Skip to content

cybozu-go/usocksd

Repository files navigation

GitHub release GoDoc main Go Report Card License

Micro SOCKS server

usocksd is a SOCKS server written in Go.

usocksd/socks is a general purpose SOCKS server library. usocksd is built on it.

Features

  • Support for SOCKS4, SOCKS4a, SOCK5

    • Only CONNECT is supported (BIND and UDP associate is missing).
  • Graceful stop & restart

    • On SIGINT/SIGTERM, usocksd stops gracefully.
    • On SIGHUP, usocksd restarts gracefully.
  • Access log

    Thanks to cybozu-go/log, usocksd can output access logs in structured formats including JSON.

  • Specific network interface

    usocksd can be configured to use specific network interface for outgoing connections.

    It is extremely useful if you want to send all traffic to VPN/Wireguard device or you have multiple network cards.

  • Multiple external IP addresses

    usocksd can be configured to use multiple external IP addresses for outgoing connections.

    usocksd keeps using the same external IP address for a client as much as possible. This means usocksd can proxy passive FTP connections reliably.

    Moreover, you can use a DNSBL service to exclude dynamically from using some undesirable external IP addresses.

  • White- and black- list of sites

    usocksd can be configured to grant access to the sites listed in a white list, and/or to deny access to the sites listed in a black list.

    usocksd can block connections to specific TCP ports, too.

Install

Use a recent version of Go.

go get -u github.com/cybozu-go/usocksd/...

Usage

usocksd [-h] [-f CONFIG]

The default configuration file path is /etc/usocksd.toml.

In addition, usocksd implements the common spec from cybozu-go/well.

usocksd does not have daemon mode. Use systemd to run it on your background.

Configuration file format

usocksd.toml is a TOML file. All fields are optional.

[log]
filename = "/path/to/file"         # default to stderr.
level = "info"                     # critical, error, warning, info, debug
format = "plain"                   # plain, logfmt, json

[incoming]
port = 1080
metrics_port = 1081                # Port number to serve metrics
addresses = ["127.0.0.1"]          # List of listening IP addresses
allow_from = ["10.0.0.0/8"]        # CIDR network or IP address

[outgoing]
allow_sites = [                    # List of FQDN to be granted.
    "www.amazon.com",              # exact match
    ".google.com",                 # subdomain match
]
deny_sites = [                     # List of FQDN to be denied.
    ".2ch.net",                    # subdomain match
    "bad.google.com",              # deny a domain of *.google.com
    "",                            # "" matches non-FQDN (IP) requests.
]
deny_ports = [22, 25]              # Black list of outbound ports
iface = tun0                       # Outgoing traffic binds to specific network interface
addresses = ["12.34.56.78"]        # List of source IP addresses
dnsbl_domain = "some.dnsbl.org"    # to exclude black listed IP addresses

Tuning

If you see usocksd consumes too much CPU, try setting GOGC to higher value, say 300.

License

MIT