May 022013
 

What is this about?

This is a small tutorial, which will show you how to set up a local Raspberry to serve as a so-called SOCKS 5 proxy-server for your local network. The Raspberry itself will connect to a remote server, which will then make the requests to other Internet servers with it’s own IP, thus masquerading the original requestor’s.

All computers on your local network can be configured to connect to the Raspberry, so they all can share the same connection to the remote server.

plug-in-raspberry-socks

Usage #1: Unblocking

As we all know, many sites ban IPs outside of certain contries (* cough Hulu YouTube Pandora Grooveshark cough*) or severely limit the usage. YouTube for instance will block most (> 60 %) “copyrighted” content here in Germany … also Google will index some pages, according to German laws, etc. Other examples will be easily found by the astute reader.

Well what about the obvious case of a US citizen being abroad and wanting to access these and other services? Or a British citizen trying to access the BBC iPlayer?

All you need is a US / British IP address. If you also happen to own a US / British VPN (if not, we recommend Hostigation for US VPSes – affiliate link), then you’re set. If you happen to be a US citizen, that is. If not, well … probably you should not read on Winking smile

 

Usage #2: Security & privacy

If you don’t trust your direct upstream connection, i.e. unsecure WiFi hotspot / sharing Internet through the neigbour’s connection, you might want to forward all traffic from your browser through a safe tunnel.

 

Usage #3: Advanced filtering

If you want to do some advanced filtering on your Internet traffic, i.e. rewriting some JavaScripts / CSS on the fly, logging and analysing the traffic, injecting automatic commands, for instance to log you in automatically and securely on some websites, etc., this solution might also work for you (with an additional “proxy” application on the Raspberry between the actual SOCKS proxy port and the browsers / apps you are serving). The Raspberry then could forward the traffic on through localhost, i.e. your regular Internet upstream service. We will not discuss advanced filtering in this post, but maybe in some upcoming posts.

Set up remote server

On your server / VPS in the remote location (i.e. USA), we recommend to add a new user for SOCKS / SSH forwarding with regular (i.e. non-root) privileges. This is done for security measures, should someone obtain control of your Raspberry. (Many Raspberries are left with the pi / raspberry default login).

adduser socks-foo

Linux will ask you for a password for this new user (in our example the username is “socks-foo”, pick your own), and some other questions, which can be safely accepted in their default values.

If you have OpenSSH server running, which you would need to log (“SSH”) into the remote location in the first place, -that’s it – you’re finished with the server.

If you access your “remote” machine directly or via some other means, please set up the OpenSSH server for this tutorial to work.

Consider setting up private key authentication and taking other security precautions which may be necessary, but outside the scope of this article. Please have a look at this article, for instance.

Set up Raspberry

We will have a Raspberry local server forwarding to the remote server(s). If in doubt, use the commands as root user / sudo them.

We will introduce you to an “instant on” solution first, and discuss in some more depth how it can be made more permanent in another article in this blog (coming soon).

Easy setup / test

In the easiest setup, you could start your SOCKS server simply by the following command

ssh -o ServerAliveInterval=60 -D0.0.0.0:8888 socks-foo@example.com

This will connect to the server example.com (you can also simply use it’s IP), with the user socks-foo, and set up dynamic forwarding on the port 8888 for all network interfaces on the Raspberry Pi. The ssh client will log into your example.com machine at this point, if you close the connection (exit), then the SOCKS proxy obviously will also stop working.

The 0.0.0.0 is important – without it, the Raspberry will open the port, but only on localhost – you will not be able to connect from other computers on your network to it.

You can verify that the port is indeed open (from another console) by

netstat -tlnp

This will show you a list of opened ports, and which IP adresses and services they are bound to.image

Also you can try to use curl to fetch content through socks (on another console logged into your Pi):

curl --socks5 localhost:8888 blog.pi3g.com

This should show you some HTML code.

 

Advanced Setup

In this simple test setup above, you need to connect to the Raspberry and enter the password to the remote server every time you want to use it. We will be looking at setting up a private / public key authentication method and installing the SOCKS proxy as a service in a future post.

Setting up your browser

Next, you can set up your browser to use the new SOCKS 5 proxy. We will demonstrate this with Firefox. A good idea is maybe to use a special browser just for connecting to the proxy, especially if the traffic on the remote server you are using is metered.

Open Firefox’ connection preferences:

Firefox > Options > Options > Advanced > Network > Settings …

image

Set up the IP of your Raspberry as SOCKS Host, the port you opened on the Raspberry Pi as SOCKS proxy port. Choose SOCKS v5, click OK.

DNS Setup

To direct DNS requests through the SOCKS proxy, we will have to modify another value:

Enter about:config as URL in Firefox, and press enter to navigate to the page.

image

Click on “I’ll be careful, I promise!”, and find the setting network.proxy.socks_remote_dns and set it to true.

image

You can use the search to find this advanced setting more easily.

That’s it! Your browser will now use the new SOCKS 5 proxy you just set up on your Raspberry Pi.

Browser-Plugins, like Flash, will automatically use the new SOCKS 5 proxy.

Please note, that your console to the Raspberry Pi has to be open for the connection to work (if you close it, the connection to the remote server will be disconnected and your proxy will be defunct.) We will show you in an upcoming article how to make it permanent.

 

References

  • pi3g

    we recommend to use autossh with the -f and the -N flag -> this will set up a connection in the background, without opening a console to the remote server. More about this in the future.

  • Pingback: Link: Raspberry Pi SOCKS 5 Proxy Server (AKA browse the web with an IP from a different country) » TechNotes()

  • Baboo

    this seems like a pretty nice tutorial but I’m looking forward to the public/private key authentication since i have this method on my proxy server. I “just” need to connect my RPi to it via SSH with RSA (by sending the key file) … are you planning to show that as well ?

  • Adrian Zhang

    Wanderful post! Is there a way to use multi-socks? In another word, to create several SSH tunnel and just use RPi to choose automatically so that if one of them failed, the client it serves will not be forced to change the socks port.

    • There is a package which will allow ssh to retry connections.

      autossh -o ServerAliveInterval=60 -D0.0.0.0:8888 -f -N user@server.example.com

      (private / public authentication is set up for the user in the example)

      maybe it can be configured to rotate between servers. If not, a wrapper script which you would write yourself could do the trick.

      Can’t help more with this – as I need to focus on generating income for my employees and me right now.

      • Adrian Zhang

        Thanks for quick reply!

  • Dan

    Wonderful! Thanks so much, but I’d love to know how to make it so that all of this is done automatically whenever the pi is booted. Suggestions?

  • janet jackson

    noob here, is connecting to your sock though the in browser better,worst, or same in relation to security if you were to use proxy chain or proxifier.

  • 陈劲松

    Hello! Where should I enter the password? I can’t connect to the sock5 server. Is there anybody who met the same problem and fixed it? Please help me.

Optimization WordPress Plugins & Solutions by W3 EDGE