Transparent proxy in Linux
-
First check if your DNS is a remote one or a local one
cat /etc/resolv.conf. If it's a local one like192.168.1.1, it does not a matter, but if the DNS is remote for example208.67.222.222, you need to add a route for it(see step 7). -
Find out your
Default Route(Gateway), it's192.168.28.2in my ubuntu machine.
- Run your SSRoT client to connect to your server, assuming that your remote server IP is
123.45.67.89, and local listen port is1080.
./ssr-client -c <your_config_file_full_path>
If you want to proxy SSH, you can replace the command with
ssh -N -C -D 1080 [email protected].
- Add tun interface
sudo ip tuntap add dev tun0 mode tun user <your_account_name>
- Setup the tun interface
sudo ifconfig tun0 10.0.0.1 netmask 255.255.255.0
- run
tun2socksof badvpn
badvpn-tun2socks --tundev tun0 --netif-ipaddr 10.0.0.2 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:1080 &
It's very easy to build
tun2socksfrom source code under Linux. Here are the stepsrm -rf badvpn git clone https://github.com/ambrop72/badvpn.git mkdir badvpn/build && cd badvpn/build cmake -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1 .. && make sudo rm -rf /usr/local/bin/badvpn-tun2socks sudo cp tun2socks/badvpn-tun2socks /usr/local/bin/ cd ../.. rm -rf badvpn badvpn-tun2socks --help
- If your DNS is a remote one, add a route to it with a lower metric than the tun one (lower than metric on step 9)
sudo route add 208.67.222.222 gw 192.168.28.2 metric 4
- Add a route for your SSRoT server or your SSH server (not 127.0.0.1)
sudo route add 123.45.67.89 gw 192.168.28.2 metric 4
- Add a default route to forward everything to the tun
sudo route add default gw 10.0.0.2 metric 6
Done.
Here is the full bash script.