Why isn't socks5 with authentication widely supported? - socks

I've been searching around and there doesnt seem to be much socks5 support with authentication. i setup a socks5 with authentication on my ubuntu server, but doesnt seem like there are many browsers supporting it. why was socks5 even made then?

why was socks5 even made then?
To update the SOCKS protocol to support authentication, IPv6, and UDP.

Related

Is it possible to use Traefik if you have a DNS provider not on their list?

I really like the idea of Traefik, and it's easy to set up and use, but the problem I've had is getting SSL/TLS to work with it. Traefik has a list of approved DNS providers here, but I use Dynu.com, which isn't on the list.
Is there a way to use HTTPS with Traefik since I'm using Dynu.com and not one of their approved providers? I don't want to pay for another provider since I've already paid for Dynu, which has served me fine. CloudFlare is out as it's only for personal use, which is not what I'm doing. I've tried DuckDNS but got lost in their instructions since they only support .duckdns.org addresses.
Is there any way to make Traefik work with Dynu? I'm not that familiar with HTTPS so I'd need some instructions.
The DNS providers listed in the documentation is for the DNS challenge.
To get a Let's Encrypt(acme) certificates, you can use several challenges: TLS Challenge or HTTP challenge or DNS challenge.
The DNS challenge is the only challenge that support wildcard certificates (ex: *.foo.com).
If you don't need wildcard certificates, you can use the other challenges (like TLS challenge, it's the simplest challenge to configure.)
The challenges are automatically resolved by Traefik.
https://docs.traefik.io/v2.1/https/acme/#tlschallenge
https://letsencrypt.org/docs/

What is the difference between NEVPNManager and NETunnelProvider?

I'm trying to find out what's the difference between the two. I get the NETunnel is for ssl-vpn's and custom vpn's, but can they still be used interchangeably?
Can I use NETunnel to connect to an IPSec VPN?
My main need is to set my dns for the VPN, but I can't seem to do it with NEVPN
NEVPNManager is designed to control VPNs based on one of the built-in VPN plug-in types. NETunnelProviderManager is designed to control custom VPN plug-ins (and requires a special entitlement for those plug-ins).
Normally, with most VPNs, you would change the DNS on the other end of the VPN tunnel, by having the actual VPN server send a list of DNS server IPs to the client, this making that a server configuration detail, rather than something the app itself would need to control. NETunnelProviderManager offers that ability because it is designed to handle arbitrary VPN types that might not work that way.

Which protocols can be used to automatically set up inbound port-forwarding?

Today many of the routers do not forward inbound traffic from internet to LAN devices by default.
What are the best standards to use for my application to set up a dynamic inbound port-forwarding automatically for my services (UDP and/or TCP)?
I'm looking for solution like UPnP or whatever. It'd also need to be backwards compatible with old routers/modem.
P.S. How do software like utorrend implement this?
You need portforwarding. You need to know the ip adres of your server. For windows i use ipconfig, but you did not mention your OS.
Then you need to access your router (via your browser, type in the ipadres of your router itself). There you can login into your router and access the menu of the router. Search for portforwarding and set redirect the port you want to your server. I suppose you use your server as a bittorrent client:)
Some solutions I found:
Internet Gateway Device Standardized Device Control Protocol (IGD), by uPnp.
Application-level gateway (ALG).
STUN (thanks Sigismondo).
NAT Port Mapping Protocol (PMP) for MAC devices.
Others ? Pro and cons ? compatibility ?

Should I port my WebBroker projects to Indy

Long ago I started some "web applications" using Delphi 2007 and WebBroker (TWebModule). At the time I assumed you needed a webserver such as Apache or Microsoft IIS in order to create any sort of website. Additionally I don't use most of the Apache features (except for Virtual Server so I can have multiple domains on a single ip address and SSL). So to me Apache is just an extra layer and makes makes debugging difficult.
Now enter Indy (TIdHTTPServer). If I understand correctly, Indy IS a webserver. So by using Indy I am no longer bound to use Apache or some other webserver. Is this correct?
Will I have any issues supporting the Virtual Servers in an Indy environment? And what about SSL. I have searched the literature and from what I can see it fully supports SSL certificates.
I am now in the process of porting some of my application from WebBroker to Indy. This mostly entails replacing within my code references of Request: TWebRequest with ARequestInfo: TIdHTTPRequestInfo and references to Response: TWebResponse with AResponseInfo: TIdHTTPResponseInfo.
Is there anyway to use the TWebModule architecture within Indy so that I don't need to do all of this rewriting?
Lastly is there anything else I need to be concerned with? My goal is to take Apache out of the loop.
Yes, you can use Indy's TidHTTPServer as a webserver, but it's much lower-level than IIS or Apache. There is no concept of virtual servers - this you would have to implement yourself.
Indy does support SSL as well via the OpenSSL dll's.
I imagine the biggest concerns you will have will be security related...there are millions and millions of sites running Apache or IIS and there are a ton of people devoted to finding flaws in those platforms, with a bunch of people fixing some of those flaws as they come up. Not so with Indy... there's one or two guys that respond on newsgroups to bugs that you discover. (One guy in particular, who will probably respond to your question here as well.)
Now, I use Indy HTTP server (along with SecureBlackBox SSL support) and I find it to be great for my purposes.
Indy HTTP server calls the WinSock API, and is able to implement:
A full HTTP/1.1 server;
A full HTTPS server (using either OpenSSL libraries or other third parties, like SecureBlackBox).
AFAIK you can use Indy to publish web modules.
See http://www.2p.cz/files/2p.cz/downloads/howto/indy_soap_web_services_in_delphi.pdf
You can also use other servers, for instance directly the kernel-mode http.sys server, which is used by ISS and .Net WCF for instance, and known to be very stable and efficient (it bypasses the WinSock APIs). Of course, it will serve HTTPS conent, if needed. It is available in standard since Windows XP SP2, and therefore in Vista and Seven. Using this component will let Microsoft will do all the debugging work for you, and it will be updated with the host OS. I use it for instance in our Client-Server ORM, or directly to replace a deprecated DCOM connection, with very good speed and stability on customer side.
Regarding virtual servers - the HTTP 1.1 spec requires clients to send a Host request header so virtual servers know which domain is being used specifically to handle the case when multiple domains have the same IP. TIdHTTPRequestInfo has a Host property for that value. In fact, TIdHTTPServer internally validates to makes sure that an HTTP 1.1 request has the Host header before firing any of its OnCommand... events.

Are there HTTP client libraries for Delphi which suport NTLMSSP authentication?

We recently started using a Squid HTTP proxy server which provides squid-2.5-ntlmssp authentification.
Does somebody know if NTLMSSP is supported by one of the popular HTTP client libraries for Delphi (Indy, Synapse, ICS, nsoftware ...)?
Update: I just read in Wikipedia that
The Windows Service offering the acceptor side of NTLMSSP has been
removed from Windows Vista and Windows Server 2008 in favor of the
newer Kerberos authentication protocol.
So I guess that this auth method will be replaced by Kerberos soon - anyway I'll leave this question - for 'historic studies', or companies which always are a little behind current rocket-science etc. ;)
Related question: How can I get a Kerberos ticket with Delphi?
It seems Wininet should support it when enabled in the registry.
Indy includes a unit named IdAuthenticationNTLM.pas so it probably supports it, too.

Resources