Configuration of SocksProxy


The module SocksSetup is recommended for configuring SocksProxy, but here is a description of the setup in the registry for the knowledgable. The configuration parameters are located in the registry under "HKLM\SOFTWARE\Wow6432Node\SocksProxy" for 64 bit Windows, and "HKLM\SOFTWARE\SocksProxy" for 32 bit Windows. Note that if the server is run from a command prompt, it will ask for elevation, if the prompt is not already elevated, for the server to have access to the registry key. Alternatively, use the -l option together with -c. This will read the configuration from HKCU\SOFTWARE\SocksProxy instead, eliminating the nead for elevation, but also removing the possibility of sharing the configuration between running from a command prompt and as a service. This is mostly intended for testing.

The structure of the registry keys under the SocksProxy key is as follows:

Proxies\<name>\

    Active (DWORD)
0, not active, 1 active, default 1.
    Authentication (SZ)
"None" or "UsernamePassword" ("unpw"), default "None".
    Carrier (SZ)
Name of the carrier to use (optional).
    DestinationIP (SZ)
IP address or name of destination, used by Transparent.
    DestinationPort (DWORD)
Port of destination, used by Transparent.
    ExternalIP (SZ)
IP or name used to connect from, 0.0.0.0 means any.
    Gre (DWORD)
0, no gre routing, 1 gre routing, used by Transparent.
    ListenIP (SZ)
IP or name of listener, 0.0.0.0 to listen on all.
    ListenPort (DWORD)
Port used by listener.
    PublicIP (SZ)
IP address used for Socks bind.
    Protocol (SZ)
Protocol for proxy: Socks, Socks4, Socks5, Transparent.

Carriers\<name>\

    IP (SZ)
IP or name of the "next" proxy.
    Port (DWORD)
Port of the "next" proxy.
    Protocol (SZ)
Protocol to use when talking to the next proxy.
    Authentication (SZ)
"None" or "UsernamePassword" ("unpw"), default "None".
    Username (SZ)
Username if authentication is "UsernamePassword" ("unpw").
    Password (SZ)
Password if authentication is "UsernamePassword" ("unpw").

Names\

    <name> (SZ)
IP address or DNS name.

Detailed explanation of the configuration.

Proxies are all configured seperately under their individually named keys under the "Proxies" key.

When configuring a proxy, first consider what type of proxy you need:

Protocol (SZ)
    "Transparent"
Simple forwarding to a fixed destination. Configure your client program to connect to this proxy instead of the real destination, and configure the proxy to connect to the actual destination (see later).
    "Socks"
Socks proxy, either 4, 4a or 5. The client will need to know one of these protocols, and will itself instruct the proxy where to connect.
    "Socks4"
As above, but only Socks 4 or 4a.
    "Socks5"
As above, but only Socks 5.

Next, specify the ip and port to listen on. These are the values that you will need to put into your client application.

ListenIP (SZ)
IP address or name (see later).
ListenPort (DWORD)
Tcp port.

If your proxy is on a multihomed PC (it usually is), you may configure the ip address to connect from, to ensure that the connection is established on the right network adapter.

ExternalIP (SZ)
IP address or name (see later).

When using one of the Socks protocols, the required type of authentication must be specified:

Authentication (SZ)

    "None"
No authentication is required.
    "UsernamePassword"
(Or simply "unpw".) The socks client must specify a username and password.

Certain elements of the Socks protocol requires the socks proxy to know on which ip address servers will connect to when doing callback. When chaining to another proxy, this is not relevant, but when not chaining, (the most frequent case), that ip can be specified as:

PublicIP (SZ)
IP address or name (see later).

If you are configuring a transparent proxy, there are a few more choices to make. For transparent proxies, the client application should be configured with the proxy IP address and port, and the proxy should be configured with the actual destination IP and port.

DestinationIP (SZ)
IP address or name (see later).
DestinationPort (DWORD)
Tcp port.

If you are using the transparent proxy to route a Microsoft VPN, you will need to route the GRE protocol as well:

Gre (DWORD)

    0
"Regular" transparent proxy without GRE.
    1
Route the GRE protocol as well.

Sometimes the proxy server cannot itself connect directly to the desired destination, but will need to connect to another proxy server, possibly even of another brand. This is possible, (except for the transparent protocol) if that other proxy server implements the Socks protocol in a similar manner with respect to authentication. Specify that other server as a carrier:

Carrier (SZ)
Name of carrier (see later).

IP Addresses and Names

Whenever an ip address is required, it should be specified as a string using IPV4 notation, for instance, "192.168.1.100". However, it is also possible to specify a name instead, like "MyServer". When the proxy server finds a string, that does not translate into an ip address, it will first look for a string with that name under the key "Names". If such a string is found, the value of that string is read and interpreted as an ip address or a DNS name. If no string is found with a matching name, the name itself is interpreted as a DNS name. Some speciel ip addresses are available:

"0.0.0.0"
Can be used for ListenIP and ExternalIP and means that the proxy will listen on all available addresses, and connect from any suitable address. This is also the default if not specified.
"0.0.0.1"
Can be used for PublicIP and means that an external service will be contacted in order to detect the current public ip address. This is also the default. Note that this method CAN fail, if the network or remote service is not available when the proxy server is started, in which case the specific proxy is disabled.

Carriers

Proxies can be "chained", meaning that the proxy will relay the requested service through to the "next" socks proxy in the chain. The next proxy can either be an identical proxy, or another brand of proxy, as long as it offers the required service and allows connecting to it. Carriers are specified under the key "Carriers", with a key with the chosen name of the carrier, the same name used to refer to it from a proxy, see above. Under that key, the following must be specified:

IP (SZ)
IP address or name.
Port (DWORD)
Tcp port.
Protocol (SZ)
The protocol used, either "Socks4" or "Socks5".
Authentication (SZ)
"None" or "UsernamePassword" ("unpw"), default "None".
Username (SZ)
Username if authentication is "UsernamePassword" ("unpw").
Password (SZ)
Password if authentication is "UsernamePassword" ("unpw").

Examine the log from the proxy server when it is started, to see if all the requested proxies have been correctly started.

Home

Last revised: 2014-12-10
·