Opened 7 weeks ago

Last modified 3 days ago

#2472 new enhancement

SOCKS5 support in server tunnels

Reported by: zab Owned by:
Priority: minor Milestone: undecided
Component: apps/i2ptunnel Version: 0.9.39
Keywords: Cc: meeh, sadie
Parent Tickets:

Description

The idea is to "chain" a server tunnel to a socks5 proxy like Tor. Instead of a simple outgoing tcp connection, socks5 would be used.

Subtickets (add)

#648: outbound (proxy) node supportenhancementnewzzz
#2478: I2PTunnelHTTPServer logs should be scrubbeddefectnew

Change History (13)

comment:1 Changed 7 weeks ago by zzz

This is SOCKS BIND? Or an alternative?

Isn't this something squid could do?

Please provide use cases and reasons why this would be the right way to do it.

comment:2 Changed 5 weeks ago by zzz

  • Cc meeh sadie added

From discussion - use case is proxy to local Tor.

Possible alternatives:

  • proxy to orchid plugin
  • straight outproxy to clearnet
  • proxy to local squid
  • combination of above with special-case for .onion

Possible implementations:

  • new server tunnel type(s)
  • plugin

Possible use cases:

  • new proxy for use by all
  • "private" proxy for friends and family (with user/pw access? encrypted LS?)
  • community-run special-purpose or single-target outproxies for blocked sites/apps in certain countries (possibly combined with meta-LS2/garlic farm)

@sadie please provide requirements and further document use cases
@meeh please provide admin/filtering/blocking/logging requirements based on your experience

Last edited 5 weeks ago by zzz (previous) (diff)

comment:3 Changed 5 weeks ago by sadie

Use cases: human rights workers/defenders, orgs, friends and family, communities in repressive environments, researchers, journalists, environmental activists.
Meant to circumnavigate blockages, outages and protect searches.
Password protected.
Squid or other preconfigured for security.
Focus on smaller scale use cases.

UX considerations - minimal straight forward config and a system for auditing bad behaviour.

Last edited 5 weeks ago by sadie (previous) (diff)

comment:4 Changed 5 weeks ago by zzz

http://0xcc.i2p/howto-setup-an-i2p-outproxy/ recommends squid or privoxy in one line and without further instructions. Squid is enormous and complex. Neither could be reasonably bundled or preconfigured in the router or a plugin.

  • Are the requirements for http/https only, or are all protocols/ports required?
  • Whitelist/blacklist of ports?
  • Whitelist/blacklist of sites?
  • DoH?
  • user/pw for http/https could be implemented (rfc 2617) but for other protocols would need encrytped ls2 with per-client auth

comment:5 Changed 5 weeks ago by Reportage

UDP support is desirable for supporting various classes of applications, including:

Existing projects that provide Java UDP socks server capabilities include:

comment:6 Changed 5 weeks ago by meeh

then install privoxy and apply the following config:

forward-socks4a .onion localhost:9050 .
forward .i2p 127.0.0.1:4444

comment:7 Changed 5 weeks ago by zzz

Add a subticket #648.

comment:8 Changed 5 weeks ago by zzz

I'd also like to hear requirements for filtering of HTTP headers, if any

comment:9 Changed 5 weeks ago by zzz

Add a subticket #2478.

comment:10 Changed 4 weeks ago by meeh

Just to clarify, in my setup it's only the tor traffic (.onion pages) that would go via tor, other traffic goes straight out on clearnet.

comment:11 Changed 4 weeks ago by meeh

I think I2P would benefit of having a built-in SOCKSv5 server. This seems like a good impl. of that; https://github.com/fengyouchao/sockslib

comment:12 Changed 4 weeks ago by zzz

@meeh

comment 10 belongs over on this somewhat-related thread http://zzz.i2p/topics/2706

re: comment 11, this ticket is about requirements and use cases, not implementation, or looking for a library; in any case, we already have both client and server code in our codebase.

comment:13 Changed 3 days ago by zzz

bump, we probably need to schedule a meeting to decide on possible changes if any, and set target releases.

Note: See TracTickets for help on using tickets.