init

.github/workflows/docker-hub.yml

@@ -0,0 +1,34 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - "release"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: proxygo/socks-tls:latest

.github/workflows/go.yml

@@ -0,0 +1,28 @@
+# This workflow will build a golang project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+
+name: Go
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 'stable'
+
+    - name: Build
+      run: go build -v ./...
+
+    - name: Test
+      run: go test -v ./...

.gitignore

@@ -0,0 +1,18 @@
+# Mac OS X files
+.DS_Store
+# Binaries for programs and plugins
+*.dll
+*.so
+*.dylib
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
+
+logs/
+bin/
+

Dockerfile

@@ -0,0 +1,9 @@
+FROM golang:alpine
+
+WORKDIR /app
+COPY . /app
+ENV GO111MODULE=on
+RUN go build -o ./bin/socks-tls ./main.go
+
+ENTRYPOINT ["./bin/socks-tls"]
+

LICENSE

@@ -0,0 +1,20 @@
+The MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+

README.md

@@ -0,0 +1,41 @@
+# socks-tls
+
+A socks5 proxy over tls
+
+# Features
+* Support connect
+* Support udp associate
+* Support tcp over tls
+* Support specified interface
+* Support ldap auth
+
+# Usage
+```
+Usage of /main:
+  -l string
+        local address (default ":1080")
+  -p string
+        password
+  -u string
+        username
+  -sk string
+        server key file path (default "../certs/server.key")
+  -sp string
+        server pem file path (default "../certs/server.pem")
+  -tls enable tls
+  -iface string
+        specified interface
+  -t int
+        dial timeout in seconds (default 30)
+  -ldap
+        enable ldap auth
+  -ldap-addr string
+        ldap address (default "127.0.0.1:3890")
+  -ldap-base-dn string
+        ldap base dn (default "dc=example,dc=com")
+```
+
+
+
+# License
+[The MIT License (MIT)](https://raw.githubusercontent.com/proxy-go/socks-tls/main/LICENSE)

auth/auth.go

@@ -0,0 +1,57 @@
+package auth
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/go-ldap/ldap"
+)
+
+func LdapVerify(ldapAddr string, ldapBaseDN string, username string, password string) bool {
+	// Connect to LDAP server
+	l, err := ldap.Dial("tcp", ldapAddr)
+	if err != nil {
+		log.Printf("Connect failed: %s", err)
+		return false
+	}
+	defer l.Close()
+
+	// Bind with service account
+	err = l.Bind(fmt.Sprintf("uid=%s,ou=people,%s", username, ldapBaseDN), password)
+	if err != nil {
+		log.Printf("Bind failed: %s", err)
+		return false
+	}
+
+	// Search for user
+	searchRequest := ldap.NewSearchRequest(
+		fmt.Sprintf("ou=people,%s", ldapBaseDN),
+		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+		fmt.Sprintf("(&(objectClass=person)(uid=%s))", username),
+		[]string{"dn"},
+		nil,
+	)
+
+	sr, err := l.Search(searchRequest)
+	if err != nil {
+		log.Printf("Search failed: %s", err)
+		return false
+	}
+
+	if len(sr.Entries) != 1 {
+		log.Printf("User %s not found or too many entries returned", username)
+		return false
+	}
+
+	// Bind with user's DN and password
+	userDN := sr.Entries[0].DN
+	err = l.Bind(userDN, password)
+	if err != nil {
+		log.Printf("Bind failed: %s", err)
+		return false
+	}
+
+	// Authentication successful
+	log.Printf("%s authentication successful", username)
+	return true
+}

auth/auth_test.go

@@ -0,0 +1,12 @@
+package auth
+
+import (
+	"testing"
+)
+
+func TestLdapVerify(t *testing.T) {
+	username := "test"
+	password := "password"
+	flag := LdapVerify("192.168.1.211:3890", "dc=windvpn,dc=com", username, password)
+	t.Log(flag)
+}

