January 28, 2015 at 17:43Proxy server for free internet
Once I was completely tired of pages like “this resource is blocked on demand”, which began to come across more and more often. And even more there were references to the “deep Internet”, i2p, tor, onion, anonymous p2p networks, and in general was inspired by the hacker romance of childhood, when the Internet was something mysterious and was available only from two in the morning at a speed of 31200 ...
In general, the goal was set: to make a proxy server through which you can access any sites (including sites in the .i2p and .onion domains) bypassing any locks. The goal of ensuring anonymity was not set.
Already managed to cross with a hedgehog, and now I, like 17 years ago, explore the deep layers of the Internet. By the way, if we talk about i2p, then the speed of sensations is not much higher than that of the Internet 17 years ago. History is cyclical.
The article does not call for any actions of a political or criminal nature and is intended for those who do not like the framework and restrictions and who chooses what and how to read.
How it works:
The main proxy server is squid.
Via cache_peer (upstream proxy), squid connects to i2p and tor. tor is a Socks proxy, and squid is an http proxy, so a privoxy layer is built in between squid and tor.
We also have an updated ACL list of all blocked resources on the Russian Internet.
Squid processes requests from browsers as follows:
If a URL is requested in the .i2p domain, then the request is sent along the chain to i2p.
If a URL is requested in the .onion domain, then the request is passed down the chain to tor.
If a forbidden URL is requested, the request is passed down the chain to tor.
All other requests are sent directly by squid.
Instructions on how to make the Internet without restrictions with your own hands:
FreeBSD 10 was used as the OS. If you have hands, you can implement the same thing on any * NIX
software system : Squid, tor, i2p, git (optional).
For I2P to work, you may need to forward ports from the gateway if your proxy does not have a public IP address.
There is only one network interface in the system with ip address 192.168.33.192
First, make sure that we have all the updates to the system and ports, the correct time zone is set, and the time is synchronized with world time.
We put programs from ports
Installed ports before installation:
compat6x-amd64-6.4.604000.200810_3 Convenience package to install the compat6x libraries
dialog4ports-0.1.5_2 Console Interface to configure ports
perl5.16-5.16.3_18 Practical Extraction and Report Language
pkg-1.4.4 Package manager
portmaster-3.17.7 Manage your ports without external databases or languages
Installation, for all ports all options are by default. You may need to manually download the java distribution. Also, those who wish can install via pkg install.
If we use GIT, then in addition we set:
We
get the installed versions of the programs: squid-3.4.10_2
tor-0.2.5.10_1
i2p-0.9.16
privoxy-3.0.22
In the file /etc/rc.conf we write:
Configure i2p:
Create an i2p user:
Become an i2p user and do the initial setup:
In FreeBSD 10, i2p will not work correctly, it will give an error “The current version of the Tanuki wrapper does not support FreeBSD 10”, therefore
we change the line in the /usr/local/etc/rc.d/i2p file
on the line
and in the file /home/i2p/i2p/runplain.sh
we change the line
on the
Launch i2p:
Check that the process has started, java should be present in the process list:
in the file / etc / hosts register
This line is needed to access the i2p management console from the browser.
Configure TOR
in the file / usr / local / etc / tor / torrc uncomment the line
Create the missing directories and run tor:
We configure Privoxy privoxy we need as a bridge between Squid and Tor
in the file / usr / local / etc / privoxy / config
we change
on the
This replacement is necessary for squid. squid binds the cache-peer to the ip address and cannot have more than one cache-peer at the address 127.0.0.1
Then we find the fragment with forward examples and add the line
The dot at the end of the line is required!
Run privoxy:
Configure Squid.
At the beginning of the file /usr/local/etc/squid/squid.conf, write the lines:
Create an empty file /usr/local/etc/squid/zapret-urls.txt
We start squid.
