SOCKS5 is a simple, eloquent method for getting yourself a proxified connection to the internet. All you need to get a proxy connection working is to run an SSH server somewhere, run a single command locally, and configure your software (or OS) to use this proxy. Why would you want to run a proxy? Well, all traffic sent between your client machine (e.g. a wireless laptop at a coffee shop), and the remote machine (e.g. your home server located on your trusted network) will be encrypted. Also, your external IP address will be that of the SSH server, which can be useful for various other reasons.
For this tutorial I will show screenshots for setting up an OS level proxy in OS X. Linux should have some similar GUI tools involved, or you can always configure it on the command line. I’m not sure if Windows has similar tools. I’m assuming you are familiar with networking basics and have a linux server setup with internet connectivity.
The first thing you will need to do is install an SSH daemon on your Linux server. Depending on your OS, it is usually as simple as running the following command (most distro’s allow all normal users SSH access by default, save for the root user).
sudo apt-get install sshd
You’ll also need to have port forwarding setup for the SSH port (22) so that external requests to this port are forwarded to your server. I can’t show you how to do that though since I don’t know how your router works!
Next, you’ll need to run the following command on your client machine. What the command does it executes SSH as a background process, and sets up port 1080 to listen locally for connection requests (you can change that number). It also doesn’t display errors if there are any (useful for running automatically when you login to your client). It will prompt you for a username and password though… What you should do is setup your client and server to authenticate without a password, this will make your life a lot easier and allow the command to be executed without your intervention.
ssh -D 1080 -f -C -q -N -p 22 username@servername
Easy, huh? You can now configure software to connect to a SOCKS5 proxy at localhost:1080. If you browse to ip.thomashunter.name both before and after running this, you should see that your external IP address will change.
You may be wondering how to do that last part… I’ll now show you a bunch of screenshots for enabling this on the OS level using Apple OS X’s network manager.
OS X: Enabling SOCKS5 Proxy
First, open up OS X’s system preferences. You can usually do this by hitting Cmd + Space, and typing Preferences and pressing enter.
Next, click the Network icon under Internet & Wireless. You will see a bunch of tabs, click the one titled Proxies.
Now, enable the SOCKS5 Proxy option. This will bring up the configuration settings to the right. You’ll want to enter localhost for the server name and 1080 for the port number. You won’t need to use a username or password with this proxy so leave them blank (the authentication happened earlier with the command we executed).
You can enable the Exclude simple hostnames option if you plan on doing anything regarding other machines on the local network (local to the client). This is so that if you want to access a machine by it’s DNS name, the proxy doesn’t steal that request. This is useful if you want to do work at a corporate office, for example.
Now, if you ever need to enable or disable this proxy, you have to go all the way through the System Preferences and click this checkbox. How tedious! Luckily though, there is a lifesaver of a dashboard widget which gives you an easy to access toggle button. You can download the proxy widget here. It has an info option where you can specify which proxies to enable in the interface; I only ever use SOCKS5, so that’s the only one I have enabled. This screenshot below shows the simplicity of the interface.
With it being so simple to enable and disable a proxy, make sure you always turn the proxy on when you’re on a public, unencrypted network, such as a coffee shop. You never know who might be sniffing packets.