Start a new topic
In Progress

Support for SOCKS5 Proxy

I would like to see support for SOCKS5 proxies, preferably as another option for a Secure Gateway. I have a tunnel set up on my Mac, roughly equivalent to ssh -D 56789. I can, for instance, curl --socks5 localhost:56789 https://api.ipify.org to test that my connection is being passed through the tunnel. Using ssh -o 'ProxyCommand nc -x localhost:56789 %h %p' example.com also works.


It would be great to use this as a gateway for some of my connections. My other connections need to avoid this tunnel, which prevents me from using socksify on the whole TSX app.


Right now, if I create a Secure Gateway for localhost:56789, the "Test gateway" says it's working (just a port scan?). But using it as a gateway for an RDP connection hangs indefinitely on the connection phase. For a while, I ran a Linux VM to make the tunnel and wired a Secure Gateway to it. I eventually stopped using the VM because that setup was unreliable.


In any case, I'd rather not involve any other computers since my Mac can run the tunnel fine on its own. I'm also unenthusiastic about setting up port forwarding individually for every single connection.


Related discussions


SOCKS5 in the Windows TS "Idea" board 

Jody and I have similar goals for different reasons. I don't really care if the connection is encrypted an extra time; I just want to use an arbitrary socks5 proxy and decide on my own whether to use authentication or not. I don't think ActiveX is a consideration for the MacOS version, but I don't know what's going on under the hood.


FreeRDP socks5 GitHub pull request

Someone else is working on a per-connection socks5 configuration option for RDP. If the actual implementation of Secure Gateways in TSX RDP delegates to the proxy argument of FreeRDP rather than managing the tunnel elsewhere, this PR might help.


I'd like to set up the proxy once, point a TSX folder at it, and point all nested RDP/SSH connections to their parent folder.


Hi Michael,


we'd love to support SOCKS proxies in Remote Desktop Connections but right now this is not supported by the FreeRDP library.

There's a pull request on FreeRDP's Github which adds support but hasn't been merged yet. So we're optimistic that when the next major version of Royal TSX is ready, FreeRDP's SOCKS proxy support will be ready too.


cheers,

felix

Thanks, Felix! That's great to hear.


The FreeRDP codebase has now merged a pull request to support SOCKS5. I look forward to a version of TSX that takes advantage of it. I've been using port forwarding for the last few months, but it's not ideal.


Thanks again.

Hi Michael,


yeah, I've seen that. Unfortunately, at least at the moment it doesn't work for me and crashes immediately after trying to open the proxy connection. I'll look into it some more in the coming weeks.


cheers,

felix

Hi Felix,


Did your further experiments with SOCKS prove fruitful? It would be great if I could use that in TSX, ideally as a gateway. This week I tried compiling FreeRDP myself, but XCode is mad about some missing dependency.


BTW the TSX v4 Beta is great.

Hi Michael,


we just released beta updates for Royal TSX and the FreeRDP plugin which add support for HTTP and SOCKS proxies in RDP connections.

Could you please give the update a try and let me know how it works for you?


thx,

felix

I'm having some problems: all my RDP connections immediately close the tab (even ones that do not have a proxy set up). Both the ones that have a proxy AND the ones that do not say something like   

ⓘ Activity Connecting
 FreeRdpIpcConnection: Trying to register proxy as 'FreeRDP_9999999999_0'; success: True
 FreeRdpIpcConnection: Disconnected
ⓘ Activity Closed

 I do not know if it is significant, but the "999..." sequence is the same number (but not actually "999...") for every attempted connection.

Hi Felix,


Thanks for your work on this! Unfortunately, I'm unable to make connections through the proxy. The log looks like this: 

ⓘ Connecting
 FreeRdpIpcConnection: Trying to register proxy as 'FreeRDP_9999999999_0'; success: True
 FreeRdpIpcConnection: Client Connected
 loading channelEx ...
 loading channelEx ...
 SOCKS Proxy replied: Connection refused
ⓧ Protocol Security Negotiation Failure
ⓧ freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED
ⓧ Error: protocol security negotiation or connection failure
 ConnectionResultEventHandler: result: -1, connectErrorCode: 10006, Last Error Code: 0x2000C
 didChangeConnectionStatus:errorNumber:errorMessage: rtsConnectionClosed; 10006; 
 FreeRdpIpcConnection: Disconnected
 FreeRdpIpcConnection: Disconnect Error: The connection failed. (Error Code: CONNECTERROR)
ⓘ Closed

I tried this on connections that require the proxy and those that would normally do direct connections (but set to the proxy just to see what would happen). Both situations have a log like the one above.


Unproxied connections are working again.

Hi Michael,


sorry about the previous release which was basically DOA. Should be fine now...


Well, the log pretty clearly states that the connection was refused by the proxy server: "SOCKS Proxy replied: Connection refused".

Can you please check the proxy server's logs for the reason why the connection was refused?


cheers,

felix


1 person likes this

Hi Felix. I finally carved out some time to diagnose the connection. And found out (like a dummy) my test server was on a different default domain. After fixing the hostname, it works so great!!


I have one more request: Can you set up folder inheritance for the proxy like you have with credentials, so I can set connections to use parent settings?

Michael,


great to hear that you got it working now!


Regarding your feature request, would you mind creating a separate topic for it?


thx,

felix

Login or Signup to post a comment