Proxy server for free internet
Once I was finally fed up with pages like “this resource is locked on demand”, which began to come across more and more often. And more and more references were made about the “deep Internet”, i2p, tor, onion, anonymous p2p networks, and in general a breath of childhood hacker romance, when the Internet was something mysterious and was only available from two in the morning at 31200 ...
In general, the goal was set: to make a proxy server through which you can access any sites (including sites in the .i2p and .onion domains) bypassing any blockages. The goal of anonymity is not intended.
I managed to cross with a hedgehog, and now, like 17 years ago, I am exploring the deeper layers of the Internet. By the way, if we talk about i2p, then the speed of sensations is not much more than the Internet 17 years ago. The story is cyclical.
')
The article does not call for any actions of a political or criminal nature and is intended for those who do not like the framework and restrictions and chooses what and how to read.
How it works:
The main proxy server is squid.
Through cache_peer (upstream proxy), squid connects to i2p and tor. tor is a Socks proxy, and squid is an http proxy, so a privoxy layer is embedded between squid and tor.
We also have an updated ACL list of all blocked resources on the Russian Internet.
Squid handles requests from browsers as follows:
If a URL is requested in the .i2p domain, then the request is passed along a chain in i2p.
If a URL is requested in the .onion domain, the request is passed along the tor chain.
If a forbidden URL is requested, the request is passed along the chain to tor.
All other requests are sent directly by squid.
Instructions on how to make the Internet without limitations with your own hands:
FreeBSD 10 was used as the OS. If you have hands, you can do the same on any * NIX system
Software: Squid, tor, i2p, git (optional).
I2P may require port forwarding from the gateway if your proxy does not have a public IP address.
The system has only one network interface with the IP address 192.168.33.192
For a start, we are convinced that we have all the updates on the system and ports, the correct time zone is set and the time is synchronized with the world time.
We put programs from ports
Installed ports before installation:
compat6x-amd64-6.4.604000.200810_3 Convenience package to install the compat6x libraries
dialog4ports-0.1.5_2 Console Interface to configure ports
perl5.16-5.16.3_18 Practical Extraction and Report Language
pkg-1.4.4 Package manager
portmaster-3.17.7
Installation, for all ports all options by default. You may need to manually download the java distribution. Also, anyone can install via pkg install.
If we use GIT, then in addition we set:
We get the installed versions of programs:
squid-3.4.10_2
tor-0.2.5.10_1
i2p-0.9.16
privoxy-3.0.22
In the file /etc/rc.conf we register:
Configure i2p:
Create an i2p user:
We become a user of i2p and do the primary configuration:
On FreeBSD 10, i2p will not work properly, will generate the error “The current version of the Tanuki wrapper does not support FreeBSD 10”, therefore in the /usr/local/etc/rc.d/i2p file
we change the line
on line
and in the file /home/i2p/i2p/runplain.sh
we change the line
on
Run i2p:
We check that the process has started, java should be present in the process list:
in the file / etc / hosts prescribe
This line is needed to access the i2p management console from the browser.
Configuring TOR
in the / usr / local / etc / tor / torrc file we uncomment the line
Create the missing directories and run tor:
Customize Privoxy
we need privoxy as a bridge between Squid and Tor
in the file / usr / local / etc / privoxy / config
we change
on
This replacement is required for squid. squid binds the cache-peer to the ip address and cannot have more than one cache-peer at 127.0.0.1
Then we find the fragment with forward examples and add the line
The dot at the end of the line is required!
Run privoxy:
Configuring Squid
At the beginning of the /usr/local/etc/squid/squid.conf file, write the lines:
Create an empty file /usr/local/etc/squid/zapret-urls.txt
We start squid.
Customize the download of the list of prohibited URLs
We will use the site https://antizapret.info as a source, or rather, a regularly updated csv list available through git-hub https://github.com/zapret-info/zi
Option using git
root @ freedom_proxy: ~ # mkdir / root / zapret-info
Create the file /root/zapret-info/getzapretinfo.sh
Making the file executable:
Option without git and temporary files:
In both cases, we get the dump.csv file from the Internet, then we perform actions with it:
“Sed 1d” - cut off the first line
“Cut -d ';' -f 3 "- cut everything except the third column.
tr "\ |" "\ n" - replace the symbol | per line break
sed 's / ^ [\ t] * //; s / [\ t] * $ //' - trim the spaces and tabs
uniq - delete duplicate lines.
