Creating a SOCKS Proxy Network Interface
Socks Proxy Interfaces
Required Packages
To accomplish our end goal we need to install badvpn to create the interface. If you don’t need the interface and only need the SOCKS proxy available on your machine you can skip this step.
sudo apt update
sudo apt install golang-go make git
Now we can build the binary that creates the network interface.
https://github.com/xjasonlyu/tun2socks.git
cd tun2socks
make tun2socks
sudo cp ./build/tun2socks /usr/local/bin
Setup SOCKS
To setup our tunnel we will use an ssh connection to a server on another network. All we need is login access to accomplish this. The following command will connect to another server and open a port on your machine that will act as a SOCKS proxy.
ssh -D 1337 user@hostname
Remember to replace the username and hostname with your required values.
You can set proxy settings in network manager if you’d like to route all traffic through that tunnel. For our case however we need to use tun2socks to create a virtual network interface that will allow us to route traffic to our proxy.
Create Virtual Interface
Now we need to create a network interface that we will use to send traffic to the proxy. We will use the ip command.
ip tuntap add mode tun dev tun0
ip addr add 10.10.10.10/24 dev tun0
ip link set dev tun0 up
Add routes
Routes need to be added to have our traffic go to our new interface. I only want to route a single IP to that interface so I will add that as a test.
ip route add 192.168.1.0/24 via 10.10.10.10 dev tun0 metric 1
Setup tun2socks
Finally we need to connect the SOCKS proxy with the interface we created. Since we already built the command we only need to run tun2socks.
tun2socks -device tun0 -proxy socks5://localhost:1337 -interface eth0
Notice that eth0 is your normal default internet connection
Testing
Now when I try to ssh to another computer on my network I see a message in the terminal where tun2socks is running.
INFO[0091] [TCP] 10.10.10.10:32780 <-> 192.168.1.200:22
This shows that the tunnel is working.
Final Thoughts
This setup was thought of after having to deal with a heavily firewalled environment. I needed to access a website on two separate vLANs and doing this setup would allow for web access into both of those vLANs over a SOCKS proxy.