[custom/socks5_openvpn] SOCKS5 proxy can only be accessed by host via loopback

warren-bank / fork-levinux

Extensible starter project that combines QEMU with Tiny Core Linux. Provides all the necessary boilerplate, and allows for easy customization.

1 stars 0 forks source link

[custom/socks5_openvpn] SOCKS5 proxy can only be accessed by host via loopback #1

Open warren-bank opened 1 year ago

warren-bank commented 1 year ago

OpenSSH config:

GatewayPorts yes

successful test performed by host:

  url='http://ipecho.net/plain'
  proxy='socks5h://127.0.0.1:1080'
  curl --silent --proxy "$proxy" "$url"

failed test performed by host:

  url='http://ipecho.net/plain'
  proxy='socks5h://192.168.0.2:1080'
  curl --silent --proxy "$proxy" "$url"

background:

SOCKS5 proxy is started by TCL guest with command:

sudo -u tc /usr/local/bin/ssh -f -N -D 0.0.0.0:1080 tc@localhost

warren-bank commented 1 year ago

failed attempt:

file: ssh_config
append:
```
Host *
  CheckHostIP no
```

warren-bank commented 1 year ago

failed attempt:

  sudo -s

  # cat /home/tc/openvpn/log.txt

  /usr/local/sbin/ip route add 192.168.0.0/24 via 10.114.204.1

warren-bank commented 1 year ago

failed attempt:

  # https://www.qemu.org/docs/master/system/devices/net.html

  sudo /usr/local/sbin/ip route add 10.0.2.15 via 10.114.204.1

warren-bank commented 1 year ago

failed attempt:

  # https://www.qemu.org/docs/master/system/devices/net.html

  sudo /usr/local/sbin/ip route add 10.0.2.2 via 10.114.204.1

restore access by host via loopback:

  sudo /usr/local/sbin/ip route del 10.0.2.2

warren-bank commented 1 year ago

failed attempt:

  # https://www.qemu.org/docs/master/system/devices/net.html

  sudo /usr/local/sbin/ip route del 10.0.2.0/24
  sudo /usr/local/sbin/ip route add 10.0.2.0/24 via 10.114.204.1

restore access by host via loopback:

  sudo /usr/local/sbin/ip route del 10.0.2.0/24
  sudo /usr/local/sbin/ip route add 10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15

warren-bank commented 1 year ago

successful workaround:

run GOST on localhost as a SOCKS5 proxy relay

test environment:

  url='http://ipv4.icanhazip.com/'
  curl --silent "$url"

  proxy='socks5h://127.0.0.1:1080'
  curl --silent --proxy "$proxy" "$url"

test:

  gost -L socks5://:1081 -F=socks5://127.0.0.1:1080?notls=true

  proxy='socks5h://127.0.0.1:1081'
  curl --silent --proxy "$proxy" "$url"

  proxy='socks5h://192.168.0.2:1081'
  curl --silent --proxy "$proxy" "$url"

notes:

GOST is written in golang
its releases include prebuilt binaries for nearly every platform
- I tested with: v2.11.5 for Win64