Being able to proxy via SOCKS5 on browser sometimes wasn’t enough, one needs a system-wide proxy. The best and simplest solution is of course VPN, but VPN is not as fast compare to SOCKS proxy like ShadowSocks under Linux. What can we do? In this article, I am going to briefly introduce System-wide SOCKS5 proxy for all applications.
This tutorial uses ShadowSocks as the primary proxy service. You should obtain ShadowSocks service before doing the following steps. You should also know this is a generic setup for SOCKS5 proxy, including SSH and others SOCKS services.
Warning: You cannot proxy DNS request with ShadowSocks, you can with SSH (requires remote server configuration). Hence if your ISP pollutes your DNS result, you must find another way to relay your DNS queries.
I am going to use BadVPN software for this purpose. Most of the steps are learned from their WiKi, I merely take notes here.
ArchLinux user is able to install from AUR directly. For others, follow the following steps (Fedora as the example):
1. Clone the repository:
git clone https://github.com/ambrop72/badvpn.git
2. Install necessary libraries
sudo dnf install nspr-devel nss-devel cmake -y
3. Create the build folder and start the compilation
mkdir build cd build cmake
Now you see all the compiled software under build.
All IP commands are used by root.
1. Create TUN device
ip tuntap add dev tun0 mode tun user
<your_user> with your normal privileged user. This rule follows in the next steps.
2. Assign IP to TUN interface
ip addr add 10.0.0.1/24 dev tun0
3. Enable TUN device
ip link set tun0 up
4. Add your ShadowSocks remote server and DNS servers to the routing table using the default gateway.
ip route add 126.96.36.199/32 via
metric 5 ip route add 188.8.131.52/32 via metric 5 # or you can combine those 2 with 184.108.40.206/16 ip route add via metric 5
5. Start BadVPN
Use normal user
cd tun2socks ./badvpn-tun2socks --tundev tun0 --netif-ipaddr 10.0.0.2 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:
6. Add default route to tun0
Use root user
ip route add default via 10.0.0.2 metric 6
Now everything you visit including Steam and Email agents etc will be routed via Socks.
Remove the added default routes to 10.0.0.2, you optionally may remove other added routes but not necessary.
ip route delete 0.0.0.0 dev tun0
Stop BadVPN and ShadowSocks as usual (Ctrl-C).
If you want to proxy specifically with ShadowSocks, you may install the
shadowsocks-libev package and use that instead of this way.