jfSOCKS
=======
Options:
- port=port to listen on (default = 1080)
- bind=local IP address to bind to for SOCKS service (default = all interfaces)
- bindcmd=local IP address to bind to when client requests bind command (default = all interfaces)
- secure=enable SSL secure mode (true or false) (default = false)
- secure.verify=enable secure client key verify (true or false) (default = false)
- socks4=enable SOCKS4 support (true of false) (default = true)
- socks5=enable SOCKS5 support (true or false) (default = false)
- socks.bind=enable SOCKS bind command (true or false) (default = false)
- socks.bind.timeout=bind timeout in ms (default 120000 : 2 mins)
- auth=specify one user:pass for SOCKS5 authentication (multiple lines allowed)
- ipnet=specify allowed subnet client can connect to (IP/SUBNET) (ie: 192.168.0.0/255.255.255.0) (multiple lines allowed)
- ip=specify allowed IP address client can connect to (IP) (ie: 192.168.0.7) (multiple lines allowed)
- forwardlocal=directly forwards a non-SOCKS local IP:port to another IP:port (ie: 192.168.100.1:80,192.168.200.1:80) (multiple lines allowed)
- forwardremote=forwards a remote port on a remote SOCKS server to another IP:port (ie: user:pass@192.168.100.1:80,0.0.0.0,80,192.168.200.1:80) (multiple lines allowed)
- forwardremote.timeout=forward remote timeout in ms (default 3600000 : 1 hour)
Notes:
- Make sure to enable secure mode if using authentication. Credentials are sent in plain text.
- If using secure mode you must click on "Generate SSL Keys" once to generate self-signed keys for SSL server.
- SOCKS5 supports authentication but SOCKS4 does not. You should disable SOCKS4 if authentication is required.
- If no ipnet or ip options are specified client can connect to any IP address
- The forwardlocal option is not SOCKS related but is useful for creating simple firewalls (the first IP must be a local interface to bind to or 0.0.0.0 to bind to all interfaces)
Detailed Options:
forwardlocal is a non-SOCKS related port forwarding option.
forwardlocal=server:port,redir_host:port
- server:port = bind address:port (0.0.0.0 = all interfaces)
- redir_host:port = host to redirect to
forwardremote listens on a port on remote SOCKS server (bind) and then redirects anything that connects to this port to the redir_host.
forwardremote=[user:pass@]server:port,client_host,bind_port,redir_host:port[,secure]
- server:port = socks4/5 server to connect to
- client_host = host allowed to connect to SOCKS port (0.0.0.0 = any host)
- bind_port = port to listen to on SOCKS server
- redir_host:port = where to forward connection to
- secure = true | false (SOCKS server is SSL) (default = false)
forwardremote.timeout will force the connection to be re-established if no connection is made in timeout ms.
secure.verify checks the clients SSL keys are signed by the server SSL keys.
To set this up follow these steps:
- Run the server config tool.
- Click on Generate Keys to create server SSL Keys.
- Click on Key Manager
- Click on Generate Client Keys, change name to "client" and check "Sign key with root" and click Ok
- Select the "client" row
- Click on "Export Key/Cert to Keystore" to export the key/cert pair to a new keystore.
- Copy the exported keystore to the client system
- There are several options to install keys on client:
- Click on Key Manager and click on Import Keystore and select the exported keystore.
- Copy/overwrite this exported keystore to into user home folder / .jfsocks.key (Windows:%USERPROFILE% Linux:~)
- Now the SOCKS Client App will use the new keys.