certs/certificate.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDTCCAvWgAwIBAgIUG54LvndX0J9LqSACdmFeRyJY8sIwDQYJKoZIhvcNAQEL
+BQAwgZUxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxDjAMBgNVBAcMBUVhcnRo
+MRcwFQYDVQQKDA5SYW5kb20gQ29tcGFueTELMAkGA1UECwwCSVQxGjAYBgNVBAMM
+EXNvY2tzNW92ZXJ0bHMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBzb2NrczVv
+dmVydGxzLm9yZzAeFw0yMTEyMDYwODQyNDBaFw0zMTEyMDQwODQyNDBaMIGVMQsw
+CQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMQ4wDAYDVQQHDAVFYXJ0aDEXMBUGA1UE
+CgwOUmFuZG9tIENvbXBhbnkxCzAJBgNVBAsMAklUMRowGAYDVQQDDBFzb2NrczVv
+dmVydGxzLm9yZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5Ac29ja3M1b3ZlcnRscy5v
+cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAn681JZVnwbHEh0Ro
+0rIkxhVW93v2Igl5trL/ClgZzm2BsvAP3POjUzJuh88vE35YU7uZ6I+d7bQkC961
+CWwpqSS3UBZu0JIiXtXuJYaO9OfZli1EWV+obF+f10Y8Ia/Wrsjitg4U7Is+bRUa
+AwZf51WipzBWfvhTDZJbqUIgrfsVpDYzMxIrnxDSnA3jPkVuXRzDJNSjhp0SAlCO
+urvsVWCna/lFwSRyFuBrfdzkmB9JPFy1wm3SCss2D/zSh3/BfmDLhK9KkRJIwiwd
+DcsivlF8H0YfCxKhwnBRlZrDPQVfCkkVkgF+L8aiJjoNE7cfGqVTx0KY0/tss3KA
+cU8hAgMBAAGjUzBRMB0GA1UdDgQWBBSLk4aT6U6CWlI5UCQ00vyWSxXJsTAfBgNV
+HSMEGDAWgBSLk4aT6U6CWlI5UCQ00vyWSxXJsTAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQAdSHQNwjma4lZURS34X8EAida2/tLQ1P70ch+WL+xF
+G8mrzTncvB4IeUrMbLJGTz6KPDpg2Kf0PAoozNl8soVx4vNRypXKvHRkgBXiJJTG
+G1HDsEMEZQSaLvxcttgGjC0mFRF5m3HOzJFn1uE9EfEW4VWA3iLlgtn+qtqfxkNJ
+SFAgwZeTin8yZTSZZCcj4X1/ERl/tXY+Ot882NmEbyeG2WUIQvAt4TcDH+RLnqmA
+hM7OQ3P/DLKuUat8dvVpYb68bG16AzBqRM6wHTMp7AFklMz6yB8AUQYJeS8bfQe5
+zAkBDYr5yCjudLT1OVvHXHErxKelIl9Aqm7rP5BF5pxs
+-----END CERTIFICATE-----

certs/private.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAn681JZVnwbHE
+h0Ro0rIkxhVW93v2Igl5trL/ClgZzm2BsvAP3POjUzJuh88vE35YU7uZ6I+d7bQk
+C961CWwpqSS3UBZu0JIiXtXuJYaO9OfZli1EWV+obF+f10Y8Ia/Wrsjitg4U7Is+
+bRUaAwZf51WipzBWfvhTDZJbqUIgrfsVpDYzMxIrnxDSnA3jPkVuXRzDJNSjhp0S
+AlCOurvsVWCna/lFwSRyFuBrfdzkmB9JPFy1wm3SCss2D/zSh3/BfmDLhK9KkRJI
+wiwdDcsivlF8H0YfCxKhwnBRlZrDPQVfCkkVkgF+L8aiJjoNE7cfGqVTx0KY0/ts
+s3KAcU8hAgMBAAECggEAXHRIxFmlvIdbq9jBHQ8EMmJhG7zt4tWzdpgakg+E+d36
+8aXRU8vZpSrpqePFrfLNUdfe06CsTkEplaOc4YgEQnrNBK+MFORHP/gE9qlMTJGA
+Nw+96nB7WXuq6i2JqJMCsyhxg1+eoqxmqS/yUOnixWVj1Q4qRVnsFvEMrrIu6z/B
+OSthRQkG1weXV0hckI6nDoceujDkgg71Bp2VbQFBeDfxVHPiTbNbBHD6dC/7LVD1
+gLZkaZhrEPX84+SDv5FzLkWQkb+jP6MejlHFtt3tOx1z+zh9o+U170eo1Y6rECoM
+CBYuq6iU3KX+juKb1ltMSGQoKhCxYhlbwjctF3yZgQKBgQDpBAqSOdHYUOuwJu65
+UKW9uLqiigC3x+3BsetbQRxPkVBjS5rdH8qrFt7j4IJaPaLVNKti75Z9Cl4Vlcy2
+Xrmf2HfZ+QCqUVEoMCL0/F7UOba3czGCqrHBiPH0UFr60xzXeMFWXfFHtw3r/9Ha
+wd7nVvI8KtliT5x/ckvdUTXUywKBgQDTn7DdInGJSL51g5LdnXFGGtNUc1mCyoLL
+DaSpsXA1uAuu3oJGlcUurjKGyakXHiKUrdx1N3u5O45jHtGqrwJUECYMO1YDar5/
+LdgV+6xTrdNktPg9Gnpw9nUje3BEiZshxbapyF3Kqb7uQbOZ8nkFqQiBAOGsTtvU
+0eJhPXoaQwKBgEr2vd/lMhmBjxGQtORxiaDLuV9pPmnhrB/QeYNWIyGGAnKvdBcH
+j1ATf4mYRNd7VNN6qlid87Auka4oDz/soZNHNOevMAObPZzMP7LJLkjgeGP0b002
+VRGKWSzcXSismm7Hrot2lZUY0yXFm2HhVTDfy/aHYoA6VIK75qRA6CyZAoGBAJMF
+DEB031+60+acI/ommT1VAaBYCsWcn0UmE1F43jXTyPoRx3v2LOkDSELv8rMG0ots
+Rg6BH0lOoNsn3A2yS/HOzkANMPJqxDFizg5nrA7uYkBCoXsB3DKCZlriNNrIpqfN
+zdsiQla7mtO3fWjkVUOjbS8CR8YHex3dOmLH7P41AoGBAIGV3VJM8T01RTgWKZ3J
+f19TO6FbxJ/DO/1BB5qnmR3Ny5rqA1u2A9t+qOAqme6LInhipB1m8qtLk4JiEBGT
+pjdKk79qwNdX47mujNJ45R2mN1Sk06xfiymQePZGBRBPHPLZJsrw8VjDOtjInGfN
+z54sRhYW/+ZMaTgB7nHdAASc
+-----END PRIVATE KEY-----

