SOCKS Proxy Support

[Ohge]

Can you please add SOCKS proxy support? I am working on a crawler that parses metadata, but I have received two fraudulent DMCA requests this week even though I never shared a single byte of the actual files (destroys torrent on metadata). The only way to avoid having my internet shut off while using this software is to push all the traffic through a proxy or VPN so my lSP is hidden. My primary concern is support in node.js, but if it can be supported client side as well that would help people who use proxies in their browsers for similar reasons.

P.S. This is great software, and I intend to add a bounty to this feature request.

[feross]

There's no way to add proxy support to the browser version of WebTorrent. That will always use your browser/OS proxy settings because JavaScript in a web page can't control that, for security reasons.

As for SOCKS support, it seems there's two possible ways to do it: proxy only connections to trackers, or proxy all connections (including peer connections). libtorrent has support for both options.

[feross]

This package looks quite good: https://www.npmjs.com/package/socks

[Ohge]

I've used libtorrent before for python stuff, but I really like your node implementation because I can just pass the magnet and file index to the client and they can stream the file themselves with zero client side dependencies beyond the browser. I'm not in any rush or demanding anything, as I have already moved my code to a VM behind a VPN, but I thought it would be much easier for most developers (myself included) if they could just pass in the proxy/auth details in the opts arguments when creating the instance, rather than putting all the traffic on the machine behind a VPN.

In any event this is some extremely cool software, and I hope you'll keep improving it, and adding features. Proxy or not you deserve the bounty. Thank you for sharing!

[feross]

Yeah, that's totally fair! I think this wouldn't be that hard to support, so it'll probably happen.

The socks dependency seems pretty lightweight. Or even better, we can avoid the dependency and just let the user pass in an instance of that or something.

Will look at this when I have some time. PR welcome too!

[feross]

Also, for others coming along later, this is the bounty that @Ohge is referring to: https://www.bountysource.com/issues/34324857-socks-proxy-support

[romaincointepas]

Definitely interested in this as well, just added $50 to the bounty!

[yciabaud]

I have some difficulties to set a SOCKS proxy for UDP up to test my PR webtorrent/bittorrent-tracker#157 to enable socks proxy on tracker requests.
I tried dante server but I could not achieve to connect to it.

It must be a configuration issue but I could not fix it...

Does anyone can help me with this by testing or explain how to setup UDP forwarding?

[romaincointepas]

@yciabaud You could test using https://www.privateinternetaccess.com (free trial I think), they offer SOCKS5 proxy specifically for torrenting (so it should support UDP/TCP, also good to test authentification).

[yciabaud]

@romaincointepas Unfortunately, there is no free trial and the free proxies I found only allow http browsing.

It would have been easier to setup a local proxy, I will give it another try...

[romaincointepas]

@yciabaud I just emailed you the PIA SOCKS5 proxy (UDP/TCP and made for torrenting) with my personal credentials, good luck!

[yciabaud]

Thank you for letting me use this, I tried yesterday and I achieved to use the proxy for HTTP and Websocket trackers. Unfortunately the connection is not established on UDP trackers.

Digging into this, I will keep you in touch.

[yciabaud]

Little update, I got the negotiation for UDP relay working but the messages are still not forwarded to the destination.

Should work on this soon.

[romaincointepas]

@yciabaud Looking forward, good luck!

[dcposch]

@yciabaud curious, what all gets proxied?

WebTorrent talks to the network it lots of ways. So far I've found:

1. Connecting to traditional trackers over UDP
2. Connecting to traditional trackers over HTTP/S
3. Connecting to WebTorrent trackers via websockets
4. Connecting to peers by making an outgoing TCP connection
5. Connecting to peers by listening on a port, accepting incoming TCP connections
6. Connecting to peers over WebRTC
7. Connecting to web seeds over HTTP/S

The connections are made from a few different modules: webtorrent, simple-get, and torrent-discovery.

Do we need to proxy all of those?

[yciabaud]

You're right @dcposch, I am currently working on bittorrent-tracker to cover:

1. Connecting to traditional trackers over UDP - In progress
2. Connecting to traditional trackers over HTTP/S - Done
3. Connecting to WebTorrent trackers via websockets - Done

But then we should add proxying connections to peers as well:

1. Connecting to peers by making an outgoing TCP connection
2. Connecting to web seeds over HTTP/S

The last cases are a bit different, I don't know if we need to manage proxying incoming connections and webrtc, some proxies can open a port and forward incoming messages to you but I don't think other clients has implemented it. For webrtc, TURN/STUN can be used but it may be better to use the configured proxy.

