Now that we have our own IPv6 address working, it’s time to use it as a proxy to your home.
This tutorial assumes you have Debian installed on your VPS.
Take note that SOCKS5 is unencrypted, you should only run it inside an SSH tunnel or a WireGuard tunnel.
Since Dante can use a specified source IP, it does not require setting a source IP on the routing table.
Setup Dante SOCKS5 proxy
Install Dante.
sudo apt install dante-server
Delete Dante’s default config file.
sudo rm /etc/danted.conf
Create new Dante config file.
sudo nano /etc/danted.conf
Here is an example config for Dante over an SSH tunnel.
Since we are going to tunnel SOCKS5 over SSH, I have disabled authentication.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 127.0.0.1 port=1080 # Only listen to localhost
# The proxying network interface or address.
external: <Your IPv6 address assigned to your dummy1>
# socks-rules determine what is proxied through the external interface.
socksmethod: none
# client-rules determine who can connect to the internal interface.
clientmethod: none
# Localhost
client pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
}
# Block anything not from localhost
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
socks pass {
from: 0/0 to: 0/0
}
|
Here is an example config for Dante over an SSH tunnel and Cloudflare WARP’s WireGuard tunnel.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=1080 # Listen to the whole IPv4 internet
# The proxying network interface or address.
external: <Your IPv6 address assigned to your dummy1>
# socks-rules determine what is proxied through the external interface.
socksmethod: none
# client-rules determine who can connect to the internal interface.
clientmethod: none
# Cloudflare WARP
client pass {
from: 100.96.0.0/12 to: 0.0.0.0/0
}
# Localhost
client pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
}
# Block anything not from Cloudflare WARP or localhost
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
socks pass {
from: 0/0 to: 0/0
}
|
Since my IPv6 only VPS does not have IPv4, I use Cloudflare WARP to get IPv4 connectivity on my VPS.
Here is an example config for Dante with IPv4 connectivity from Cloudflare WARP.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=1080 # Listen to the whole IPv4 internet
# The proxying network interface or address.
external: <Your IPv6 address assigned to your dummy1>
# IPv4 from Cloudflare WARP WireGuard
external: wg0
# socks-rules determine what is proxied through the external interface.
socksmethod: none
# client-rules determine who can connect to the internal interface.
clientmethod: none
# Cloudflare WARP
client pass {
from: 100.96.0.0/12 to: 0.0.0.0/0
}
# Localhost
client pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
}
# Block anything not from Cloudflare WARP or localhost
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
socks pass {
from: 0/0 to: 0/0
}
|
Combining all together, here is my example config using my own IPv6 prefix.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=1080 # Listen to the whole IPv4 internet
# The proxying network interface or address.
external: 2a0a:6044:accd::
# IPv4 from Cloudflare WARP WireGuard
external: wg0
# socks-rules determine what is proxied through the external interface.
socksmethod: none
# client-rules determine who can connect to the internal interface.
clientmethod: none
# Cloudflare WARP
client pass {
from: 100.96.0.0/12 to: 0.0.0.0/0
}
# Localhost
client pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
}
# Block anything not from Cloudflare WARP or localhost
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
socks pass {
from: 0/0 to: 0/0
}
|
Restart Dante proxy.
sudo systemctl restart danted.service
Check status of Dante proxy.
sudo systemctl status danted.service
Connect to your SOCKS5 proxy
Now that the SOCKS5 proxy is working, we can verify if it is working.
Using SSH tunnel
Connect to your VPS server using SSH with SSH port forwarding.
Use curl to check if the proxy is working and if is returning the right IPv6 address.
curl -x socks5://localhost:1080 api.myip.com
If it returns your IPv6 prefix, it is now working, and you can use it on a browser like Firefox.
Using Cloudflare WARP WireGuard
- Use curl to check if the proxy is working and if is returning the right IPv6 address.
curl -x socks5://<IPv4 address of the server on Cloudflare WARP>:1080 -6 api.myip.com
Example: curl -x socks5://100.96.0.6:1080 api.myip.com