Opened 5 months ago

Last modified 4 weeks ago

#2472 new enhancement

SOCKS5 support in server tunnels

Reported by: Zlatin Balevsky Owned by:
Priority: minor Milestone: undecided
Component: apps/i2ptunnel Version: 0.9.39
Keywords: Cc: Meeh, sadie
Parent Tickets: Sensitive: no


The idea is to "chain" a server tunnel to a socks5 proxy like Tor. Instead of a simple outgoing tcp connection, socks5 would be used.


#648: outbound (proxy) node supportnewzzz
#2478: I2PTunnelHTTPServer logs should be scrubbednew

Change History (14)

comment:1 Changed 5 months ago by zzz

This is SOCKS BIND? Or an alternative?

Isn't this something squid could do?

Please provide use cases and reasons why this would be the right way to do it.

comment:2 Changed 4 months ago by zzz

Cc: Meeh sadie added

From discussion - use case is proxy to local Tor.

Possible alternatives:

  • proxy to orchid plugin
  • straight outproxy to clearnet
  • proxy to local squid
  • combination of above with special-case for .onion

Possible implementations:

  • new server tunnel type(s)
  • plugin

Possible use cases:

  • new proxy for use by all
  • "private" proxy for friends and family (with user/pw access? encrypted LS?)
  • community-run special-purpose or single-target outproxies for blocked sites/apps in certain countries (possibly combined with meta-LS2/garlic farm)

@sadie please provide requirements and further document use cases
@meeh please provide admin/filtering/blocking/logging requirements based on your experience

Last edited 4 months ago by zzz (previous) (diff)

comment:3 Changed 4 months ago by sadie

Use cases: human rights workers/defenders, orgs, friends and family, communities in repressive environments, researchers, journalists, environmental activists.
Meant to circumnavigate blockages, outages and protect searches.
Password protected.
Squid or other preconfigured for security.
Focus on smaller scale use cases.

UX considerations - minimal straight forward config and a system for auditing bad behaviour.

Last edited 4 months ago by sadie (previous) (diff)

comment:4 Changed 4 months ago by zzz

http://0xcc.i2p/howto-setup-an-i2p-outproxy/ recommends squid or privoxy in one line and without further instructions. Squid is enormous and complex. Neither could be reasonably bundled or preconfigured in the router or a plugin.

  • Are the requirements for http/https only, or are all protocols/ports required?
  • Whitelist/blacklist of ports?
  • Whitelist/blacklist of sites?
  • DoH?
  • user/pw for http/https could be implemented (rfc 2617) but for other protocols would need encrytped ls2 with per-client auth

comment:5 Changed 4 months ago by Reportage

UDP support is desirable for supporting various classes of applications, including:

Existing projects that provide Java UDP socks server capabilities include:

comment:6 Changed 4 months ago by Meeh

then install privoxy and apply the following config:

forward-socks4a .onion localhost:9050 .
forward .i2p

comment:7 Changed 4 months ago by zzz

Add a subticket #648.

comment:8 Changed 4 months ago by zzz

I'd also like to hear requirements for filtering of HTTP headers, if any

comment:9 Changed 4 months ago by zzz

Add a subticket #2478.

comment:10 Changed 4 months ago by Meeh

Just to clarify, in my setup it's only the tor traffic (.onion pages) that would go via tor, other traffic goes straight out on clearnet.

comment:11 Changed 4 months ago by Meeh

I think I2P would benefit of having a built-in SOCKSv5 server. This seems like a good impl. of that;

comment:12 Changed 4 months ago by zzz


comment 10 belongs over on this somewhat-related thread http://zzz.i2p/topics/2706

re: comment 11, this ticket is about requirements and use cases, not implementation, or looking for a library; in any case, we already have both client and server code in our codebase.

comment:13 Changed 3 months ago by zzz

bump, we probably need to schedule a meeting to decide on possible changes if any, and set target releases.

comment:14 Changed 4 weeks ago by zzz

Sensitive: unset

Bump, awaiting chart from sadie of the various requirements/features/priorities, then we will have a meeting, then we will research dev effort required, then we will put into the roadmap.

Somewhat related: #2086 #1393 would like guidance on these while you're at it.

Note: See TracTickets for help on using tickets.