1. Connecting to peers by listening on a port, accepting incoming TCP connections
2. Connecting to peers over WebRTC

Finally I would add a last networking issue:
8. Connect to TURN servers

In that case, proxy may be needed to access the servers.

Let's start with tracker and peers support for outgoing connections and then discuss on the other cases.

[romaincointepas]

@yciabaud @dcposch Any update on this? I would be more than happy to bump the bounty quite a bit if that helps.

[yciabaud]

No update on my side, I was quite stuck on UDP tracker proxy, I should have another look this week.

The code looks good but I did achieve to connect to a UDP tracker yet...

[yciabaud]

I cannot get vuze to work with UDP, tried @romaincointepas proxy and a local 3proxy instance and I have the same behavior... UDP negociation works but then the request times out...

Can somebody test it for me? Maybe my ISP is locking some kind of traffic 👎

[romaincointepas]

Most SOCKS5 proxy servers out there are not compatible with UDP trackers (3proxy being one of them). As far as I know (I've tried a lot of them), only dante-server works.

See this comment from the creator of libtorrent:

My experience with udp over socks5 is that very few proxies implement it correctly or at all. As far as I can recall, I've only seen one that does (dante).

My uneducated guess is that it may have something to do with http://www.bittorrent.org/beps/bep_0015.html (UDP connections / spoofing):

In the ideal case, only 2 packets would be necessary. However, it is possible to spoof the source address of a UDP packet. The tracker has to ensure this doesn't occur, so it calculates a value (connection_id) and sends it to the client. If the client spoofed it's source address, it won't receive this value (unless it's sniffing the network). The connection_id will then be send to the tracker again in packet 3. The tracker verifies the connection_id and ignores the request if it doesn't match. Connection IDs should not be guessable by the client. This is comparable to a TCP handshake and a syn cookie like approach can be used to storing the connection IDs on the tracker side. A connection ID can be used for multiple requests. A client can use a connection ID until one minute after it has received it. Trackers should accept the connection ID until two minutes after it has been send.

PIA, Torguard and other VPN providers all seem to use dante-server for their SOCKS5 proxy, and I can get a proxied setup working with http://www.qbittorrent.org + PIA SOCKS5 proxy (the one I sent you by email @yciabaud, can you try with qBittorrent?).

Also, could http://www.bittorrent.org/beps/bep_0015.html (UDP connections / spoofing) mean that there is some additional trickery needed client-side for UDP trackers to work?

[yciabaud]

OK got it working now, at first I set a local dante server to have logs and then I checked with your proxy server.

So here is the new status (when PR webtorrent/bittorrent-tracker#157 is merged):

• Connecting to traditional trackers over UDP
• Connecting to traditional trackers over HTTP/S
• Connecting to WebTorrent trackers via websockets
• Connecting to web seeds over HTTP/S
• Connecting to peers by making an outgoing TCP connection
• Connecting to peers by listening on a port, accepting incoming TCP connections
• Connecting to peers over WebRTC
• Connecting to TURN servers

Connecting to peers should not be too difficult for HTTP and TCP. WebRTC and TURN will not be straightforward so we can look at this later.

[romaincointepas]

@yciabaud Great!

What happens if the SOCKS5 server does not respond (either right away or later on)? Does bittorrent-tracker fallback on direct connection or fail? (for each case)

[yciabaud]

No fallback, the request will time out and we will wait the next announce interval to try again.

[yciabaud]

Worked on proxying peer connections today, needs more testing but webseeds and tcp should be ok.

[Miserlou]

Excellent news!

[samholmes]

What's the status on this?

[erlinux]

i need it.

[Fenny]

Any updates? This is kinda big :p

[fredsif]

Added 25$ to the bounty.

[actuallymentor]

If anyone is working on this and needs a SOCKS5 to connect to, feel free to use socks.generousvpn.com on port 1080 without login credentials. It uses the aforementioned Dante proxy package.

Disclosure: I run generousvpn.

Edit: specified no login credentials.

[nake89]

Any new developments regarding this?

[Fenny]

I think webtorrent had his prime, specially since IPFS is growing rapidly.