The result is recorded in /usr/local/etc/squid/zapret-urls.txt
in crontab we write a regular file update:
Check the work of the proxy:
In our favorite browser, we register the proxy server 192.168.33.192 port 3128 and begin to check.
We go to the address http://hideme.ru/ip/ and see what is indicated in the proxy item, there should be something like “You are using a proxy server 1.1 localhost (squid / 3.4.10) and your real IP: XX.XX .XX.XX ”
Squid works.
Now we check the work of TOR.
Go to the website http://thehiddenwiki.org or google the address where the hidden wiki now lives and then try to access any of the .onion links, for example http://3g2upl4pq6kufc4m.onion/ is a search engine.
http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page - an uncensored onion catalog of sites with preference and courtesans.
If everything is configured correctly, we will see the desired page.
If the proxy issued the error “Connection with 192.168.33.192 failed” - we do not have privoxy running, or the squid - privoxy bundle is configured incorrectly.
If we see an error 503 from privoxy (Privoxy was unable to socks4a-forward your request), then two options are possible: we entered the address of a nonexistent server, or problems with tor. For accurate diagnosis, it is recommended to check out a dozen onion links. If none works, carefully read the tor error file.
Check the work of i2p:
Go to the address http: // i2pconsole: 7657 / home
On the left under the i2p logo is the network status. If the status is OK or Firewalled - you can work. Testing status lasts for some time after i2p launch.
We look at the bottom of the list of recommended sites in the Eepsites of Interest.
We try to follow the links:
http: //plugins.i2p/
http: //anoncoin.i2p/
To configure i2p, go to http: // i2pconsole: 7657 / console
At the final stage of testing, we check locking bypass:
go to the site https://antizapret.info/ , look at the list of prohibited resources and try to go to a few sample. Pages should load without any problems.
Hooray! Now the Internet has become more!
In general, the goal was set: to make a proxy server through which you can access any sites (including sites in the .i2p and .onion domains) bypassing any blockages. The goal of anonymity is not intended.
I managed to cross with a hedgehog, and now, like 17 years ago, I am exploring the deeper layers of the Internet. By the way, if we talk about i2p, then the speed of sensations is not much more than the Internet 17 years ago. The story is cyclical.
')
The article does not call for any actions of a political or criminal nature and is intended for those who do not like the framework and restrictions and chooses what and how to read.
How it works:
The main proxy server is squid.
Through cache_peer (upstream proxy), squid connects to i2p and tor. tor is a Socks proxy, and squid is an http proxy, so a privoxy layer is embedded between squid and tor.
We also have an updated ACL list of all blocked resources on the Russian Internet.
Squid handles requests from browsers as follows:
If a URL is requested in the .i2p domain, then the request is passed along a chain in i2p.
If a URL is requested in the .onion domain, the request is passed along the tor chain.
If a forbidden URL is requested, the request is passed along the chain to tor.
All other requests are sent directly by squid.
Instructions on how to make the Internet without limitations with your own hands:
FreeBSD 10 was used as the OS. If you have hands, you can do the same on any * NIX system
Software: Squid, tor, i2p, git (optional).
I2P may require port forwarding from the gateway if your proxy does not have a public IP address.
The system has only one network interface with the IP address 192.168.33.192
For a start, we are convinced that we have all the updates on the system and ports, the correct time zone is set and the time is synchronized with the world time.
