Socks Proxy Interfaces

Required Packages

To accomplish our end goal we need to install badvpn to create the interface. If you don’t need the interface and only need the SOCKS proxy available on your machine you can skip this step.

sudo apt update
sudo apt install golang-go make git

Now we can build the binary that creates the network interface.
cd tun2socks
make tun2socks
sudo cp ./build/tun2socks /usr/local/bin


To setup our tunnel we will use an ssh connection to a server on another network. All we need is login access to accomplish this. The following command will connect to another server and open a port on your machine that will act as a SOCKS proxy.

ssh -D 1337 [email protected]

Remember to replace the username and hostname with your required values.

You can set proxy settings in network manager if you’d like to route all traffic through that tunnel. For our case however we need to use tun2socks to create a virtual network interface that will allow us to route traffic to our proxy.

Create Virtual Interface

Now we need to create a network interface that we will use to send traffic to the proxy. We will use the ip command.

ip tuntap add mode tun dev tun0
ip addr add dev tun0
ip link set dev tun0 up

Add routes

Routes need to be added to have our traffic go to our new interface. I only want to route a single IP to that interface so I will add that as a test.

ip route add via dev tun0 metric 1

Setup tun2socks

Finally we need to connect the SOCKS proxy with the interface we created. Since we already built the command we only need to run tun2socks.

tun2socks -device tun0 -proxy socks5://localhost:1337 -interface eth0

Notice that eth0 is your normal default internet connection


Now when I try to ssh to another computer on my network I see a message in the terminal where tun2socks is running.

INFO[0091] [TCP] <-> 

This shows that the tunnel is working.

Final Thoughts

This setup was thought of after having to deal with a heavily firewalled environment. I needed to access a website on two separate vLANs and doing this setup would allow for web access into both of those vLANs over a SOCKS proxy.