SOCKS proxy with authentication

Hi Brabik,

Did you find solution for it?

Hi spalan,

we got a working solution for SOCKS authentication from F5 professional services. This solution is built on iRules. As I am not the owner of the solution, I am not allowed to share it here so I can only refer you to your F5 support service and/or sales contacts for more details.

Thank you for understanding, Brabik

Thanks Brabik , I can totally understand. Can you please share at least basic configuration for VS, like DNS resolver, socks profile, pool and virtual server config. Do we have to configure upstream router or firewall as pool member for VIP?

Hi JB,

Would be really helpful if you can help with the basic setup. Thank you in advance!!

Hi, our solution is based on two daisy-chained virtual servers The latter VS contains standard SOCKS proxy configuration and is configured on non-default port:

ltm virtual VS_SOCKS_proxy {
destination 192.168.1.100:1081
ip-protocol tcp
mask 255.255.255.255
partition Common
profiles {
    /Common/PF_SOCKS { }
    /Common/tcp { }
}
rules {
    IR_SOCKS_WHITELIST
}
source 0.0.0.0/0
source-address-translation {
     type automap
}
translate-address enabled
translate-port enabled
vs-index 64
}

• iRule IR_SOCKS_WHITELIST whitelists only specific destination IPs behind the SOCKS tunnel in order to keep the network secure

The first Virtual server which is in front of the previous one is the VS enforcing the user authentication utilizing IR_SOCKS_basic-auth_EMEA iRule which we obtained from F5 Professional Services

ltm virtual VS_SOCKS_auth_emea {
destination 192.168.1.100:1080
ip-protocol tcp
mask 255.255.255.255
partition Common
profiles {
    /Common/tcp { }
}
rules {
    IR_SOCKS_basic-auth_EMEA
}
source 0.0.0.0/0
source-address-translation {
    type automap
}
translate-address enabled
translate-port enabled
vs-index 63
}

Thanks a lot JB