We put programs from ports
Installed ports before installation:
compat6x-amd64-6.4.604000.200810_3 Convenience package to install the compat6x libraries
dialog4ports-0.1.5_2 Console Interface to configure ports
perl5.16-5.16.3_18 Practical Extraction and Report Language
pkg-1.4.4 Package manager
portmaster-3.17.7
Installation, for all ports all options by default. You may need to manually download the java distribution. Also, anyone can install via pkg install.
root@freedom_proxy:~ # portmaster -D www/squid root@freedom_proxy:~ # portmaster -D security/tor root@freedom_proxy:~ # portmaster -D security/i2p root@freedom_proxy:~ # portmaster -D www/privoxy If we use GIT, then in addition we set:
root@freedom_proxy:~ # portmaster -D textproc/xmlcatmgr root@freedom_proxy:~ # portmaster -D devel/git
We get the installed versions of programs:
squid-3.4.10_2
tor-0.2.5.10_1
i2p-0.9.16
privoxy-3.0.22
In the file /etc/rc.conf we register:
i2p_enable="YES" i2p_user="i2p" squid_enable="YES" tor_enable="YES" privoxy_enable="YES"
Configure i2p:
Create an i2p user:
root@freedom_proxy:~ # adduser Username: i2p Full name: i2p Uid (Leave empty for default): Login group [i2p]: Login group is i2p. Invite i2p into other groups? []: Login class [default]: Shell (sh csh tcsh nologin) [sh]: Home directory [/home/i2p]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: yes Lock out the account after creation? [no]:
We become a user of i2p and do the primary configuration:
root@freedom_proxy:~ # su - i2p $ /usr/local/sbin/i2prouter install $ exit
On FreeBSD 10, i2p will not work properly, will generate the error “The current version of the Tanuki wrapper does not support FreeBSD 10”, therefore in the /usr/local/etc/rc.d/i2p file
we change the line
command="/usr/local/sbin/i2prouter"
on line
command="/home/i2p/i2p/runplain.sh"
and in the file /home/i2p/i2p/runplain.sh
we change the line
I2PTEMP="%SYSTEM_java_io_tmpdir"
on
I2PTEMP="/tmp"
Run i2p:
root@freedom_proxy:~ # /usr/local/etc/rc.d/i2p start
We check that the process has started, java should be present in the process list:
root@freedom_proxy:~ # ps -au | grep java i2p 26809 3.0 3.3 1255096 139080 0 S 1:15PM 0:10.15 /usr/local/openjdk7/bin/java
in the file / etc / hosts prescribe
127.0.0.1 localhost localhost.my.domain i2pconsole
This line is needed to access the i2p management console from the browser.
Configuring TOR
in the / usr / local / etc / tor / torrc file we uncomment the line
RunAsDaemon 1
Create the missing directories and run tor:
root@freedom_proxy:~ # touch /var/log/tor root@freedom_proxy:~ # chmod 666 /var/log/tor root@freedom_proxy:~ # mkdir /var/run/tor/ root@freedom_proxy:~ # /usr/local/etc/rc.d/tor start
Customize Privoxy
we need privoxy as a bridge between Squid and Tor
in the file / usr / local / etc / privoxy / config
we change
listen-address 127.0.0.1:8118
on
listen-address 192.168.33.192:8118
This replacement is required for squid. squid binds the cache-peer to the ip address and cannot have more than one cache-peer at 127.0.0.1
Then we find the fragment with forward examples and add the line
forward-socks4a / 127.0.0.1:9050 .
The dot at the end of the line is required!
Run privoxy:
root@freedom_proxy:~ # /usr/local/etc/rc.d/privoxy start
Configuring Squid
At the beginning of the /usr/local/etc/squid/squid.conf file, write the lines:
acl russia_block_urls url_regex "/usr/local/etc/squid/zapret-urls.txt" acl i2p_urls url_regex -i .*://.*\.i2p\/.* acl onion_urls url_regex -i .*://.*\.onion\/.* cache_peer 127.0.0.1 parent 4444 4444 no-digest allow-miss no-query cache_peer_access 127.0.0.1 allow i2p_urls cache_peer 192.168.33.192 parent 8118 8118 no-digest allow-miss no-query cache_peer_access 192.168.33.192 allow onion_urls cache_peer_access 192.168.33.192 allow russia_block_urls never_direct allow onion_urls never_direct allow i2p_urls never_direct allow russia_block_urls never_direct deny all always_direct deny onion_urls always_direct deny i2p_urls always_direct deny russia_block_urls always_direct allow all
Create an empty file /usr/local/etc/squid/zapret-urls.txt
root@freedom_proxy:~ # touch /usr/local/etc/squid/zapret-urls.txt
We start squid.
