I'm trying to get the built-in socks server working on 7.1rc4. When set to version 4, it works:
Code: Select all
C:\>curl -v --socks4 192.168.4.253 google.com
* Rebuilt URL to: google.com/
* Trying 192.168.4.253...
* TCP_NODELAY set
* SOCKS4 communication to google.com:80
* SOCKS4 connect to IPv4 216.58.215.46 (locally resolved)
* SOCKS4 request granted.
* Connected to 192.168.4.253 (192.168.4.253) port 1080 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.55.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
...
</BODY></HTML>
* Connection #0 to host 192.168.4.253 left intact
However, when set to version 5, it resets the connection:
Code: Select all
C:\>curl -v --socks5-hostname 192.168.4.253 google.com
* Rebuilt URL to: google.com/
* Trying 192.168.4.253...
* TCP_NODELAY set
* SOCKS5 communication to google.com:80
* SOCKS5 request granted.
* Connected to 192.168.4.253 (192.168.4.253) port 1080 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.55.0
> Accept: */*
>
* Recv failure: Connection was reset
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection was reset
Here's the socks server config:
Code: Select all
[...@MikroTik] /ip/socks> print
enabled: yes
port: 1080
connection-idle-timeout: 2m
max-connections: 200
version: 5
auth-method: none
[...@MikroTik] /ip/socks> access
[...@MikroTik] /ip/socks/access> print
Flags: X - disabled
[...@MikroTik] /ip/socks/access> ../users
[...@MikroTik] /ip/socks/users> print
[...@MikroTik] /ip/socks/users>
Any ideas for how to debug this further?
(To mitigate the XY problem and explain the big picture what I'm hoping to achieve, I want to improve my privacy in terms of what my ISP sees. My RB750GL is in mostly defconf configuration, with LAN masqueraded to ether1 WAN and the ISP upstream of that. I've set up a Wireguard interface and peer to a paid VPN service on the Mikrotik, which is running 7.1rc4. I would tunnel all the traffic through the Wireguard interface, except that would add loads of latency to my online gaming. Rather than trying to whitelist game server IPs one by one, I want to have all LAN traffic be routed as normal, but all traffic originating from the Mikrotik itself routed over the Wireguard interface, socks server connections included. That way, I can game without any additional latency, but then configure Firefox to use the Mikrotik socks proxy for privacy. I have a vague understanding that I'll need to use output chain mangle to apply a routing mark, and then do a routing adjustment somehow, but I don't yet know how to accomplish that. This whole plan is moot if the Mikrotik socks proxy doesn't work, if routing all Mikrotik-originated traffic like that isn't possible, or if the additional firewall rules will cause ordinarily routed LAN traffic to have higher latency, negatively impacting my gaming experience. The alternative is that I leave the Mikrotik as-is and buy a separate device to run the Wireguard tunnel and host a socks proxy, but I'd prefer to use the hardware I already have if possible)
Thanks!