[Project] GL-MT1300 Beryl as a SOCKS5 proxy server for VPN (Nord or any)

Hello,

I have an unused Beryl router that I'd like to repurpose as a SOCKS (and possibly HTTP) proxy server, routing all traffic through a dedicated VPN network.

The entry point should remain within my main network address range, not a separate subnet. I am familiar with configuring WireGuard to connect to a NordVPN server using the NordLynx protocol.
However, I'm unsure how to set up a proxy server that routes all inbound traffic through the VPN.Is this configuration possible?

Has anyone successfully implemented this and could offer some guidance?

Thank you!

Please refer to this thread:

@ambrius It sounds like you want the proxy to run on the router itself and then proxy inbound connections to go out to the VPN, is this correct? If so, @bruce I am not sure the thread you posted will help. However, the OP in that thread may be able to provide some additional context as it does appear they installed the proxy software on their router.

I see, if the proxy runs on the router, and the proxy internally goes to the VPN, although there might have this requirement, but why not let its traffic go directly through the VPN?

exactly @packetmonkey.
My point is using the lan eth as an entry point to route all the traffic to the wireguard connection, in theory it is acting as a vpn bridge, practically is has to remain in "router mode".
I don't want to get into another subnet for some selected devices, would be the easy way, I already use another GLInet router and do it for that specific purpose, connected via its own Wifi

In that new projec, Wireguard client is connecting to the nordvpn implementation, nordlynx.
Delivery of my project is a router connecting as a dhcp (or fixed address) client on my default network (10.0.1.0/24) and acting effectively as a proxy server routing everything coming through that lan address to the vpn connection. I can then set socks proxy as xx.xxx.xxx.xxx:1081 (for instance), anywhere inside my network.
So far wireguard connection is working, tagged here as "wgclient" internally, in GL architectural terms, and not the usual "wg0").
I tried to install socks proxy (i would appreciate http proxy as well but my goal is more socks proxy for lower layer). Right now I am trying to find a working and lightweight socks proxy server compiled for openwrt in the mipsel_24kc and available in the repo.

Dante-server is working fine in another project made here (GitHub - edgd1er/nordvpn-proxy: NordVPN openVPN socks) that I could easily replicate the settings in theory.
Issue is Dante-server does not seem to be available for GL I.net architecture as an opkg package
I tried shadowsocks but I did not get it to work (I am NOT a pro integrator, my skills remain limited) so far.
Tinyproxy is working but only as an http proxy (not my real goal, socks5 is).

I tried other flavours of socks5 proxy server available (redsocks) but I'm not good enough to make it work so far. I'm not a network expert.

Finish product should be a full setup script .sh for being used @ root cli; I could make avaialble here for others.

So any help is appreciated :slight_smile:

In my case, I use a proxy extension in my browsers to route some traffic via VPN and other traffic (by domain name) over my regular internet connection. It allows me the most control per machine without having to maintain a too-lengthy list of routing policies. My default path is straight to the internet for most devices.

1 Like

I have not bothered to try to do this on my side as I don't use a GL for my main internet connection at home. I do similar as you describe and run 3proxy (socks5 for dns resolution via vpn as well) on a separate vm that connects to my vpn provider via OpenVPN (some day I will move to wireguard for this, but it is working fine for now). Please keep us updated on any progress you have and I will try to help with anything you have questions about.

Initially I wanted to use that docker but I am a mess with docker, total noob. Then I though using a vm on my VM server to do so (I will still investigate that option in case the GL does not work). My main infra is Ubiquiti, GL are just side devices. One is used as a pure VPN gateway via a separate wifi for "entertainment contents".
Then I though why not use that other Beryl that is not used to make it great little p2p vpn box. Low heat, unused compute power, stable and reliable (my vpn one is up for months now, reliable as hell)
I know how to make a proper config file and get the keys for the distant vpn
so let's make a vpn server BUT in my main subnet for any clients can access it via proxy config. that was the idea. I though it would be easy, wireguard part is, (the exit point) but socks (the entry point) definitely not, nor is the routing.
In case you need help fore wireguard, ask me, I may be helpful here.
I will keep everyone posted on my progress.

1 Like