The following post describes how to set up dante-server (danted / sockd), a SOCKS5 proxy server, with user/password authentication. It should work on Debian and Ubuntu.
On Ubuntu 14.04 You will have to compile dante yourself. Maybe other Ubuntu versions as well. Click here for the Ubuntu 14.04 how-to.
– it lets anyone (as in any IP address) connect
– it requires user and password of a systemuser (e.g. root)
Here is how I did it on Linux Debian 6 (Squeeze) minimal x86, at first I will explain it without authentication and then tell you what to modify to add authentication:
apt-get update apt-get upgrade apt-get install nano
.. to update your system and to install the text editor nano.
Then install dante-server:
apt-get install dante-server
It will output an error message in the end:
Not starting Dante SOCKS daemon: not configured.
So let’s configure it. The configuration file is at:
nano /etc/danted.conf
Rename it and make a new one:
mv /etc/danted.conf /etc/danted1.conf nano /etc/danted.conf
Now copy this and insert it into PuTTY with a right click:
logoutput: /var/log/socks.log
internal: venet0:0 port = 1080
external: 111.111.111.111
method: username none #rfc931
clientmethod: none
user.privileged: root
user.notprivileged: nobody
user.libwrap: nobody
client pass {
from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
log: connect disconnect error
}
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
protocol: tcp udp
}
Now you have to change the following lines depending on your system.
internal: venet0:0 port=1080
venet0:0 is the network adapter/interface which can be (and very likely is) different on your system.
To check the name use the command:
ifconfig
Which will output the names. In my opinion it should have been venet0 for me, but it didn’t work so just try all of them if the proxy server refuses connection.
Another very typical name would be eth0.
The IP address needs to be changed to the EXTERNAL IP of your server (the one you could also access an apache web server with from your computer):
external: 111.111.111.111
To save with the nano editor hold CTRL+X and confirm the changes with “y”.
Now make sure dante-server is stopped and start it again:
/etc/init.d/danted stop /etc/init.d/danted start
Try to connect with your browser. We haven’t set an authentication yet so a web browser is an easy way to check if it is working. If it says “connection refused” you entered wrong information in the config file.
If it opens the website you are trying to access, congrats! 😛 Now let’s implement authentication which is really easy. Simply change the following line:
method: username none #rfc931
to
method: username #rfc931
Now you should be able to identify yourself with the user specified in the following line:
user.privileged: root
Yes, it is the system user. If you specify root you have to log in with the username “root” and the password of your server/vps that you use for SSH access.
//EDIT: Technically authentication had been enabled before,too except now you just disabled the access for non-verified users.
You might have to start the server as root for authentication to work (or with sudo).
Restart danted/dante-server:
/etc/init.d/danted stop /etc/init.d/danted start
.. and check if the authentication works. I checked it with the P2P file sharing program “Ares” which returns “Test passed” if it works. And that’s it, hope this tutorial helped someone. 🙂
hi,
I’ve been able to setup dante on my vps using this tutorial. Thank You
However a meager vps with 128mb ram, dante suck memory up to 170mb with basic debian 32 setup. I can see using “top” that dante cretae many small thread whenever I’m using utorrent. I choose dante over ssh tunnel since dante support udp with my utorrent.
Is there any other tweak you can recommend?
Hey!
I just tested it and the RAM consumption stays at 95-105MB for me. Are you using a Debian minimal template?
You could try to reduce the download speed/simultaneous downloads in utorrent.
—
client pass {
from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
log: connect disconnect error
session.max: 30
}
—
^ this should reduce the number of concurrent connections (no clue if 30 is a good value), but when I try it I get no connection through dante, the logfile says
“/etc/danted.conf: error on line 12, near ‘s’: syntax error”
Maybe that’s because the version in the debian repository is old:
“danted -v” returns:
danted: dante v1.1.19
.. which dates back to 2006.
Here you can get the newest version (1.4.x), but need to install it manually..
Nice tutorial had looked into squid but it was meh because certain progs wouldn’t work right from it then found dante and looked more into it and seems to be running smoothly with this tutorial <3
huh, I thought I had replied to this. Thank you for your comment. 🙂
I use squid as a HTTPS proxy with a program named “proxifier”, which can also tunnel programs through squid (only use I ever had with a non-browser program was the spotify client).
