I am having some issues after an update (which I’m not really sure why… but more on that later), and I could use some assistance/suggestions.
Background information/justification:
I have 2 WAN connections (one business class, one residential), the business class is a static IP that I use for work. I work for an MSP, and I have a couple of customers that whitelist IP to allow access to their edge services (I still need to authenticate). There are a few reasons for this, but this apparently was the easiest way for them to accomplish the goal, so this connection is paid for by them (indirectly).
I use a SOCKS5 proxy server from time to time when I am traveling and need to gain access. I also have a couple of colleagues that use my proxy server (their IPs are also whitelisted, but I’m the geek that runs my own servers on our team) when they are traveling, or their connection is having issues.
Encryption is not necessary, just the IP being what is expected is all that is necessary. I don’t want to setup a VPN, as it tends to mess with our corporate one.
Server information:
Ubuntu 22.04 latest LTS release
2 NICs (2 VLANS):
- NIC enp2s0 used for residential WAN and other services for LAN (Zabbix and a few other small things)
- NIC enp3s0 used strictly for the proxy business class traffic
Using danted-server, below is the config:
logoutput: syslog
internal: enp2s0 port = 8128
#internal: 10.10.5.25 port = 8128
external: enp3s0
#external: 192.168.80.10
socksmethod: username
clientmethod: none
user.privileged: root
user.unprivileged: nobody
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: connect
log: connect error
socksmethod: username
}
The issue:
I performed some regular updates and restarts yesterday, and after the updates, the proxy stopped working correctly (routing out my residential class side, not my business class side). I have had this happen a few times, in most cases, a restart is all that’s needed to get things working correctly again. That has bothered me for a while, and now it’s bitten me.
If I perform a curl to ipinfo.io from the interface directly (using the device name), I receive the correct public IP in response. If I perform trace route from the interface (using the device name) the same thing, correct IP address, traces out the respective WAN connection. If however specify the IP of the interface (either one) I get the residential connection.
The only thing that updated that is related to anything networking, was modemmanager… and its associated library(s). I don’t use anything related to it, and there is not a modem attached to this system (I could remove the package completely). There may have been some pending updates, but I do not know what those were (the dpkg log didn’t go back further than that).
Troubleshooting performed:
I have tried a few different things, modified the config for danted, made some changes to static routes, restarted more times than I care to count, and removed and re-installed the danted-server package. Same results as described, no changes. I’ve reverted all changes back to the configuration that was working before the update.
I’m happy to provide more information, I’m also open to different ideas other than a socks5 proxy. Though I do need something that isn’t too difficult to setup (for my other colleagues). I use Pfsense on baremetal, UI switchgear, and I can spin up VMs or containers, but I would prefer to keep things as lightweight as possible.
Thanks in advance!