- Proxy is not VPN.
- An application could provide an option to use a proxy, by a command line parameter, or an environment variable. Or it could provide no option for proxy at all!
- VPN is an easy way to "proxy" the whole system without any application specific settings.
A proxy could use SOCKS or HTTP protocol.
A SOCKS proxy can be connected by a client using SOCKS protocol, whose URI can be "socks5://host:port", "socks5h://host:port", "socks4://host:port", or "socks4a://host:port". socks5, socks5h, socks4 and socks4a are different versions of SOCKS. Nowadays you should use SOCKS version 5 and specifically socks5h. More on socks5h will be put later.
The easist way to setup a SOCKS proxy is to use SSH Port Forwarding, like
ssh -D ...
plink
from PuTTY
See more on SSH Port Forwarding, like multi-hops forwarding, etc.
Most of the time you need to do DNS resolving remotely in the proxy server side. Then you need socks5h. For example, for curl, you tell it to do remote DNS resolving by
all_proxy="socks5h://host:port" curl ...
However, not all clients recognize socks5h://
. And,
- Some clients do DNS through
socks5://
by default, like Chrome (but it doesn't recognizesocks5h://
) - Some do not do DNS through
socks5://
, like curl (it recognizes both and treats them differently).
Some applications accept only HTTP Proxy, like python pip
. A simple way to meet this is to setup a HTTP proxy that forwards requests to a SOCKS proxy. This can be achieved by Privoxy, with a line in its configuration file like
forward-socks5 / 127.0.0.1:1080 .
(DO NOT MISS THE TRAILING DOT!)
Then you could provide a HTTP Proxy in URI like http://host:port
. See Privoxy Forwarding for more on this.
Most browsers provide settings for proxy and accept both SOCKS and HTTP proxies.
It has various proxy settings and DNS settings in GUI out of box, which is friendly to users.
The proxy setting is only available from command line, like --proxy-server="socks5://127.0.0.1:1080"
. And DNS is by default through the proxy if present. See more on proxy support in Chrome.
It can only use the system proxy settings and has no way to config the DNS (at least I haven't found it!). So in fact a proxy is useless for it!
all_proxy
, http_proxy
, https_proxy
, ..., no_proxy
and their counterparts in upper case, like ALL_PROXY
, etc..
Note:
- It's up to an application to respect one of them, or none at all!
- Setting all the
*_proxy
variables (exceptno_proxy
and its counterpart) may cause problem for some applicaitons, like wget.
See more on the environment varaibles.
It provides transparent proxy function for (almost) any application. It makes use of environment variable LD_PRELOAD
. It uses that mechanism to capture system calls including connect
, select
, poll
, close
and optionally res_init
(for DNS) to use a proxy. So It doesn't work for static-linked applications. Neither for those who make low level system calls other than those listed for network directly. And, by default it doesn't do DNS through a proxy. That depends on specific config settings on compiling. See its source code for how-to. So I would suggest you to try the environment variables aforementioned before you turn to tsocks.
Set a system wide proxy by "Internet Options". However, it is up to an applications as to how to use the system wide proxy, or not to use it at all. But good news are
- The
wsl --install
command respects the system proxy settings. - Usually you don't need a proxy to do
wsl --install
.