Configuring the downloading of the list of prohibited URLs
We will use the site https://antizapret.info as a source , or rather the regularly updated csv list, accessible via git-hub https://github.com/zapret-info/zi
Option using git
root @ freedom_proxy: ~ # mkdir / root / zapret-info
Create the file /root/zapret-info/getzapretinfo.sh
We make the file executable:
Option without git and temporary files:
In both cases, we get the dump.csv file from the Internet, then we perform the actions with it:
“sed 1d” - cut the first line
“cut -d ';' -f 3 “- cut out everything except the third column.
tr "\ |" "\ n" - replace the character | per line
break character sed 's / ^ [\ t] * //; s / [\ t] * $ //' - trim spaces and
uniq tabs - delete duplicate lines.
The result is written in /usr/local/etc/squid/zapret-urls.txt
in crontab, we write the resulting file update:
Checking the operation of the proxy:
In your favorite browser, register the proxy server 192.168.33.192 port 3128 and start checking.
We go to the address http://hideme.ru/ip/ and look at what is indicated in the proxy clause, it should be something like “You are using proxy server 1.1 localhost (squid / 3.4.10) and your real IP: XX.XX .XX.XX ”
Squid is working.
Now we check the operation of TOR.
We go to the site http://thehiddenwiki.org or google the address on which the hidden wiki now lives and then try to click on any of the .onion links, for example http://3g2upl4pq6kufc4m.onion/ - this is a search engine.
http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page- uncensored catalog of onion sites with preference and courtesans.
If everything is configured correctly, we will see the page you are looking for.
If the proxy returned the error “Connection with 192.168.33.192 failed”, then privoxy is not running, or the squid - privoxy link is configured incorrectly.
If we see error 503 from privoxy (Privoxy was unable to socks4a-forward your request), then two options are possible: we entered the address of a nonexistent server, or problems with tor. For accurate diagnosis, it is recommended to check a dozen onion links. If none works, carefully read the tor error file.
Checking the operation of i2p:
Go to the address http: // i2pconsole: 7657 / home
On the left under the i2p logo is the network status. If the status is OK or Firewalled - you can work. Testing status holds for a while after the launch of i2p.
We look at the list of recommended sites in the Eepsites of Interest section below.
We try to follow the links:
http: //plugins.i2p/
http: //anoncoin.i2p/
To configure i2p, go to the address http: // i2pconsole: 7657 / console
The final stage of testing is to check the bypass of locks:
go to the site https: // antizapret.info/ , look at the list of prohibited resources and try to go into a few selective ones. Pages should load without any problems.
Hurrah! Now the Internet is bigger!
In general, the goal was set: to make a proxy server through which you can access any sites (including sites in the .i2p and .onion domains) bypassing any locks. The goal of ensuring anonymity was not set.
Already managed to cross with a hedgehog, and now I, like 17 years ago, explore the deep layers of the Internet. By the way, if we talk about i2p, then the speed of sensations is not much higher than that of the Internet 17 years ago. History is cyclical.
The article does not call for any actions of a political or criminal nature and is intended for those who do not like the framework and restrictions and who chooses what and how to read.
How it works:
The main proxy server is squid.
Via cache_peer (upstream proxy), squid connects to i2p and tor. tor is a Socks proxy, and squid is an http proxy, so a privoxy layer is built in between squid and tor.
We also have an updated ACL list of all blocked resources on the Russian Internet.
Squid processes requests from browsers as follows:
If a URL is requested in the .i2p domain, then the request is sent along the chain to i2p.
If a URL is requested in the .onion domain, then the request is passed down the chain to tor.
If a forbidden URL is requested, the request is passed down the chain to tor.
All other requests are sent directly by squid.
Instructions on how to make the Internet without restrictions with your own hands:
FreeBSD 10 was used as the OS. If you have hands, you can implement the same thing on any * NIX
software system : Squid, tor, i2p, git (optional).
For I2P to work, you may need to forward ports from the gateway if your proxy does not have a public IP address.
There is only one network interface in the system with ip address 192.168.33.192
First, make sure that we have all the updates to the system and ports, the correct time zone is set, and the time is synchronized with world time.
