Problem with dante socks server doing DNS lookups



  • I have followed this guide and this one to set up a SOCKS5 client on pfsense. I'm using it to proxy web connections over various VPN tunnels I have preconfigured on pfsense.

    The HTTP/S requests are successfully being processed by dante, however, the issue I'm running into is that dante will not process the DNS requests over the specified VPN connection- it always defaults to to the WAN dns (so the browsers are leaking DNS requests).

    Below is my config file:

    # Logging
    
    debug: 1
    
    logoutput: /var/log/sockd.log
    
    # User
    user.unprivileged: nobody
    
    # Bind ports
    internal: em1 port = 1080
    external: ovpnc3
    
    # Auth
    clientmethod: none
    socksmethod: none
    
    client pass {
      from: 0.0.0.0/0 to: 0.0.0.0/0
      log: error
      clientmethod: none
    }
    
    # generic pass statement - bind/outgoing traffic
    socks pass {
      from: 0.0.0.0/0 to: 0.0.0.0/0
      command: bind connect udpassociate bindreply udpreply
      socksmethod: none
      log: error
    }
    

    I verified that my browser connections are in fact 100% proxified since I ran wireshark on the boxes hosting the browsers and found no traffic that was non-socks. Further, I tried connecting my browsers to a few external public SOCKS5 proxies and found that they were properly proxyfing the DNS connections.

    Reading up on the dante documentation, the only directive I could find that is DNS related is the "resolveprotocol" command, which can be set to tcp, udp or fake, none of which solved my problem.

    Looking at the dante logs under /var/log/sockd.log, I see a number of pass: tcp/connect entries, which show the IP of the request along with how it was routed through dante, but not a single line that references any UDP packets.

    To clarify, I want only traffic processed by dante/SOCKS to be sent through the VPN tunnel- I could configure pfsense to send all DNS traffic though a single VPN tunnel using NAT rules, but that isn't what I'm trying to do here.

    Any thoughts as to why dante isn't processing DNS?


Log in to reply