usocksd is a SOCKS server written in Go.
usocksd/socks
is a general purpose SOCKS server library. usocksd is built on it.
-
Support for SOCKS4, SOCKS4a, SOCK5
- Only CONNECT is supported (BIND and UDP associate is missing).
-
Graceful stop & restart
- On SIGINT/SIGTERM, usocksd stops gracefully.
- On SIGHUP, usocksd restarts gracefully.
-
Access log
Thanks to
cybozu-go/log
, usocksd can output access logs in structured formats including JSON. -
Specific network interface
usocksd can be configured to use specific network interface for outgoing connections.
It is extremely useful if you want to send all traffic to VPN/Wireguard device or you have multiple network cards.
-
Multiple external IP addresses
usocksd can be configured to use multiple external IP addresses for outgoing connections.
usocksd keeps using the same external IP address for a client as much as possible. This means usocksd can proxy passive FTP connections reliably.
Moreover, you can use a DNSBL service to exclude dynamically from using some undesirable external IP addresses.
-
White- and black- list of sites
usocksd can be configured to grant access to the sites listed in a white list, and/or to deny access to the sites listed in a black list.
usocksd can block connections to specific TCP ports, too.
Use a recent version of Go.
go get -u github.com/cybozu-go/usocksd/...
usocksd [-h] [-f CONFIG]
The default configuration file path is /etc/usocksd.toml
.
In addition, usocksd
implements the common spec from cybozu-go/well
.
usocksd does not have daemon mode. Use systemd to run it on your background.
usocksd.toml
is a TOML file.
All fields are optional.
[log]
filename = "/path/to/file" # default to stderr.
level = "info" # critical, error, warning, info, debug
format = "plain" # plain, logfmt, json
[incoming]
port = 1080
metrics_port = 1081 # Port number to serve metrics
addresses = ["127.0.0.1"] # List of listening IP addresses
allow_from = ["10.0.0.0/8"] # CIDR network or IP address
[outgoing]
allow_sites = [ # List of FQDN to be granted.
"www.amazon.com", # exact match
".google.com", # subdomain match
]
deny_sites = [ # List of FQDN to be denied.
".2ch.net", # subdomain match
"bad.google.com", # deny a domain of *.google.com
"", # "" matches non-FQDN (IP) requests.
]
deny_ports = [22, 25] # Black list of outbound ports
iface = tun0 # Outgoing traffic binds to specific network interface
addresses = ["12.34.56.78"] # List of source IP addresses
dnsbl_domain = "some.dnsbl.org" # to exclude black listed IP addresses
If you see usocksd consumes too much CPU, try setting GOGC
to higher value, say 300.