We put programs from ports
Installed ports before installation:
compat6x-amd64-6.4.604000.200810_3 Convenience package to install the compat6x libraries
dialog4ports-0.1.5_2 Console Interface to configure ports
perl5.16-5.16.3_18 Practical Extraction and Report Language
pkg-1.4.4 Package manager
portmaster-3.17.7 Manage your ports without external databases or languages
Installation, for all ports all options are by default. You may need to manually download the java distribution. Also, those who wish can install via pkg install.
root@freedom_proxy:~ # portmaster -D www/squid
root@freedom_proxy:~ # portmaster -D security/tor
root@freedom_proxy:~ # portmaster -D security/i2p
root@freedom_proxy:~ # portmaster -D www/privoxy
If we use GIT, then in addition we set:
root@freedom_proxy:~ # portmaster -D textproc/xmlcatmgr
root@freedom_proxy:~ # portmaster -D devel/git
We
get the installed versions of the programs: squid-3.4.10_2
tor-0.2.5.10_1
i2p-0.9.16
privoxy-3.0.22
In the file /etc/rc.conf we write:
i2p_enable="YES"
i2p_user="i2p"
squid_enable="YES"
tor_enable="YES"
privoxy_enable="YES"
Configure i2p:
Create an i2p user:
root@freedom_proxy:~ # adduser
Username: i2p
Full name: i2p
Uid (Leave empty for default):
Login group [i2p]:
Login group is i2p. Invite i2p into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/i2p]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]: yes
Lock out the account after creation? [no]:
Become an i2p user and do the initial setup:
root@freedom_proxy:~ # su - i2p
$ /usr/local/sbin/i2prouter install
$ exit
In FreeBSD 10, i2p will not work correctly, it will give an error “The current version of the Tanuki wrapper does not support FreeBSD 10”, therefore
we change the line in the /usr/local/etc/rc.d/i2p file
command="/usr/local/sbin/i2prouter"
on the line
command="/home/i2p/i2p/runplain.sh"
and in the file /home/i2p/i2p/runplain.sh
we change the line
I2PTEMP="%SYSTEM_java_io_tmpdir"
on the
I2PTEMP="/tmp"
Launch i2p:
root@freedom_proxy:~ # /usr/local/etc/rc.d/i2p start
Check that the process has started, java should be present in the process list:
root@freedom_proxy:~ # ps -au | grep java
i2p 26809 3.0 3.3 1255096 139080 0 S 1:15PM 0:10.15 /usr/local/openjdk7/bin/java
in the file / etc / hosts register
127.0.0.1 localhost localhost.my.domain i2pconsole
This line is needed to access the i2p management console from the browser.
Configure TOR
in the file / usr / local / etc / tor / torrc uncomment the line
RunAsDaemon 1
Create the missing directories and run tor:
root@freedom_proxy:~ # touch /var/log/tor
root@freedom_proxy:~ # chmod 666 /var/log/tor
root@freedom_proxy:~ # mkdir /var/run/tor/
root@freedom_proxy:~ # /usr/local/etc/rc.d/tor start
We configure Privoxy privoxy we need as a bridge between Squid and Tor
in the file / usr / local / etc / privoxy / config
we change
listen-address 127.0.0.1:8118
on the
listen-address 192.168.33.192:8118
This replacement is necessary for squid. squid binds the cache-peer to the ip address and cannot have more than one cache-peer at the address 127.0.0.1
Then we find the fragment with forward examples and add the line
forward-socks4a / 127.0.0.1:9050 .
The dot at the end of the line is required!
Run privoxy:
root@freedom_proxy:~ # /usr/local/etc/rc.d/privoxy start
Configure Squid.
At the beginning of the file /usr/local/etc/squid/squid.conf, write the lines:
acl russia_block_urls url_regex "/usr/local/etc/squid/zapret-urls.txt"
acl i2p_urls url_regex -i .*://.*\.i2p\/.*
acl onion_urls url_regex -i .*://.*\.onion\/.*
cache_peer 127.0.0.1 parent 4444 4444 no-digest allow-miss no-query
cache_peer_access 127.0.0.1 allow i2p_urls
cache_peer 192.168.33.192 parent 8118 8118 no-digest allow-miss no-query
cache_peer_access 192.168.33.192 allow onion_urls
cache_peer_access 192.168.33.192 allow russia_block_urls
never_direct allow onion_urls
never_direct allow i2p_urls
never_direct allow russia_block_urls
never_direct deny all
always_direct deny onion_urls
always_direct deny i2p_urls
always_direct deny russia_block_urls
always_direct allow all
Create an empty file /usr/local/etc/squid/zapret-urls.txt
root@freedom_proxy:~ # touch /usr/local/etc/squid/zapret-urls.txt
We start squid.