root@freedom_proxy:~ # /usr/local/etc/rc.d/squid start
Customize the download of the list of prohibited URLs
We will use the site https://antizapret.info as a source, or rather, a regularly updated csv list available through git-hub https://github.com/zapret-info/zi
Option using git
root @ freedom_proxy: ~ # mkdir / root / zapret-info
Create the file /root/zapret-info/getzapretinfo.sh
#!/bin/sh cd /root/zapret-info/zapret-info rm -rf zi /usr/local/bin/git clone https://github.com/zapret-info/zi.git cat zi/dump.csv | sed 1d | cut -d ';' -f 3 | tr "\|" "\n" |sed 's/^[ \t]*//;s/[ \t]*$//' |uniq > /usr/local/etc/squid/zapret-urls.txt
Making the file executable:
root@freedom_proxy:~ # chmod +x /root/zapret-info/getzapretinfo.sh
Option without git and temporary files:
fetch -o - https://raw.githubusercontent.com/zapret-info/zi/master/dump.csv | sed 1d | cut -d ';' -f 3 | tr "\|" "\n" |sed 's/^[ \t]*//;s/[ \t]*$//' |uniq > /usr/local/etc/squid/zapret-urls.txt
In both cases, we get the dump.csv file from the Internet, then we perform actions with it:
“Sed 1d” - cut off the first line
“Cut -d ';' -f 3 "- cut everything except the third column.
tr "\ |" "\ n" - replace the symbol | per line break
sed 's / ^ [\ t] * //; s / [\ t] * $ //' - trim the spaces and tabs
uniq - delete duplicate lines.
The result is recorded in /usr/local/etc/squid/zapret-urls.txt
in crontab we write a regular file update:
1 2 * * * root fetch -o - https://raw.githubusercontent.com/zapret-info/zi/master/dump.csv | sed 1d | cut -d ';' -f 3 | tr "\|" "\n" |sed 's/^[ \t]*//;s/[ \t]*$//' |uniq > /usr/local/etc/squid/zapret-urls.txt
Check the work of the proxy:
In our favorite browser, we register the proxy server 192.168.33.192 port 3128 and begin to check.
We go to the address http://hideme.ru/ip/ and see what is indicated in the proxy item, there should be something like “You are using a proxy server 1.1 localhost (squid / 3.4.10) and your real IP: XX.XX .XX.XX ”
Squid works.
Now we check the work of TOR.
Go to the website http://thehiddenwiki.org or google the address where the hidden wiki now lives and then try to access any of the .onion links, for example http://3g2upl4pq6kufc4m.onion/ is a search engine.
http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page - an uncensored onion catalog of sites with preference and courtesans.
If everything is configured correctly, we will see the desired page.
If the proxy issued the error “Connection with 192.168.33.192 failed” - we do not have privoxy running, or the squid - privoxy bundle is configured incorrectly.
If we see an error 503 from privoxy (Privoxy was unable to socks4a-forward your request), then two options are possible: we entered the address of a nonexistent server, or problems with tor. For accurate diagnosis, it is recommended to check out a dozen onion links. If none works, carefully read the tor error file.
Check the work of i2p:
Go to the address http: // i2pconsole: 7657 / home
On the left under the i2p logo is the network status. If the status is OK or Firewalled - you can work. Testing status lasts for some time after i2p launch.
We look at the bottom of the list of recommended sites in the Eepsites of Interest.
We try to follow the links:
http: //plugins.i2p/
http: //anoncoin.i2p/
To configure i2p, go to http: // i2pconsole: 7657 / console
At the final stage of testing, we check locking bypass:
go to the site https://antizapret.info/ , look at the list of prohibited resources and try to go to a few sample. Pages should load without any problems.
Hooray! Now the Internet has become more!
Source: https://habr.com/ru/post/249117/
All Articles