Browser is ok but can't direct internet through a shadowsocks server

Ok it seems an easy thing but I just couldn’t make it work after lots and lots of searching. I have Ubuntu 14.04.

This is config.json file including configurations of my friend’s server running shadowsocks:

{
    "server":"ip address",
    "server_port":23,
    "local_port":1234,
    "password":"password",
    "timeout":600,
    "method":"aes-256-cfb"
}

I do sslocal -c config.json and successfully connect to the server.

Now for instance I can make it work with google-chrome using the following command: google-chrome --proxy-server="socks5://127.0.0.1:1234" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost"

The question is how can I make the whole internet connection to go through that server first. So that every single application can use it by default. Something you can activate and deactivate simply.

Things I tried and failed:

Using tsocks -> https://askubuntu.com/questions/532375/launch-program-through-shadowsocks

Using iptables as sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:1234 -> http://adminsgoodies.com/configuring-ubuntu-for-global-socks5-proxy/

Using System Settings -> Network -> Network Proxy along with dconf-tools to exclude hosts -> https://askubuntu.com/questions/70245/how-do-i-make-the-system-wide-proxy-settings-bypass-the-proxy-for-local-addresse

Asked By: sinaza

||

There is no general way to tunnel every Internet traffic through a SOCKS-proxy. However, there are specific ways for quite a few protocols – but not all of them. SOCKS5 supports TCP and UDP traffic, but not ICMP as far as I know. So, you cannot use traditional ping through such a proxy, for example.

Here’s a list of proxying clients (most of them support SOCKS5): Link

I have personally tried the client portion of Dante and proxychains (the original, not the -ng successor) on Linux, and both worked for me (proxychains proved to be a little bit more stable). Both work by redirecting the socket API requests from the application (so they have to set LD_PRELOAD environment variable for the application) to their own library. This may pose a problem when the application uses a setuid binary as LD_PRELOAD and the setuid feature are security-wise incompatible. Also, not every network-related API functions are redirected so some strange applications could face problems (eg: when the application wants to get a list of network interfaces and IP addresses).

These LD_PRELOAD-type proxy clients are not generally designed to work on a system-level, you are supposed to change the way of launching the application instead (by prefixing the application with the proxy client). In theory, you could set up the LD_PRELOAD environmental variable for your whole system or login session, and it might even work for some cases, however, you could run into subtle problems. Also, you cannot easily switch the redirection on or off without restarting the applications.

Answered By: Laszlo Valko

openvpn is the easiest to route everything
and you can connect to openvpn server via socks proxy

Modify openvpn script to connect via socks port 1234 by adding these two lines:

 socks-proxy localhost 1234
 socks-proxy-retry

This can be useful if openvpn protocol is being blocked
as in some of the more oppressive countries.
In general, socks proxy is set per application.
The above solution requires both an openvpn server and a shadowsocks server.

Answered By: Ardeeturfman
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.