Server Requirements

Tested on Ubuntu 20.04 & Debian 11. Nice & simple for this one, all you’ll need is about 64MB of RAM & a single vCPU, you can probably do this on a 32MB LXC Container but goodluck running apt-get on that sucker.

Step 1 – Update the system

Firstly update your system, on Debian you can use the below command.

apt-get update && apt upgrade

Step 2 – Installing Dante

We’ll use Dante for this guide, Dante is an open-source SOCKS proxy server.

apt install dante-server

Check Dante is running.

systemctl status danted.service

The output will be a failure to start the service.

× danted.service - SOCKS (v4 and v5) proxy daemon (danted)
     Loaded: loaded (/lib/systemd/system/danted.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2023-01-17 06:02:01 UTC; 4s ago
       Docs: man:danted(8)
             man:danted.conf(5)
    Process: 3049367 ExecStartPre=/bin/sh -c    uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`;      if [ -n "$uid" ]; then                  touch /var/run>    Process: 3049389 ExecStart=/usr/sbin/danted (code=exited, status=1/FAILURE)
   Main PID: 3049389 (code=exited, status=1/FAILURE)

To start the service we’ll need to edit the config file, start by deleting the default config file then creating a new one.

rm /etc/danted.conf
nano /etc/danted.conf

Add the following into the new file, make sure you edit the port if needed. If you’re running this on an LXC container you’ll probably need to change the external network interface from eth0 to venet0

logoutput: syslog
user.privileged: root
user.unprivileged: nobody

# The listening network interface or address.
internal: 0.0.0.0 port=1080

# The proxying network interface or address.
external: eth0

# socks-rules determine what is proxied through the external interface.
socksmethod: username

# client-rules determine who can connect to the internal interface.
clientmethod: none

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}

If you’re using UFW be sure to open port 1080.

ufw allow 1080

Step 3 – Securing Dante

Dante will authenticate users using standard Linux user accounts. This is useful, but since the password for that connection will be transmitted in plain text, it’s crucial to create a specific SOCKS user who will not have access to any other parts of the server.

useradd -r -s /bin/false your_dante_user
passwd your_dante_user

Step 4 – Starting Dante

Now restart Dante with your configuration changes.

systemctl restart danted.service

Check the service is running correctly.

systemctl status danted.service

 danted.service - SOCKS (v4 and v5) proxy daemon (danted)
     Loaded: loaded (/lib/systemd/system/danted.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-01-17 06:10:50 UTC; 5s ago
       Docs: man:danted(8)
             man:danted.conf(5)
    Process: 3058300 ExecStartPre=/bin/sh -c    uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`;      if [ -n "$uid" ]; then                  touch /var/run>   Main PID: 3058304 (danted)

You can now successfully connect to your Dante server through your SOCKS proxy client.