Introduction
This tutorial will explain how to install and configure the Dante Socks5 Proxy on Debian/Ubuntu. Before you start the installation, you must meet the following conditions:
Prerequisites
- Server with Operating System Linux:
- Debian 12
- Ubuntu 24.04
- Access to root user or user with sudo permission
- SSH Tools
- PuTTY For Windows
- OpenSSH in Linux/macOS (available by default)
Step 1 - Install Dante
You can install Dante with apt. When using apt to install Dante, it might not install the latest version. Full details about release information are HERE.
-
Update the system packages and install Dante:
sudo apt update sudo apt install dante-server
On Debian, you might also need to run:
export PATH=$PATH:/usr/sbin
-
Check Dante Version:
holu@your_host:~# danted -v Dante v1.4.3
Step 2 - Configure Dante
Step 2.1 - Internet Interface
In the next step, we will create the Dante configuration file. In this file, you have to add the interface name of the public interface. We can check the interface name by running ip a
. The public interface usually has an MTU size of 1500 bytes. In the example below, the server uses the eth0
interface.
root@your_host:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:06:d1:d0 brd ff:ff:ff:ff:ff:ff
inet 203.0.113.1/32 metric 100 scope global dynamic eth0
valid_lft 86232sec preferred_lft 86232sec
Step 2.2 - Dante Configuration
Before we change the configuration, we must make a backup configuration file, because in the configuration file there is information about the functions of each configuration line.
sudo mv /etc/danted.conf /etc/danted.conf.bak
Then we edit the Danted configuration:
sudo nano /etc/danted.conf
Copy and paste the configuration below:
logoutput: /var/log/socks.log
internal: eth0 port = 1080
external: eth0
clientmethod: none
socksmethod: none
user.privileged: root
user.notprivileged: nobody
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
socks block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
Configuration Notes:
- If your server does not use the
eth0
interface, change it in the sectionsinternal
andexternal
. - If you use public wifi and it turns out that the non-standard port is blocked, you can replace it with another port like
53
or443
. In this case, change the port inport = 1080
to the port you want.
Make sure Dante can write the log entries:
sudo nano /lib/systemd/system/danted.service
Add this entry and save the changes:
[Service]
ReadWriteDirectories=/var/log
Start and check if Danted is running normally:
sudo systemctl daemon-reload
sudo systemctl start danted
sudo systemctl status danted
Step 2.3 - Dante Socks5 Test
curl -x socks5://<your_ip_server>:<your_danted_port> -4 https://ip.hetzner.com
Example output of the command:
holu@your_host:~# curl -x socks5://203.0.113.1:1080 -4 https://ip.hetzner.com
203.0.113.1
If the test fails, you can check the Danted log in /var/log/socks.log
.
Step 3 - Limit Access
Step 3.1 - Limit by Username
You can restrict access to your proxy server using a username and password.
Edit the Danted configuration in /etc/danted.conf
, and change this section:
# socksmethod: none // for non-authentication
socksmethod: username
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate
log: error connect disconnect
socksmethod: username
}
Save, and restart using:
sudo systemctl restart danted
sudo systemctl status danted
To create a user and password, use the following command:
sudo useradd holu -r
sudo passwd holu
Use the following command to test the login with your username and password:
curl -x socks5://<your_username>:<your_password>@<your_ip_server>:<your_danted_port> -4 https://ip.hetzner.com
Example output of the command:
-
With Username & Password:
holu@your_host:~# curl -x socks5://holu:secure-password@203.0.113.1:1080 -4 https://ip.hetzner.com 203.0.113.1
-
Without Username & Password:
holu@your_host:~# curl -x socks5://203.0.113.1:1080 -4 https://ip.hetzner.com curl: (97) No authentication method was acceptable. # It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.
You can check the login for success or failure on your proxy server with this command:
sudo tail -10 /var/log/socks.log
Example output of the command:
holu@your_host:~# sudo tail -10 /var/log/socks.log
Aug 28 09:48:27 (1724838507.525562) danted[2129]: info: pass(1): tcp/accept [: 203.0.113.1.38304 203.0.113.1.1080
Aug 28 09:48:27 (1724838507.599879) danted[2146]: info: pass(1): tcp/connect [: username%sock@203.0.113.1.38304 203.0.113.1.1080 -> 203.0.113.1.46603 213.133.116.46.443
Aug 28 09:48:27 (1724838507.717996) danted[2146]: info: pass(1): tcp/connect ]: 4178 -> username%sock@203.0.113.1.38304 203.0.113.1.1080 -> 799, 799 -> 203.0.113.1.46603 213.133.116.46.443 -> 4178: local client closed. Session duration: 0s
Aug 28 09:48:27 (1724838507.718030) danted[2146]: info: pass(1): tcp/accept ]: 4178 -> 203.0.113.1.38304 203.0.113.1.1080 -> 799: local client closed. Session duration: 0s
Aug 28 09:48:33 (1724838513.864032) danted[2129]: info: pass(1): tcp/accept [: 203.0.113.1.34414 203.0.113.1.1080
Aug 28 09:48:33 (1724838513.864239) danted[2129]: info: block(1): tcp/accept ]: 203.0.113.1.34414 203.0.113.1.1080: error after reading 4 bytes in 0 seconds: client offered no acceptable authentication method
Step 3.2 - Limit by IP Address
In the previous Danted configuration, we gave public access to all IPs to connect to our proxy server. In this step, we will limit access to only one or several IPs.
Edit the Danted configuration in /etc/danted.conf
, and change this section:
client pass {
from: 198.51.100.1/32 to: 0.0.0.0/0
log: error connect disconnect
}
198.51.100.1/32
is the single IP you want to allow access to your proxy server.
If you want to add another single IP again, just repeat the configuration.
client pass {
from: 198.51.100.1/32 to: 0.0.0.0/0
log: error connect disconnect
}
client pass {
from: 10.0.0.2/32 to: 0.0.0.0/0
log: error connect disconnect
}
Save, and restart using:
sudo systemctl restart danted
sudo systemctl status danted
If you want to give a range or block of IPs access, change the slash behind the IP to your IP block.
Use the following command to test the login to the proxy server with an unregistered IP:
-
If you are using username and password authentication
holu@your_host:~# curl -x socks5://holu:secure-password@203.0.113.1:1080 -4 https://ip.hetzner.com curl: (97) Recv failure: Connection reset by peer
-
If you are not using username and password authentication
holu@your_host:~# curl -x socks5://203.0.113.1:1080 -4 https://ip.hetzner.com curl: (97) Recv failure: Connection reset by peer
Conclusion
Now your server is ready to be used as a Socks5 Proxy using restrictions with username and IP address with danted applications on Debian or Ubuntu.