Transparent Proxy - secure, isolated box (JonDoBOX)

Ideas to everything that could be useful. Proposals and tips for JonDonym programming.
cane

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by cane » Wed Apr 25, 2012 13:47

Thanks for your comments. I will a look at Dante.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by proper » Thu Jun 21, 2012 4:53

1. Any updates about Dante?

2. By the way redsocks does also support UDP, and redsocks is imho much more easy to configure.

3. I successfully managed to connect to http://check.torproject.org (and other http sites) using transparent proxying. Showed a jondo IP.

Brief setup:
- redsocks and jondoconsole were running under a linux user account redsocks, which was privileges to establish direct connections.
- iptables redirected all other users traffic to redsocks IP 127.0.0.1 port 12345
- redsocks redirected the traffic to IP 127.0.0.1 port 4001 proxy type http-relay
- proxy type http-connect did not work at all

Like said above, I could only access http sites. I couldn't access https sites. Redsocks output: "accepted, malformed request came, httpr_toss_http_firstline, dropping client".

Are you interested at all in allowing jondo free cascade to transparently proxy? It's a business decision.

If you are interested I can sketch down the setup more comprehensive (step by step instructions, complete configuration files, etc.)... And perhaps we were able to get https working as well.

cane

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by cane » Thu Jun 21, 2012 20:51

Any updates about Dante?
No - sorry. I did not found the time for this.

I will try redsocks tomorrow and have a look. May be, it is a better solution than transocks_ev.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by proper » Mon Dec 15, 2014 22:49

Any updates?

sovereignpress
Posts: 188
Joined: Sat Aug 25, 2012 1:02
Contact:

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by sovereignpress » Tue Dec 16, 2014 11:40

Redsocks is better than transocks_ev.

Redsocks supports UDP, but it is worthless, because Tor and JonDo do not support UDP. It will not work.

You can add UDP support to a SSH, and use a SSH as a SOCKS5 transparent proxy with UDP support.

You can use JonDo free cascades as a transparent proxy.

Also, I would add, that the transparent proxy configurations commonly cited on the web are wrong, and they all leak.

Even the JonDo transparent transocks_ev instructions cited on the web page leak.

Even the transparent proxy instructions for Tor (from what I recall) leak, and are known to leak.
http://www.sovereignpress.org - The Privacy Book.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by proper » Tue Dec 16, 2014 18:09

sovereignpress wrote:Redsocks is better than transocks_ev.
You can use JonDo free cascades as a transparent proxy.
How?
Any instructions somewhere?

sovereignpress
Posts: 188
Joined: Sat Aug 25, 2012 1:02
Contact:

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by sovereignpress » Tue Dec 16, 2014 18:39

proper wrote:
sovereignpress wrote:Redsocks is better than transocks_ev.
You can use JonDo free cascades as a transparent proxy.
How?
Any instructions somewhere?
How is it better? Basically, it is a more advanced socksifier, it has better features, and it is easier to use.

In my opinion, Redsocks is the best socksifer available.

Instructions?

For what?
http://www.sovereignpress.org - The Privacy Book.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by proper » Tue Dec 16, 2014 19:01

Before rehashing this... Have you read the whole thread?

sovereignpress
Posts: 188
Joined: Sat Aug 25, 2012 1:02
Contact:

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by sovereignpress » Tue Dec 16, 2014 19:20

proper wrote:Before rehashing this... Have you read the whole thread?
Yes, I have.

Redsocks is better than transocks_ev. It is also faster and easier to use.

But if you are looking for UDP support, you can forget it, whether you use Redsocks or Dante, because no proxy I am aware of supports UDP. The Tor network does not support UDP and neither does JonDo.

When Tor adds UDP support, then it will work.

JonDo can be used as a transparent proxy even without the premium services and with no leaks, with regular Debian, Ubuntu, et al.
http://www.sovereignpress.org - The Privacy Book.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by proper » Tue Dec 16, 2014 19:33

Okay, agreed, so we're on the same page now. Let's ignore UDP for now.

Stricly speaking about JonDo free...
JonDo can be used as a transparent proxy even without the premium services and with no leaks, with regular Debian, Ubuntu, et al.
How?
Any instructions for this?
Did you actually succeed doing this?
Successfully connected to http sites?
Successfully connected to https sites?

I mean, you first use iptables to redirect all the systems traffic ("Trans data stream") to redsocks, and redsocks forwards it to JonDo's http port (default: 4001)? (Obviously, JonDo's traffic however must be allowed to connect the open internet. Be it run as as special user or on a gateway [vm] machine.) Right?

My conclusion a few years ago was...
redsocks can also accept "Trans data streams" and can forward them to https, socks4 and socks5 proxies. If you were to use a http proxy (no https, without connect-method, see proxy article), you could access only http sites, no https sites. Rather redsocks can convert UDP DNS queries to TCP DNS queries.
What do you think?

Post Reply