go.mod

@@ -0,0 +1,10 @@
+module github.com/proxy-go/socks-tls
+
+go 1.22
+
+require (
+	github.com/go-ldap/ldap v3.0.3+incompatible
+	golang.org/x/sys v0.11.0
+)
+
+require gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect

go.sum

@@ -0,0 +1,8 @@
+github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
+github.com/go-ldap/ldap v3.0.3+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 h1:nonptSpoQ4vQjyraW20DXPAglgQfVnM9ZC6MmNLMR60=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=

main.go

@@ -0,0 +1,25 @@
+package main
+
+import (
+	"flag"
+
+	"github.com/proxy-go/socks-tls/socks"
+)
+
+func main() {
+	config := socks.Config{}
+	flag.StringVar(&config.LocalAddr, "l", ":1080", "local address")
+	flag.StringVar(&config.Username, "u", "", "username")
+	flag.StringVar(&config.Password, "p", "", "password")
+	flag.StringVar(&config.TLSCertFile, "cert", "./certs/certificate.crt", "certificate file")
+	flag.StringVar(&config.TLSKeyFile, "key", "./certs/private.key", "private key file")
+	flag.BoolVar(&config.TLS, "tls", false, "enable tls")
+	flag.StringVar(&config.Iface, "iface", "", "specified interface")
+	flag.IntVar(&config.Timeout, "t", 30, "dial timeout in seconds")
+	flag.BoolVar(&config.LdapAuth, "ldap", false, "enable ldap auth")
+	flag.StringVar(&config.LdapAddr, "ldap-addr", "127.0.0.1:3890", "ldap address")
+	flag.StringVar(&config.LdapBaseDN, "ldap-base-dn", "dc=example,dc=com", "ldap base dn")
+	flag.Parse()
+
+	socks.Start(config)
+}

scripts/build.sh

@@ -0,0 +1,15 @@
+#!bin/bash
+
+#Linux amd64
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ./bin/socks-tls-linux-amd64 ./main.go
+#Linux arm64
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o ./bin/socks-tls-linux-arm64 ./main.go
+#Mac amd64
+CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o ./bin/socks-tls-darwin-amd64 ./main.go
+#Mac arm64
+CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o ./bin/socks-tls-darwin-arm64 ./main.go
+#Windows amd64
+CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o ./bin/socks-tls-windows-amd64.exe ./main.go
+#Windows arm64
+CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -o ./bin/socks-tls-windows-arm64.exe ./main.go
+echo "DONE!!!"

sockopt/sockopt.go

@@ -0,0 +1,31 @@
+package sockopt
+
+import (
+	"net"
+	"syscall"
+)
+
+// Options is the options struct.
+type Options struct {
+	bindIface *net.Interface
+	reuseAddr bool
+}
+
+// Option is the function paramater.
+type Option func(opts *Options)
+
+// Bind sets the bind interface option.
+func Bind(intf *net.Interface) Option { return func(opts *Options) { opts.bindIface = intf } }
+
+// ReuseAddr sets the reuse addr option.
+func ReuseAddr() Option { return func(opts *Options) { opts.reuseAddr = true } }
+
+// Control returns a control function for the net.Dialer and net.ListenConfig.
+func Control(opts ...Option) func(network, address string, c syscall.RawConn) error {
+	option := &Options{}
+	for _, opt := range opts {
+		opt(option)
+	}
+
+	return control(option)
+}