Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!

Install and Configure Dante Socks5 Proxy on Debian/Ubuntu

profile picture
Author
Juni Yadi
Published
2019-05-09
Time to read
10 minutes reading time

Introduction

This tutorial will explain how to install and configure the Dante Socks5 Proxy on Debian/Ubuntu. Before you start the installation, you must meet the following conditions:

Prerequisites

  • Server with Operating System Linux :
    • Debian 9
    • Ubuntu 18.04
  • Root access
  • SSH Tools

Step 1 - Install Dante

Step 1.1 - Install from APT

apt update

// Debian 9
apt install dante-server

// Ubuntu 18.04
apt install dante-server

When the installation is complete, you will see that Danted has encountered an error, because it has not been configured yet.

Check Dante Version :

// Debian 9
root@your_host:~# danted -v
Dante v1.4.1

// Ubuntu 18.04
root@your_host:~# danted -v
Dante v1.4.2

Please note: when installing Dante using apt on Debian 9 and Ubuntu 18.04 there are differences in versions. In Debian 9 the Dante version of 1.4.1 is different from Ubuntu 18.04 which is 1.4.2. Full details about release information are HERE.

Step 1.2 - Install from Source (Optional)

If you want to install the latest version, please follow the tutorial below. Make sure to delete dante if it's already installed.

In this tutorial, we use the Dante version 1.4.2 (Download Pages)

apt update
apt install build-essential gcc make
wget http://www.inet.no/dante/files/dante-1.4.2.tar.gz
tar -xvf dante-1.4.2.tar.gz
cd dante-1.4.2
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-client --without-libwrap --without-bsdauth --without-gssapi --without-krb5 --without-upnp --without-pam
make
make install

Check Dante version :

root@your_host:~# /usr/sbin/sockd -v
Dante v1.4.2

You have successfully installed Dante from sources. Now, We have to make daemons danted on linux systems.

nano /etc/init.d/danted

Copy and paste the configuration below:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          danted
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: SOCKS (v4 and v5) proxy daemon (danted)
# Description:       Starts or stops the Dante SOCKS proxy daemon.
#                    Its configuration is stored in the /etc/danted.conf file;
#                    see the danted.conf(5) manual page for details.
### END INIT INFO
#
# dante SOCKS server init.d file. Based on /etc/init.d/skeleton:
# Version:  @(#)skeleton  1.8  03-Mar-1998  miquels@cistron.nl

. /lib/lsb/init-functions

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/sockd
NAME=danted
DESC="Dante SOCKS daemon"
PIDFILE=/var/run/$NAME.pid
CONFFILE=/etc/$NAME.conf

test -f $DAEMON || exit 0

set -e

# This function makes sure that the Dante server can write to the pid-file.
touch_pidfile ()
{
  if [ -r $CONFFILE ]; then
    uid="`sed -n -e 's/[[:space:]]//g' -e 's/#.*//' -e '/^user\.privileged/{s/[^:]*://p;q;}' $CONFFILE`"
    if [ -n "$uid" ]; then
      touch $PIDFILE
      chown $uid $PIDFILE
    fi
  fi
}

case "$1" in
  start)
    if ! egrep -cve '^ *(#|$)' \
        -e '^(logoutput|user\.((not)?privileged|libwrap)):' \
        $CONFFILE > /dev/null
    then
        echo "Not starting $DESC: not configured."
        exit 0
    fi
    echo -n "Starting $DESC: "
    touch_pidfile
    start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE \
        --exec $DAEMON -- -D
    echo "$NAME."
    ;;
  stop)
    echo -n "Stopping $DESC: "
    start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE \
        --exec $DAEMON
    echo "$NAME."
    ;;
  reload|force-reload)
    #
    #   If the daemon can reload its config files on the fly
    #   for example by sending it SIGHUP, do it here.
    #
    #   If the daemon responds to changes in its config file
    #   directly anyway, make this a do-nothing entry.
    #
     echo "Reloading $DESC configuration files."
     start-stop-daemon --stop --signal 1 --quiet --pidfile \
        $PIDFILE --exec $DAEMON -- -D
  ;;
  restart)
    #
    #   If the "reload" option is implemented, move the "force-reload"
    #   option to the "reload" entry above. If not, "force-reload" is
    #   just the same as "restart".
    #
    echo -n "Restarting $DESC: "
    start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
    sleep 1
    touch_pidfile
    start-stop-daemon --start --quiet --pidfile $PIDFILE \
      --exec $DAEMON -- -D
    echo "$NAME."
    ;;
  status)
    if ! egrep -cve '^ *(#|$)' \
        -e '^(logoutput|user\.((not)?privileged|libwrap)):' \
        $CONFFILE > /dev/null
    then
        configured=''
    else
        configured='1'
    fi
    if start-stop-daemon --status --quiet --pidfile $PIDFILE \
      --exec $DAEMON; then
        if [ -n "$configured" ]; then
            echo "$DESC running"
        else
            echo "$DESC running, yet not configured?!"
        fi
    else
        if [ -n "$configured" ]; then
            echo "$DESC not running"
        else
            echo "$DESC not configured"
        fi
    fi
    ;;
  *)
    N=/etc/init.d/$NAME
    # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
    echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
    exit 1
    ;;
esac

exit 0

Give access to Danted daemon:

chmod +x /etc/init.d/danted
update-rc.d danted defaults

Now you can start / stop danted services with the installed version using apt:

systemctl status danted
systemctl start danted
systemctl stop danted

// Automatic Start Danted After Reboot
systemctl enable danted

Step 2 - Configure Dante

Step 2.1 - Internet Interface

We must check the server interface, in the example below, the server uses the eth0 interface.

