esocksd is a robust SOCKS proxy server daemon.
As an OTP application, esocksd is aimed for serving LARGE number of clients.
- SOCKS 4 + 4A
- SOCKS 5 + 5h (RFC 1928)
- Username/Password authentication mode (RFC 1929)
- Restricting allowed SOCKS commands
- Restricting access to networks
- Comprehensive logging
- Multi interface and port operation
- IPv4 + IPv6 support
$ mkdir esocksd && cd esocksd
$ wget /~https://github.com/ValtteriL/esocksd/releases/download/1.0.0/esocksd-1.0.0.tar.gz
$ tar -zxvf esocksd-1.0.0.tar.gz
$ export PATH=$PATH:$PWD/bin
$ esocksd
Run on foreground:
$ esocksd foreground
Run in background as daemon and stop:
$ esocksd daemon
$ esocksd stop
Attach to running node (for debugging purposes):
$ esocksd remote_console
Show usage:
$ esocksd
Build from source (requires rebar3)
$ rebar3 tar
esocksd is configured in sys.config.src that you can find in the releases/1.0.0/ directory.
The configuration looks as follows:
{listenaddress, ["0.0.0.0", "::"]},
{port, [${PORT:-1080}]},
{loglevel, ${LOGLEVEL:-notice}},
{logfile, "${LOGFILE:-esocksd.log}"},
{authmethod, ${AUTHMETHOD:-none}},
{allowcommands, [connect, bind, udp_associate]},
{networkacl, [
{allow, "0.0.0.0/0"},
{block, "255.255.255.255/31"}
]},
{networkacl6, [
{allow, "::/0"}
]},
{userpass, []}
Specifies the local addresses esocksd should listen on.
Specified as a list of strings. Example: ["0.0.0.0", "::"]
.
The default is to listen on all local addresses.
Specifies the port number that esocksd listens on.
Specified as a list of strings. Example: [1080, 1081]
.
The default is [1080]
.
Can be overwritten with environment variable PORT. Example: PORT=1080 esocksd
.
Gives the verbosity level that is used when logging messages from esocksd. The possible values are:
emergency | alert | critical | error | warning | notice | info | debug
The default is notice
.
Can be overwritten with environment variable LOGLEVEL. Example: LOGLEVEL=debug esocksd
.
File to write log output to. Specified as a string.
Example: esocksd.log
.
Can be overwritten with environment variable LOGFILE. Example: LOGFILE=/dev/null esocksd
.
Authentication method used. The possible values are:
none | userpass
none = no authentication required
userpass = username + password authentcation required (disables SOCKS4 as it does not support authentication)
The default is none
.
Can be overwritten with environment variable AUTHMETHOD. Example: AUTHMETHOD=userpass esocksd
.
SOCKS commands that are allowed. The possible values are:
connect | bind | udp_associate
Specified as a list of atoms. Example: [connect, bind, udp_associate]
.
The defauls is [connect, bind, udp_associate]
.
Which IPv4 networks to allow users to connect to. Evaluated in order from top to bottom.
Specified as a list of tuples. The possible tuples are of form {allow|block, network}.
Example: [{allow, "0.0.0.0/0"}, {block, "255.255.255.255/31"}]
.
The default is to allow all networks except localhost.
Same as networkacl but for IPv6.
Example: [{allow, "::/0"}]
.
The default is to allow all networks except localhost.
Usernames and passwords for password authentication.
Specified as list of tuples. The tuples are of form {username, password}.
Example: [{"username", "password"},{"admin", "secret"}]
.
By default there are no usernames or passwords.
If you are having problems with esocksd, please raise an issue on Github.
Contributions are welcome. You can contribute by cloning the repository and creating a pull request.
- per-user ACL