root@freedom_proxy:~ # /usr/local/etc/rc.d/squid start
Configuring the downloading of the list of prohibited URLs
We will use the site https://antizapret.info as a source , or rather the regularly updated csv list, accessible via git-hub https://github.com/zapret-info/zi
Option using git
root @ freedom_proxy: ~ # mkdir / root / zapret-info
Create the file /root/zapret-info/getzapretinfo.sh
#!/bin/sh
cd /root/zapret-info/zapret-info
rm -rf z-i
/usr/local/bin/git clone https://github.com/zapret-info/z-i.git
cat z-i/dump.csv | sed 1d | cut -d ';' -f 3 | tr "\|" "\n" |sed 's/^[ \t]*//;s/[ \t]*$//' |uniq > /usr/local/etc/squid/zapret-urls.txt
We make the file executable:
root@freedom_proxy:~ # chmod +x /root/zapret-info/getzapretinfo.sh
Option without git and temporary files:
fetch -o - https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv | sed 1d | cut -d ';' -f 3 | tr "\|" "\n" |sed 's/^[ \t]*//;s/[ \t]*$//' |uniq > /usr/local/etc/squid/zapret-urls.txt
In both cases, we get the dump.csv file from the Internet, then we perform the actions with it:
“sed 1d” - cut the first line
“cut -d ';' -f 3 “- cut out everything except the third column.
tr "\ |" "\ n" - replace the character | per line
break character sed 's / ^ [\ t] * //; s / [\ t] * $ //' - trim spaces and
uniq tabs - delete duplicate lines.
The result is written in /usr/local/etc/squid/zapret-urls.txt
in crontab, we write the resulting file update:
1 2 * * * root fetch -o - https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv | sed 1d | cut -d ';' -f 3 | tr "\|" "\n" |sed 's/^[ \t]*//;s/[ \t]*$//' |uniq > /usr/local/etc/squid/zapret-urls.txt
Checking the operation of the proxy:
In your favorite browser, register the proxy server 192.168.33.192 port 3128 and start checking.
We go to the address http://hideme.ru/ip/ and look at what is indicated in the proxy clause, it should be something like “You are using proxy server 1.1 localhost (squid / 3.4.10) and your real IP: XX.XX .XX.XX ”
Squid is working.
Now we check the operation of TOR.
We go to the site http://thehiddenwiki.org or google the address on which the hidden wiki now lives and then try to click on any of the .onion links, for example http://3g2upl4pq6kufc4m.onion/ - this is a search engine.
http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page- uncensored catalog of onion sites with preference and courtesans.
If everything is configured correctly, we will see the page you are looking for.
If the proxy returned the error “Connection with 192.168.33.192 failed”, then privoxy is not running, or the squid - privoxy link is configured incorrectly.
If we see error 503 from privoxy (Privoxy was unable to socks4a-forward your request), then two options are possible: we entered the address of a nonexistent server, or problems with tor. For accurate diagnosis, it is recommended to check a dozen onion links. If none works, carefully read the tor error file.
Checking the operation of i2p:
Go to the address http: // i2pconsole: 7657 / home
On the left under the i2p logo is the network status. If the status is OK or Firewalled - you can work. Testing status holds for a while after the launch of i2p.
We look at the list of recommended sites in the Eepsites of Interest section below.
We try to follow the links:
http: //plugins.i2p/
http: //anoncoin.i2p/
To configure i2p, go to the address http: // i2pconsole: 7657 / console
The final stage of testing is to check the bypass of locks:
go to the site https: // antizapret.info/ , look at the list of prohibited resources and try to go into a few selective ones. Pages should load without any problems.
Hurrah! Now the Internet is bigger!