Dante SOCKS5 server with authentication

It’s not so obvious that socks servers with authentication are a necessary thing.

  1. You can run a “local socks service” simply by connecting to a remote host via ssh (with -D <port>)
  2. Most of software products, that support socks, don’t support socks servers with authentication

The last fact I find very unfortunate, because using socks without having to monitor ssh connection is much more comfortable. But if the software actually supports socks with authentication you can try Dante server.

Dante SOCKS5 server with authentication

Here’s how to install and configure it in CentOS 7.

Installation

Build the rpm files. You can see the last version of Dante at https://www.inet.no/dante/download.html

# yum install -y rpmdevtools rpm-build pam-devel bison flex gcc make glibc-devel libtool autoconf automake binutils
$ wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz
$ rpmbuild -tb dante-*.tar.gz

If everything is ok, you will find the following packages:

$ ls rpmbuild/RPMS/x86_64/dante-*
rpmbuild/RPMS/x86_64/dante-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-debuginfo-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-devel-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-server-1.4.2-1.el7.x86_64.rpm

Installing the packages:

# rpm -ivh rpmbuild/RPMS/x86_64/dante-1.4.2-1.el7.x86_64.rpm
# rpm -ivh rpmbuild/RPMS/x86_64/dante-server-1.4.2-1.el7.x86_64.rpm

Configuration

Note the port number, which you can set arbitrarily, for example 1313:

# cat >/etc/sockd.conf <<EOL
logoutput: syslog
user.privileged: root
user.unprivileged: nobody

# The listening network interface or address.
internal: 0.0.0.0 port=1313

# The proxying network interface or address.
external: eth0

# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: username

# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    #log: connect disconnect error
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    #log: connect disconnect error
}
EOL

Dante uses Linux system authentication, so it’s a good idea to create a separate user account that will be used only socks authentication, and it will be impossible to use this user to log in:

# useradd -r -s /bin/false danteuser
# passwd danteuser

Start the service

Open the port on the firewall:

# firewall-cmd --zone=public --add-port=1313/tcp --permanent
# firewall-cmd --reload

And start the service:

# systemctl start sockd
# systemctl status sockd

Sock server works:

<server_ip>:1313
danteuser/<danteuser_password>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.