or none. Or maybe even, either.
Test from an client with curl:
curl -x socks5://test:testtest@192.168.39.45:1080 ifconfig.meWithout authentication
curl -x socks5://192.168.39.45:1080 ifconfig.me
Do not trust the authors words! POC, tests and experience is key
Copyright LinuxLasse.net 2009 - 2024 All Rights Reserved.
Copyright LinuxLasse.net 2009 - 2024 All Rights Reserved.