Setting up shadowproxy on freeNAS

[ovizii]

I noticed a few insecure hotspots in some of my favorite coffee shops so I went looking for a solution.

my plan is to install shadowproxy on my freeNAS inside a jail and then connect to it from insecure WiFi locations with my MacBook and my Android phone. Sounds doable but I am confused as to how to do this.

I found these two links explaining how to setup:
http://www.freshports.org/net/shadowsocks-libev/
https://github.com/shadowsocks/shadowsocks-libev

basically it amounts to:

cd /usr/ports/net/shadowsocks-libev/&& make install clean
pkg install net/shadowsocks-libev

Edit your config.json file. By default, it's located in /usr/local/etc/shadowsocks-libevTo enable shadowsocks-libev, add the following

rc variable to your /etc/rc.conf file.

shadowsocks_libev_enable="YES"

Start the shadowsocks server:

service shadowsocks_libev start

So after doing all this and editing my /usr/local/etc/shadowsocks-libev/config.json to this:

{
"server":"127.0.0.1",
"server_port":8388,
"local_port":1080,
"password":"mypass",
"timeout":60,
"method":"aes-256-cfb"
}

I am now stuck. I added the server with its myname.noip.me dynamic DNS name inside the config og the shadowsocks GUI on my MAC but if I set it to autoproxy I cannot connect to the internet anymore.

Am I doing anything wrong here? I'm sure I am just mixing up the ports and stuff, any help would be very welcome!

P.S. I have forwarded the port 8388 on my router to this jail port 8388.

 

[pirateghost]

Shouldn't the listening IP be 0.0.0.0? Since 127.0.0.1 usually indicates it is only listening locally and not accepting connections on its LAN IP

 

[ovizii]

Haha, and just like that it works
I'll edit above post and then it can be saved into the How-To sections

Thank you so much! Now I can safely browse from wherever I am using my freeNAS as a highly secure proxy and no more clumsy fiddling with proxies or manual ssh tunneling.

 

[ovizii]

How To use your freeNAS as a highly secure socks proxy when browsing the internet from an insecure WiFi connection.

Prerequisites:
- Install Shadowproxy server on your freeNAS inside a jail.
- Install Shadowproxy client on your phone or laptop

List your jails and connect to the one you want to install onto:

Code:

freenas# jls
   JID  IP Address      Hostname                      Path
     1  -               tinky                         /mnt/zfsmain/jails/tinky
freenas#
freenas# jexec 1 tcsh 

Install Shadowproxy:

Code:

cd /usr/ports/net/shadowsocks-libev/&& make install clean

OR

pkg install net/shadowsocks-libev

Edit your config.json file. By default, it's located in /usr/local/etc/shadowsocks-libev
To enable shadowsocks-libev, add the following rc variable to your /etc/rc.conf file.

Code:

shadowsocks_libev_enable="YES"

Edit your /usr/local/etc/shadowsocks-libev/config.json to this:

Code:

{
"server":"0.0.0.0",
"server_port":8388,
"local_port":1080,
"password":"yourpassword",
"timeout":60,
"method":"aes-256-cfb"
}

Start the shadowsocks server:

Code:

service shadowsocks_libev start

Edit your firewall and allow the port 8388 to be forwarded to this specific jail port 8388. Feel free to use different ports as it suits you best.

Install any of the clients from here: http://shadowsocks.org/en/download/clients.html

This setup works for me from my MacBook Pro and my Android phone. Below I'm showing screen shots from my MacBook setup:

Set up your server inside the GUI:

Select the server, make sure it is ticked from the server list and enable proxy globally:

The guides and info I used are these:
https://github.com/shadowsocks/shadowsocks-libev
http://www.freshports.org/net/shadowsocks-libev/
http://shadowsocks.org/en/index.html

This is just a basic config, feel free to read the links above and setup something way more complicated if you need.

P.S. With above config, anyone who knows your proxy password can use this proxyserver as its exposed to the internet (this is what I was looking for).

 

[Whattteva]

Install Shadowproxy:

Code:

cd /usr/ports/net/shadowsocks-libev/&& make install clean
pkg install net/shadowsocks-libev

I have never used shadow proxy and I do not know if there is something special involved that you need to do this.
But, in general (unless there's been a change I have not heard of), you should not be mixing up ports and pkg installs.
Those two commands do the same thing (install shadowsocks-libev) and you should only be using one of them, not both.

 

[ovizii]

I have never used shadow proxy and I do not know if there is something special involved that you need to do this.
But, in general (unless there's been a change I have not heard of), you should not be mixing up ports and pkg installs.
Those two commands do the same thing (install shadowsocks-libev) and you should only be using one of them, not both.

Ah, thanks for pointing that out. I'm a freeNAS newbie and was so happy I got a proxy working this easily.

Do you know what's "recommended" ports or pkgs and how would I go check which one contains the newer version of shadowsocks-libev?

 

[Whattteva]

ports does a compilation from source, whereas pkg just downloads pre-built binaries.
ports allows you to set some compiler switches during installation to customize your install.
pkg uses most sensible defaults (works fine for most people and me) and can save lots of time (potentially hours on some large packages with a lot of dependencies).

I personally just stick with pkg, it seems to handle dependencies better and it installs much faster in most cases. Of course, ultimately, the choice is still up to you.

 

[jgreco]

Moderator note: Moved to How-To/Jails (and slightly edited).

 

[ovizii]

Follow-Up question:

Would it be possible to block the access through shadowsocks to the LAN?
What I mean is that if I say run shadowsocks inside a jail on my home network and I want to give a friend access to shadowsocks to use as a proxy I am automatically giving him access to my home network.