Distroname and release: OpenBSD

Dante on OpenBSD

install dante

pkg_add dante
Change the config, to something like so:
The config, actually contains 3 sections
  • The main section, with "shared" configurations
  • The "client pass" defines, which clients are allowed to talk to the dante
  • The "socks pass" defines rules for the sockd service, like rules, authentication method.

  • Now edit, the configuration, /etc/sockd.conf, so it looks like this...
    /etc/sockd.conf
    internal: em0 port = 1080
    external: em0
    socksmethod: username none 
    user.privileged: root
    user.unprivileged: _sockd
    #logoutput: syslog/user
    #debug: 1
    logoutput: /var/log/sockd.log
    
    ## client access rules
    
    #define clients who can talk to the server. The "client pass" is checked before the "socks pass" sections!
    client pass {
            from: 0.0.0.0/0 to: 0.0.0.0/0
            log: error connect disconnect
    }
    # block connections to localhost, or they will appear to come from the proxy.
    socks block {
    	from: 0/0 to: lo
    	log: error connect disconnect
    }
    #define the socks server access
    socks pass {
    	from: 192.168.39.0/24 to: 0.0.0.0/0
    	command: bind connect udpassociate
    	log: error connect disconnect
    #No authentication
    #	socksmethod: none
    #Username authentication
            socksmethod: username
    #Username OR none authentication (Why would you ever need this?)
    #        socksmethod: username none
    #	Require the users to be part of the group "socks5users"
    	group: socks5users
    }
    
    Then restart the server, for the changes to take effect.
    /etc/rc.d/sockd restart
    

    Users and Groups

    As the configuration states, we need an user, which must be member of an group.
    Create an group, since we require users to authenticate, and be part of an group:
    groupadd socks5users
    
    Create test user, which cannot login to the system:
    useradd -s /sbin/nologin test
    useradd: Warning: home directory `/home/test' doesn't exist, and -m was not specified
    
    Set an password:
    passwd test
    
    Add the user to the group:
    Warning, will set the primary group! You might not actually want this! Consider using -G instead of -g
    If you have created the user from scratch, from the example, you are fine.
    usermod -gsocks5users test
    
    Switch to any client you have, which can access this server!
    You can test with curl, like so from an client. Notice that the authentication depends on how you have configured the "socks pass" section.
    If it should require username/password or none. Or maybe even, either.

    Test from an client with curl:
    curl -x socks5://test:testtest@192.168.39.45:1080 ifconfig.me
    
    Without authentication
    curl -x socks5://192.168.39.45:1080 ifconfig.me
    

    Do not trust the authors words! POC, tests and experience is key

    Copyright LinuxLasse.net 2009 - 2020 All Rights Reserved.

    Valid HTML 4.01 Strict Valid CSS!