How to configure a SOCKS5 proxy on a Virtual Private Server (VPS)

Although proxy servers are very similar in their function to VPN, they have one significant difference – the traffic is not encrypted, that is, the level of security will be much lower than when using virtual private networks. Despite this, proxy servers are actively used because this method allows:

• hide your IP address during the basic check;
• hide your actual location – the sites you visit only record the region where the proxy server is located;
• protect your device from unwanted sites by blocking those sites that are guaranteed to be dangerous, contain malware, etc.

But you should understand that a proxy server cannot protect you from advanced detection methods, it does not encrypt traffic and can collect data about users. Whether this data will be shared with third parties is an open question, so use only trusted proxy servers.

The following article will tell you how to configure a SOCKS5 proxy on a virtual private server, as well as what variations of this technology exist.

What types of proxies are available

There are five basic types of proxies:

1. FTP proxies – they are used to download data to FTP servers.
2. CGI (anonymizers) – as a rule, these are websites through which you can get access to any other blocked sites. That is, if you want, for example, to visit a site that is blocked in your country, just go to the site anonymizer, and enter the desired URL in the address field. There is no need to install anything on your computer – everything is done via the cloud. The only drawback is that it can cost money.
3. SMTP, POP3, and IMAP are technologies used to send and receive email.
4. HTTP and HTTPS proxies are needed for web browsing.
5. SOCKS5 – a service that redirects outgoing and incoming Internet traffic through a remote proxy server. It masks your actual IP address, hides geolocation, and prevents accidental leaks of confidential information – the optimal option for bypassing regional censorship for VPS.

The most advanced and massive technology is SOCKS5, and it is also best suited for use in conjunction with VPS.

How to configure a SOCKS5 proxy on a virtual server with Ubuntu 18 and higher

Let's face it, it's not going to be quick and easy. But if you follow our instructions clearly, it won't take much time or effort.

First of all, rent a VPS based on Ubuntu 18.04.4 LTS. It's easy – contact your hosting provider and tell them which plan you are interested in. They will help you find the best VPS or VDS for you individually.

Next, connect to the server as an administrator and update the packages:

apt update
apt full-upgrade

Find out what version of the Dante SOCKS server package is in your repositories:

apt search dante-server
 
dante-server/jammy 1.4.2+dfsg-7build4 amd64
  SOCKS (v4 and v5) proxy daemon (danted)

Now install Dante:

apt install dante-server

And put it in the autostart:

systemctl is-enabled danted
enabled

Now open the configuration file /etc/danted.conf in edit mode and write there the necessary parameters. Example contents:

logoutput: syslog stdout /var/log/sockd.log
#logoutput: stderr
 
internal: ens3 port = 1080
external: ens3
 
socksmethod: username
#socksmethod: username none
 
user.privileged: root
user.unprivileged: nobody
user.libwrap: nobody
 
client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}
 
client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}
 
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}
 
socks block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error

}

We need to clarify it a little:

• logoutput – defines the mechanism for logging connections (in our example, everything will happen through the standard system log).
• user.privived – granting root rights to the server to check permissions.
• user.uncitationd – necessary to block the server from running as a user without privileges.
• internal – specifies the port on which the service runs, as well as the IP addresses allowed to connect.
• external – defines the network interface for outgoing connections.

Now let's create the user who will use our SOCKS5 server. They must be added to the proxy group:

useradd -s /bin/false proxyuser && sudo passwd proxyuser
usermod -aG proxy proxyuser

Then in the firewall, we allow the TCP port 1080 to connect to the clients:

sudo ufw allow 1080/tcp

This completes the SOCKS5 proxy configuration on the VPS. After that check connection through Dante – use some free anti-detection browser with SOCKS5 support: for example, Dolphin Anty or any other similar.

Installing the SOCKS server Dante in Ubuntu 16.04

On so old Ubuntu versions, the default version of Dante Server 1.1.19 is outdated and does not work with login and password. That is, access to the proxy is regulated solely by modifying the iptables rules. Thus, first, we need to install and configure the necessary set of software and dependencies:

apt-get install -y autoconf automake libtool pkg-config checkinstall libwrap0 libwrap0-dev libpam0g-dev

Then we create a directory for further work and go to it:

mkdir dante && cd ~/dante

Now go to the official site of the developers and download the latest version of Dante. You can also do it through the command line:

wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz

Unzip and navigate to the appropriate directory:

tar -zxvf dante-1.4.2.tar.gz
cd dante-1.4.2

Set the assembly configuration:

./configure --prefix=/etc/dante

You should end up with something like this:

Configure status:
Client:        	 Enabled
Server:        	Enabled
Preloading:	Enabled
Libwrap:     	Enabled
BSD Auth:   	Disabled, usable bsd_auth.h not found
PAM:           	Enabled
GSSAPI:       	Not found/disabled
KRB5:          	 Not found/disabled
SASL:          	  Not found/disabled
UPNP:          	Not found/disabled
Compatability: 	issetugid setproctitle strlcpy strvis
Modules:
redirect:      	Not found
bandwidth: 	Not found
ldap:         	    Not found

The next step is to compile the sources:

make

Now you can install the built server. The best way to do this is via checkinstall:

checkinstall
# Нажмите y, затем Enter для создания каталога с документацией.
The package documentation directory ./doc-pak does not exist.
Should I create a default set of package docs?  [y]: y

Preparing package documentation...OK

# Описание можно не прописывать, везде жмите Enter
Please write a description for the package.
End your description with an empty line or EOF.

