This article helps you to set up and configuring Dante as a private SOCKS proxy (with authentication) on Debian based Linux distribution.
Dante is a mature and stable SOCKS proxy developed by Inferno Nettverk A/S proxy. This article helps you installing Dante as your private SOCKS proxy with username and password (pam) authentication system.
Preparing system
Before starting, there are several prerequisites that must be met to follow this article:
- Comfortable using Linux terminal.
- A Linux server with a Debian based distribution.
Because what we are going to create is a private proxy which requires username and password authentication from a user account on the Linux system, we need to create a Linux user on the server which will be used for the authentication process.
1# Create new user
2sudo useradd -r -s /bin/false myproxyuser
3# set the user password
4sudo passwd myproxyuser
Note: Change
myproxyuserabove with the user you want to use for authentication.
Install Dante server
Because Dante is a very mature and popular SOCKS proxy, you can easily install Dante server with the built-in Debian or Ubuntu package manager.
1sudo apt install dante-server
2systemctl status danted.service
After the installation process is complete, the system will automatically try to run danted.service, but the service will be failed to run because there is no authentication method that must be configured.
Configuring Dante server
Dante configuration file are located at /etc/danted.conf. There is an example of a configuration along with a very complete explanation of what the parameters or configuration variables are used for in that default configuration file.
Backup the default configuration file with sudo cp /etc/danted.conf /etc/danted.conf.bak command, then change the configuration in /etc/danted.conf with the following example configuration:
1# log configuration
2logoutput: stderr
3
4# danted service will listen to any available IP addresses on port 1080
5internal: 0.0.0.0 port=1080
6
7# which interface will be used for outgoing connection
8external: eth0
9
10clientmethod: none
11socksmethod: username
12user.privileged: root
13user.unprivileged: nobody
14user.libwrap: nobody
15
16client pass {
17 from: 0.0.0.0/0 to: 0.0.0.0/0
18}
19
20socks pass {
21 from: 0.0.0.0/0 to: 0.0.0.0/0
22}
From the example configuration above, Dante will listen to any available IP addresses on port 1080 and all outgoing traffic will be passed through eth0 interface.
You can change the port, and you must adjust the external interface with your default server interface.
After adjusting the Dante configuration to fit with your needs, restart the service using sudo systemctl restart danted.service command.
Then, check whether danted.service is running properly with sudo systemctl status danted.service command:
1● danted.service - SOCKS (v4 and v5) proxy daemon (danted)
2 Loaded: loaded (/lib/systemd/system/danted.service; enabled; preset: enabled)
3 Active: active (running) since Thu 2023-11-09 16:51:01 WIB; 1 day 1h ago
4 Docs: man:danted(8)
5 man:danted.conf(5)
6 Process: 885 ExecStartPre=/bin/sh -c uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`; >
7 Main PID: 935 (danted)
8 Tasks: 21 (limit: 9304)
9 Memory: 18.5M
10 CPU: 2.701s
11 CGroup: /system.slice/danted.service
12 ├─ 935 /usr/sbin/danted
13 ├─ 955 "danted: monitor"
14 ├─1494108 "danted: io-chil"
15 ├─1494116 "danted: io-chil"
16 ├─1494127 "danted: request"
17 ├─1495807 "danted: request"
18 ├─1496272 "danted: negotia"
19 ├─1496273 "danted: request"
20 .... snip
21
22Nov 09 16:51:01 aws-ec2 systemd[1]: Starting danted.service - SOCKS (v4 and v5) proxy daemon (danted)...
23Nov 09 16:51:01 aws-ec2 systemd[1]: Started danted.service - SOCKS (v4 and v5) proxy daemon (danted).
24Nov 09 16:51:02 aws-ec2 danted[935]: Nov 9 16:51:02 (1699523462.105152) danted[935]: info: Dante/server[1/1] v1.4.2 running
Test your server
After all the processes above are complete, it’s time to try using your proxy server. One of the easiest way to test is using curl from your local computer:
1curl -x socks5://myproxyuser:myproxy_password@server_ip:proxy_port http://ifconfig.me
Change
myproxyuser,myproxy_password,server_ip, andproxy_portwith the authentication and configuration you have done before.
From the curl command above, your public IP address should become your proxy server IP address, not your home ISP IP address.
Troubleshooting
If you cannot establish a SOCKS5 connection to your proxy server, make sure the port used by Dante is open. Run the following ufw command (for Debian-based systems) to open a port from the firewall:
1ufw allow proto tcp to any port 1080
Note: Change port
1080and adjust it to your proxy server configuration.