Hi past few days i’ve been having an issue with dante-server for some reason i’m barley getting 300-400kbps dante’s sertup in a vm local so i shoul dbe getting way better then that which i do if i disable sock5 option in firefox and use default setup any idea’s? i’m using config posted
I have no clue. Since it has only been like this for the past few days, I assume something must have changed? Have you rebooted the VM? You probably did, but that’s the only thing I can think of.. or reinstall.
I actually figured it out. it was because i changed the mac address of the vmware nic which for some reason made speeds awfully slow.
great 🙂 And even greater that you came back to share the solution, maybe this will help someone else someday..
I install and test but in proxifier says:
[25:46] Testing Started.
Proxy Server
Address: 5.231.73.239:40000
Protocol: SOCKS 5
Authentication: YES
Username: root
[25:46] Starting: Test 1: Connection to the Proxy Server
[25:46] IP Address: 5.231.73.239
[25:46] Connection established
[25:46] Test passed.
[25:46] Starting: Test 2: Connection through the Proxy Server
[25:47] Authentication was successful.
[25:47] Connection to http://www.google.com:80 established through the proxy server.
[26:28] Testing Stopped
[26:29] Testing Started.
Proxy Server
Address: 5.231.73.239:40000
Protocol: SOCKS 5
Authentication: YES
Username: root
[26:29] Starting: Test 1: Connection to the Proxy Server
[26:29] IP Address: 5.231.73.239
[26:29] Connection established
[26:29] Test passed.
[26:29] Starting: Test 2: Connection through the Proxy Server
[26:33] Authentication was successful.
[26:35] Connection to http://www.google.com:80 established through the proxy server.
[28:01] Testing Stopped
[28:02] Testing Started.
Proxy Server
Address: 5.231.73.239:40000
Protocol: SOCKS 5
Authentication: YES
Username: root
[28:02] Starting: Test 1: Connection to the Proxy Server
[28:02] IP Address: 5.231.73.239
[28:07] Connection established
[28:07] Test passed.
[28:07] Starting: Test 2: Connection through the Proxy Server
[28:11] Authentication was successful.
[28:11] Connection to http://www.google.com:80 established through the proxy server.
[32:56] A default web page was successfuly loaded.
[32:56] Test passed.
[32:56] Starting: Test 3: Proxy Server latency
[32:57] Latency = 213 ms
[32:57] Test passed.
[32:57] Testing Finished.
But see Time???
Replay was very long time
what should i do?
I have no idea. Maybe try Port 80/443/8080? Or try a SSH tunnel/squid proxy instead?
I bought a server in france and followed your tutoiral AND proxifier says everything is wörking. Nearly every ip checking site says I’m from france now except for the site I wanted it for :<
Which site? Did you delete your cookies?
Same for me. let me guess you mean updates.buddyauth?
I just tested buddyauth with tinyproxy (DE/US/FR IP) and the different location works for me:
http://tech.tiq.cc/2012/06/installing-tinyproxy-on-linuxdebian/
Alternatively use a SSH tunnel:
http://tech.tiq.cc/2012/06/how-to-create-a-ssh-tunnel-with-putty/
I do not have the time to try dante, but it should work as well..
i cant get install my server with putty!? where i can install dante oder the nano text editor? i dont get it
When you purchase/rent a VPS or dedicated server it usually comes with pre-installed SSH access. Maybe you should try a SSH tunnel first, which requires almost no configuration. Just make sure to regularly install security updates on your server.
Hi
I have it working right but i cannot use utorrent with it….
i have failed in setting up it. i followed your guide but the proxy in my firefox is still down
Hello,
Can I add more than 1 user to access my proxy server? How can I do this?
maybe by adding more user privileged lines or more users to that one line?
you can add a new system user with “adduser anyusernameyouwanthere”
user.privileged: root means that dante will use root rights for certain actions, e.g. accessing the system password file for authentication.
Thanks for info
How to make proxy listen to inbound connection from client through ipv4 and tunnel all outbound connection to ipv6?
It looks like you can set internal.protocol: ipv4 and external.protocol: ipv6 to achieve this http://www.inet.no/dante/doc/latest/config/ipv6.html
on Ubuntu 15.10 (Linux with Systemd implmentation) & Dante 1.4.1
Seen:
dante doesn’t start
/var/log/socks.log=> dante.conf: error in line x near ‘s’ syntax error.
