Skip to content

Transparent proxy in Linux

ssrlive edited this page Aug 18, 2021 · 16 revisions
  1. First check if your DNS is a remote one or a local one cat /etc/resolv.conf. If it's a local one like 192.168.1.1, it does not a matter, but if the DNS is remote for example 208.67.222.222, you need to add a route for it(see step 7).

  2. Find out your Default Route (Gateway), it's 192.168.28.2 in my ubuntu machine.

image

  1. Run your SSRoT client to connect to your server, assuming that your remote server IP is 123.45.67.89, and local listen port is 1080.
./ssr-client -c <your_config_file_full_path>

If you want to proxy SSH, you can replace the command with ssh -N -C -D 1080 [email protected].

  1. Add tun interface
sudo ip tuntap add dev tun0 mode tun user <your_account_name>
  1. Setup the tun interface
sudo ifconfig tun0 10.0.0.1 netmask 255.255.255.0
  1. run tun2socks in badvpn
badvpn-tun2socks --tundev tun0 --netif-ipaddr 10.0.0.2 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:1080 &
  1. If your DNS is a remote one, add a route to it with a lower metric than the tun one (lower than metric on step 9)
sudo route add 208.67.222.222 gw 192.168.28.2 metric 4
  1. Add a route for your SSRoT server or your SSH server (not 127.0.0.1)
sudo route add 123.45.67.89 gw 192.168.28.2 metric 4
  1. Add a default route to forward everything to the tun
sudo route add default gw 10.0.0.2 metric 6

Done.