SS5 SOCKS Proxy: Difference between revisions
No edit summary |
mNo edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
UPDATE: SS5 blows donkey snot! Do NOT use it!!!!! It crashes, was written for init.d systems from half a decade ago (and didn't even work right then). It doesn't handle UDP requests (like for DNS, which will crash it). | |||
SOLUTION / ALTERNATIVE: [https://www.inet.no/dante/ Dante-Server] (click the link to read up on it) | |||
...this isn't a "how to" article. Just some tips on getting a SOCKS Proxy working. | ...this isn't a "how to" article. Just some tips on getting a SOCKS Proxy working. | ||
| Line 7: | Line 11: | ||
Instead of compiling it from source code, and given that it's about half a decade old, I figured someone made an RPM for CentOS. But they didn't, so I followed the directions here: https://kenelm1985.wordpress.com/2016/07/28/socks5-server-setup-on-redhat-enterprise-linux-7/ and downloaded the source from here: https://rpmfind.net/linux/rpm2html/search.php?query=ss5 and made my own RPM which ended up here /MyHomeDirectory/rpmbuild/RPMS and then I installed it using YUM. | Instead of compiling it from source code, and given that it's about half a decade old, I figured someone made an RPM for CentOS. But they didn't, so I followed the directions here: https://kenelm1985.wordpress.com/2016/07/28/socks5-server-setup-on-redhat-enterprise-linux-7/ and downloaded the source from here: https://rpmfind.net/linux/rpm2html/search.php?query=ss5 and made my own RPM which ended up here /MyHomeDirectory/rpmbuild/RPMS and then I installed it using YUM. | ||
For configuration the default configuration worked fine and the only item(s) necessary (per the above instructions) were to add settings in the authorization section. | For configuration the default configuration worked fine and the only item(s) necessary (per the above instructions) were to add settings in the authorization section of the /etc/opt/ss5/ss5.conf file; | ||
permit - MySubnetIP/24 - 0.0.0.0/0 - - - - - | permit - MySubnetIP/24 - 0.0.0.0/0 - - - - - | ||
By default SS5 listens on port 1080. Since my environment uses OpenVPN VPNs and SS5 is not exposed publicly, there wasn't any additional configuration to do or stuff to worry about. | By default SS5 listens on port 1080. Since my environment uses OpenVPN VPNs and SS5 is not exposed publicly, there wasn't any additional configuration to do or stuff to worry about. | ||
| Line 16: | Line 20: | ||
My client software is a bandwidth hog, so all the other traffic flowing through the VPN tunnel was very slow. Oh, well. | My client software is a bandwidth hog, so all the other traffic flowing through the VPN tunnel was very slow. Oh, well. | ||
And now the subject of log file size. WOW! Nothing seemed to stop it. Every example I looked for controlling it via the CONF file did not work and produced an error in the log file. Maybe my RPM build didn't include some environmental variables? But then I looked at the source code. To set syslog level, in the .conf file: set SS5_SYSLOG_LEVEL to any number didn't work. One has to use undocumented settings like LOG_ERR, etc (from https://github.com/postageapp/ss5/blob/master/src/SS5Utils.c), and that only served to make the lines invisible, IE, it kept adding to the log file and increasing its size, so that was useless. None of the other variables worked (SS5_LOG_FILE, etc.) | |||
At a certain point one has to give up, but I didn't. Instead I changed strategies. I noticed the ss5 binary had a command line switch (-m) that turned logging off, so I modified the /etc/init.d/ss5 file, adding three -m switches in the "start section" of the file;<blockquote> start)</blockquote><blockquote> # Start daemon.</blockquote><blockquote> echo -n "Starting ss5... "</blockquote><blockquote> if [ $OS = "Linux" ]; then</blockquote><blockquote> daemon /usr/sbin/ss5 -m -t $SS5_OPTS</blockquote><blockquote> touch /var/lock/subsys/ss5</blockquote><blockquote> else</blockquote><blockquote> if [ $OS = "SunOS" ]; then</blockquote><blockquote> /usr/sbin/ss5 -m -t </blockquote><blockquote> touch /var/lock/subsys/ss5</blockquote><blockquote> else</blockquote><blockquote> /usr/local/sbin/ss5 -m -t </blockquote><blockquote> fi</blockquote><blockquote> fi</blockquote><blockquote> echo "done"</blockquote>...and good to go. It still creates the log file, but the size remains zero. Make sure to run systemctl daemon-reload when the /etc/init.d/ss5 file is modified and don't forget to remove any variables from the /etc/opt/ss5/ss5.conf file that don't work as this will prevent the service from starting. | |||
Several additional observations after some usage; | |||
- Using systemctl start ss5 was not always reliable (especially after a crash, see below), so used the service ss5 start command, which seems to only convert to the equivalent systemctl command, but makes ss5 happy. | |||
- My client has a setting related to using proxy for host name lookups which crashes the SS5 service. Nothing in the log file (system or SS5 log), even when set to debug level. So I disabled that setting, all good to go. | |||
<br /> | |||