It’s not so obvious that socks servers with authentication are a necessary thing.
- You can run a “local socks service” simply by connecting to a remote host via ssh (with
-D <port>
) - Most of software products, that support socks, don’t support socks servers with authentication
The last fact I find very unfortunate, because using socks without having to monitor ssh connection is much more comfortable. But if the software actually supports socks with authentication you can try Dante server.
![Dante SOCKS5 server with authentication](https://avleonov.com/wp-content/uploads/2019/09/dante_socks5.jpg)
Here’s how to install and configure it in CentOS 7.
Installation
Build the rpm files. You can see the last version of Dante at https://www.inet.no/dante/download.html
# yum install -y rpmdevtools rpm-build pam-devel bison flex gcc make glibc-devel libtool autoconf automake binutils
$ wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz
$ rpmbuild -tb dante-*.tar.gz
If everything is ok, you will find the following packages:
$ ls rpmbuild/RPMS/x86_64/dante-*
rpmbuild/RPMS/x86_64/dante-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-debuginfo-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-devel-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-server-1.4.2-1.el7.x86_64.rpm
Installing the packages:
# rpm -ivh rpmbuild/RPMS/x86_64/dante-1.4.2-1.el7.x86_64.rpm
# rpm -ivh rpmbuild/RPMS/x86_64/dante-server-1.4.2-1.el7.x86_64.rpm
Configuration
Note the port number, which you can set arbitrarily, for example 1313:
# cat >/etc/sockd.conf <<EOL
logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=1313
# The proxying network interface or address.
external: eth0
# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: username
# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
#log: connect disconnect error
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
#log: connect disconnect error
}
EOL
Dante uses Linux system authentication, so it’s a good idea to create a separate user account that will be used only socks authentication, and it will be impossible to use this user to log in:
# useradd -r -s /bin/false danteuser
# passwd danteuser
Start the service
Open the port on the firewall:
# firewall-cmd --zone=public --add-port=1313/tcp --permanent
# firewall-cmd --reload
And start the service:
# systemctl start sockd
# systemctl status sockd
Sock server works:
<server_ip>:1313
danteuser/<danteuser_password>
![](https://avleonov.com/wp-content/uploads/2021/03/avleonov_com.jpg)
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
I’ve changed the interface to the network interface of mine as below
external: ens160
But when starting the service I receive an error saying
Failed to start sockd.service: Unit not found.
What could be done?
My OS is Centos 7
Hi, such a great tutorial thanks. I have a question, is dante supports multiple IP addresses?
Thanks a lot.
Hi,
Thank you! There is a new version dante-1.4.3