/etc/dante/conf=> [..] internal: enp0s1[…]
$ifconfig => enp0s1 Link encap: Ethernet HWaddr[…MyLAN…]
understood :
last OS change ‘eth0/eth1….’ with ‘enp2s0/…’
http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
found solution:
in /etc/default/grub change kernel command to avoid interface naming
=>sudo update-grub
=>reboot
=> enp2s0 renamed with eth0 => OK
so i copied every line to putty and doesnt work ? whats the username ??? whats the password ??? learn how to make a proper tutorial
“Yes, it is the system user. If you specify root you have to log in with the username “root” and the password of your server/vps that you use for SSH access”
hey man , thank you so much for this tutorial 🙂
i have an issue i tried you configuration but it doesn’t work
i have openvpn on the same vps , does that may cause the issue ?
hey man , thank you so much for this tutorial 🙂
i have an issue i tried you configuration but it doesn’t work
i have openvpn on the same vps , does that may cause the issue ?
a few remarks
– i prefer to use “external: venet0:0” instead of the external IP which isn’t required and a hassle if the externel IP changes each day
– the line “method: username none #rfc931” is marked as deprecated by now and it is even telling in the log now to use the new “socksmethod: username none #rfc931” instead
– the same with the last section “pass {from: 0.0.0.0/0 to: 0.0.0.0/0 protocol: tcp udp}”, it’s telling to use now “socks pass {from: 0.0.0.0/0 to: 0.0.0.0/0 protocol: tcp udp}”
Hello, I followed your guide but I still have some problems, I am using oracle vm and ubuntu server, which type of network should I use(NAT, brigde,etc) and should I make any optimization considering static ip, etc?
Hello, I followed your guide but I still have some problems, I am using oracle vm and ubuntu server, which type of network should I use(NAT, brigde,etc) and should I make any optimization considering static ip, etc?
apt-get upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages were automatically installed and are no longer required:
cl-asdf cl-rt common-lisp-controller gnome-system-log libglewmx1.13
liblircclient0 mariadb-common realpath sbcl sqlite
Use ‘apt autoremove’ to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up dante-server (1.4.1+dfsg-4) …
Job for danted.service failed because the control process exited with error code.
See “systemctl status danted.service” and “journalctl -xe” for details.
invoke-rc.d: initscript danted, action “start” failed.
● danted.service – SOCKS (v4 and v5) proxy daemon (danted)
Loaded: loaded (/lib/systemd/system/danted.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2017-01-31 20:27:34 IST; 7ms ago
Docs: man:danted(8)
man:danted.conf(5)
Process: 4899 ExecStart=/usr/sbin/danted -D (code=exited, status=1/FAILURE)
Process: 4893 ExecStartPre=/bin/sh -c uid=`sed -n -e “s/[[:space:]]//g” -e “s/#.*//” -e “/^user\.privileged/{s/[^:]*://p;q;}” /etc/danted.conf`; if [ -n “$uid” ]; then touch /var/run/danted.pid; chown $uid /var/run/danted.pid; fi (code=exited, status=0/SUCCESS)
Jan 31 20:27:34 root systemd[1]: Starting SOCKS (v4 and v5) proxy daemon (d…)…
Jan 31 20:27:34 root danted[4899]: Jan 31 20:27:34 (1485874654.384117) dant…ded?
Jan 31 20:27:34 root danted[4899]: Jan 31 20:27:34 (1485874654.384154) dant…s on
Jan 31 20:27:34 root danted[4899]: Jan 31 20:27:34 (1485874654.384165) dant…down
Jan 31 20:27:34 root systemd[1]: danted.service: Control process exited, co…us=1
Jan 31 20:27:34 root systemd[1]: Failed to start SOCKS (v4 and v5) proxy da…ed).
Jan 31 20:27:34 root systemd[1]: danted.service: Unit entered failed state.
Jan 31 20:27:34 root systemd[1]: danted.service: Failed with result ‘exit-code’.
Hint: Some lines were ellipsized, use -l to show in full.
dpkg: error processing package dante-server (–configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
dante-server
E: Sub-process /usr/bin/dpkg returned an error code (1)