Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with dante socks server doing DNS lookups

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sparkman123
      last edited by sparkman123

      I have followed this guide and this one to set up a SOCKS5 client on pfsense. I'm using it to proxy web connections over various VPN tunnels I have preconfigured on pfsense.

      The HTTP/S requests are successfully being processed by dante, however, the issue I'm running into is that dante will not process the DNS requests over the specified VPN connection- it always defaults to to the WAN dns (so the browsers are leaking DNS requests).

      Below is my config file:

      # Logging

debug: 1

logoutput: /var/log/sockd.log

# User
user.unprivileged: nobody

# Bind ports
internal: em1 port = 1080
external: ovpnc3

# Auth
clientmethod: none
socksmethod: none

client pass {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: error
  clientmethod: none
}

# generic pass statement - bind/outgoing traffic
socks pass {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  command: bind connect udpassociate bindreply udpreply
  socksmethod: none
  log: error
}

      I verified that my browser connections are in fact 100% proxified since I ran wireshark on the boxes hosting the browsers and found no traffic that was non-socks. Further, I tried connecting my browsers to a few external public SOCKS5 proxies and found that they were properly proxyfing the DNS connections.

      Reading up on the dante documentation, the only directive I could find that is DNS related is the "resolveprotocol" command, which can be set to tcp, udp or fake, none of which solved my problem.

      Looking at the dante logs under /var/log/sockd.log, I see a number of pass: tcp/connect entries, which show the IP of the request along with how it was routed through dante, but not a single line that references any UDP packets.

      To clarify, I want only traffic processed by dante/SOCKS to be sent through the VPN tunnel- I could configure pfsense to send all DNS traffic though a single VPN tunnel using NAT rules, but that isn't what I'm trying to do here.

      Any thoughts as to why dante isn't processing DNS?

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @sparkman123
        last edited by Bob.Dig

        @sparkman123 said in Problem with dante socks server doing DNS lookups:

        For me it is not working with any ovpn client in the first place. 😕

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.