>> 

When the installation is finished, a deb-package will be created (dante_1.4.2-1_amd64.deb), it can be installed on another virtual machine at any time, but now no more pre-configuration and assembly are needed.

If you need to remove an installed package, use the command:

dpkg -r dante

How to set up a server autorun

Go to /etc/init.d/ and create a script called sockd:

nano /etc/init.d/sockd

Its contents should look as follows:

#! /bin/sh
### BEGIN INIT INFO
# Provides:      	sockd
# Required-Start:	$remote_fs $syslog
# Required-Stop: 	$remote_fs $syslog
# Default-Start: 	2 3 4 5
# Default-Stop:  	0 1 6
# Short-Description: Start the dante SOCKS server.
# Description:   	SOCKS (v4 and v5) proxy server daemon (sockd).
#                	This server allows clients to connect to it and
#                    request proxying of TCP or UDP network traffic
#                	with extensive configuration possibilities.
### END INIT INFO
#
# dante SOCKS server init.d file. Based on /etc/init.d/skeleton:
# Version:  @(#)skeleton  1.8  03-Mar-1998  miquels@cistron.nl
# Via: https://gitorious.org/dante/pkg-debian
PATH=/sbin:/usr/sbin:/bin:/usr/bin
NAME=sockd
DAEMON=/etc/dante/sbin/$NAME
DAEMON_ARGS="-D"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
DESC="Dante SOCKS daemon"
CONFFILE=/etc/$NAME.conf
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
set -e
# This function makes sure that the Dante server can write to the pid-file.
touch_pidfile ()
{
  if [ -r $CONFFILE ]; then
    uid="`sed -n -e 's/[[:space:]]//g' -e 's/#.*//' -e '/^user\.privileged/{s/[^:]*://p;q;}' $CONFFILE`"
	if [ -n "$uid" ]; then
      touch $PIDFILE
      chown $uid $PIDFILE
	fi
  fi
}
case "$1" in
  start)
	if ! egrep -cve '^ *(#|$)' \
        -e '^(logoutput|user\.((not)?privileged|libwrap)):' \
        $CONFFILE > /dev/null
	then
        echo "Not starting $DESC: not configured."
        exit 0
	fi
	echo -n "Starting $DESC: "
    touch_pidfile
    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
        || return 1
    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
        $DAEMON_ARGS \
        || return 2
	echo "$NAME."
	;;
  stop)
	echo -n "Stopping $DESC: "
    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
    RETVAL="$?"
	[ "$RETVAL" = 2 ] && return 2
    start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
	[ "$?" = 2 ] && return 2
	echo "$NAME."
	;;
  reload|force-reload)
	#
    #   If the daemon can reload its config files on the fly
    #   for example by sending it SIGHUP, do it here.
	#
    #   Make this a do-nothing entry, if the daemon responds to changes in its config file
    #   directly anyway.
	#
 	echo "Reloading $DESC configuration files."
     start-stop-daemon --stop --signal 1 --quiet --pidfile \
        $PIDFILE --exec $DAEMON -- -D
  ;;
  restart)
	#
    #   If the "reload" option is implemented, move the "force-reload"
    #   option to the "reload" entry above. If not, "force-reload" is
    #   just the same as "restart".
	#
	echo -n "Restarting $DESC: "
    start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
	sleep 1
    touch_pidfile
    start-stop-daemon --start --quiet --pidfile $PIDFILE \
      --exec $DAEMON -- -D
	echo "$NAME."
	;;
  status)
    status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
	;;
  *)
    N=/etc/init.d/$NAME
	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
	echo "Usage: $N {start|stop|restart|status|force-reload}" >&2
	exit 1
	;;
esac

exit 0

Save your changes, and don't forget to make this script executable:

chmod +x /etc/init.d/sockd

Reload all the demons:

systemctl daemon-reload

And add sockd to autorun:

systemctl enable sockd
systemctl start sockd

And finally, please check everything:

systemctl status sockd

From now on you can manage the SOCKS proxy server with the standard systemctl commands.

Conclusion

Of course, the described methods are not the easiest to perform, here you need some understanding of the principles of the described utilities and protocols. As an alternative, you can use a paid VPN – it will save you a lot of headaches and allow you to bypass regional blockades safely while maintaining full anonymity and privacy.