Proxy over SSH

I wanted to tunnel my SSH SOCKS5 proxy out to Wi-Fi, here's a little how to, DNS included:

This could be added to the readme.

Note that DNS requests sent over TCP will probably be broken with the default iptables rules.

# Create the SOCKS5 proxy bound to 127.0.0.1:9050
ssh -N -D 9050 socksproxy@123.1.2.3

# Verify
[0] % \ss -tulpn | \grep 9050
tcp   LISTEN 0      128                              127.0.0.1:9050       0.0.0.0:*    users:(("ssh",pid=1407523,fd=5))       
tcp   LISTEN 0      128                                  [::1]:9050          [::]:*    users:(("ssh",pid=1407523,fd=4))       

# Verify in Firefox that the proxy indeed works
# -> It does

Create a network for systemd-networkd:

File: /etc/systemd/network/wlan0.network
────────────────────────────────────────
[Match]
Name=wlan0

[Network]
Address=10.42.0.1/24
DHCPServer=yes

[DHCPServer]
DNS=10.42.0.1
Domain=lan

Create an AP profile for iwd:

File: /var/lib/iwd/socks.ap
───────────────────────────
[Settings]
SSID=Socks
Security=psk
Passphrase=password

Create the AP:

[iwd]# device wlan0 set-property Powered on
[iwd]# device wlan0 set-property Mode ap
[iwd]# ap wlan0 start-profile Socks

Create the iptables rules:

iptables -t nat -N VSOCKS
iptables -t nat -A VSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -s 10.42.0.0/24 -p tcp -j REDIRECT --to-ports 12345

Run cloudflared on the same host as vsocks to enable DNS proxying:

sudo cloudflared proxy-dns \
  --address 10.42.0.1 --port 53 \
  --upstream https://1.1.1.1/dns-query \
  --upstream https://1.0.0.1/dns-query socks5://127.0.0.1:9050

Run vsocks:

vsocks 0.0.0.0:12345 127.0.0.1:9050

[vsck] VSocks - ver. 1.05.1a
[vsck] load: A:0/0 B:0/0 *:1/256