3

I want to set up a personal Tor SOCKS5 proxy on my Linux VPS to use it on mobile devices and whatnot. Apparently, Tor can only protect its control port, SOCKS5 stays open. How do I set a lightweight, password-protected Tor SOCKS5 proxy? Seems like I need to set up another proxy, which would tunnel traffic through Tor. Where do I start?

Roffen
  • 56
  • 1
  • 5

2 Answers2

4

Here's the Tor manual.

You can set:

Socks5ProxyUsername username
Socks5ProxyPassword password

When you start the Tor service.

If you are asking how to create a proxy server in general apart from Tor, then you should probably ask that in the Unix/Linux Stackexchange depending on your Linux distribution.

Jens Kubieziel
  • 8,630
  • 5
  • 35
  • 116
elmerjfudd
  • 2,284
  • 1
  • 9
  • 18
1

I have recently stumbled upon the same issue, so I'd write my solution for Linux for future users.

Let's assume our Linux machine has an IP 1.2.3.4, and we want to run our proxy with authentication on a port 9051.

I've chosen Dante as a server for chaining Socks proxies. The algorithm is the following:

  1. Start TOR, e.g. on the default port 9050 (localhost only, not the external interface: check SocksPort in torrc), and put it to autostart:
sudo systemctl start tor.service
sudo systemctl enable tor.service

  1. Install Dante server from your Linux distribution package manager (e.g. sudo apt-get install dante-server).

  2. Configure /etc/sockd.conf, a config file for Dante:

logoutput: /var/log/sockd.log
internal: 1.2.3.4 port = 9051
external: 1.2.3.4
socksmethod: username # if you'd like to use existing OS
                      # user accounts for authentication
user.privileged: root
user.unprivileged: nobody
client pass {
    from: 0/0 to: 0/0
    log: error connect disconnect
}
socks pass {
    from: 0/0 to: 0/0
    log: error connect disconnect
}
route {
    from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 9050
    proxyprotocol: socks_v4 socks_v5
    method: none
}

Here route is the key section, telling us to redirect all successfully authenticated incoming connections to a local TOR server.

  1. Run Dante server and put it to autostart:
sudo systemctl start sockd.service
sudo systemctl enable sockd.service

  1. Make sure our port 9051 is open in the firewall.

  2. On your client device, specify SOCKS5 proxy, IP 1.2.3.4, port 9051, and any of the OS users registered on your server with their password.

Dmitry Tsirkov
  • 11
  • 2