root@your_host:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:06:d1:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.1 scope global eth0
       valid_lft forever preferred_lft forever

Step 2.2 - Dante Configuration

Before we change the configuration, we must make a backup configuration file, because in the configuration file there is information about the functions of each configuration line.

mv /etc/danted.conf /etc/danted.conf.bak

Then we edit the Danted configuration:

nano /etc/danted.conf

Copy and paste the configuration below:

logoutput: /var/log/socks.log
internal: eth0 port = 1080
external: eth0
clientmethod: none
socksmethod: none
user.privileged: root
user.notprivileged: nobody

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}
client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}
socks block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

Configuration Notes

  • If your server does not use the eth0 interface, change it in the section internal and external.
  • If you use public wifi and it turns out that the non-standard port is blocked, you can replace it with another port like 53 or 443, change in port = 1080 to port you want it.

Start and check if Danted is running normally:

systemctl start danted
systemctl status danted

Step 2.3 - Dante Socks5 Test

curl -x socks5://<your_ip_server>:<your_danted_port> ifconfig.co

Example output of the command:

root@your_host:~# curl -x socks5://10.0.0.1:1080 ifconfig.co
10.0.0.1

If when doing a test it turns out that it failed, you can check the log is Danted on /var/log/socks.log

Step 3 - Limit Access

Step 3.1 - Limit by Username

You can restrict access to your proxy server using a username and password.

Edit Danted Configuration on /etc/danted.conf, and change this section:

# socksmethod: none // for non-authentication
socksmethod: username

socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        log: error connect disconnect
        socksmethod: username
}

Save and restart using systemctl restart danted.

To create a user and password, use the following command:

useradd holu -r
passwd holu

Use the following command to test the login with your username and password:

curl -x socks5://<your_username>:<your_password>@<your_ip_server>:<your_danted_port> ifconfig.co

Example output of the command:

  • With Username & Password:
root@your_host:~# curl -x socks5://holu:2M6GTPkKubsrED5F@10.0.0.1:1080 ifconfig.co
10.0.0.1
  • Without Username & Password:
root@your_host:~# curl -x socks5://10.0.0.1:1080 ifconfig.co
curl: (7) No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)

You can check the login for success or failure on your proxy server with the command tail -10 /var/log/socks.log

Example output of the command:

root@your_host:~# tail -10 /var/log/socks.log
Apr 19 12:15:16 (1555701316.599506) danted[1477]: info: pass(1): tcp/accept [: 203.0.113.1.36730 10.0.0.1.1080
Apr 19 12:15:16 (1555701316.625405) danted[1479]: info: pass(1): tcp/connect [: username%holu@203.0.113.1.36730 10.0.0.1.1080 -> 10.0.0.1.36730 104.28.19.94.80
Apr 19 12:15:16 (1555701316.808180) danted[1479]: info: pass(1): tcp/connect ]: 363 -> username%holu@203.0.113.1.36730 10.0.0.1.1080 -> 75, 75 -> 10.0.0.1.36730 104.28.19.94.80 -> 363: local client closed.  Session duration: 0s
Apr 19 12:15:16 (1555701316.808231) danted[1479]: info: pass(1): tcp/accept ]: 363 -> 203.0.113.1.36730 10.0.0.1.1080 -> 75: local client closed.  Session duration: 0s
Apr 19 12:15:20 (1555701320.794622) danted[1596]: info: pass(1): tcp/accept [: 203.0.113.1.36732 10.0.0.1.1080
Apr 19 12:15:20 (1555701320.796002) danted[1596]: info: block(1): tcp/accept ]: 203.0.113.1.36732 10.0.0.1.1080: error after reading 4 bytes in 0 seconds: client offered no acceptable authentication method

Step 3.2 - Limit by IP Address

In the previous danted configuration, we gave public access to all IPs to connect to our proxy server. In this step, we will limit access to only one or several IPs.

Edit Danted Configuration on /etc/danted.conf, and change this section:

client pass {
        from: 203.0.113.1/32 to: 0.0.0.0/0
        log: error connect disconnect
}
  • 203.0.113.1/32 is the single IP you want to allow access to your proxy server.

If you want to add another single IP again, just repeat the configuration.

client pass {
        from: 203.0.113.1/32 to: 0.0.0.0/0
        log: error connect disconnect
}
client pass {
        from: 198.51.100.1/32 to: 0.0.0.0/0
        log: error connect disconnect
}

Save and restart using systemctl restart danted.

If you want to give a range or block of IPs access, change the slash behind the IP to your IP block.

Use the following command to test the login to the proxy server with an unregistered IP:

  • If you are using username and password authentication
root@your_host:~# curl -x socks5://holu:2M6GTPkKubsrED5F@10.0.0.1:1080 ifconfig.co
curl: (7) Unable to receive initial SOCKS5 response.
  • If you are not using username and password authentication
root@your_host:~# curl -x socks5://10.0.0.1:1080 ifconfig.co
curl: (7) Unable to receive initial SOCKS5 response.

Conclusion

Now your server is ready to be used as a Socks5 Proxy using restrictions with username and IP address with danted applications on Debian or Ubuntu.

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Report Issue

Discover our

Dedicated Servers

Configure your dream server. Top performance with an excellent connection at an unbeatable price!

Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more