[Feature Request]: Allow to chain ssserver to another socks5 proxy

[vt-alt]

Please allow to chain shadowsocks server to another socks proxy.

For example user wants to connect to a cloudflare Warp gateway (which is in socks5 proxy mode) but to have his side using shadowsocks (on windows).
Currently shadowsocks-windows do not allow to configure tunnel protocol. This prevents such scheme.

So it would allow to use usual shadowsocks windows client (as a socks proxy) that connects as normal to a remote ssserver but that ssserver redirects (not decoded socks5 traffic) to a local warp-server socks5 port.

[zonyitoo]

I can’t get your point. Could you elaborate it more in detail?

[vt-alt]

Idea is that ssserver would not terminate connections on its own but to forward them to some other socks server (such as Warp in my example).

Or from another point of view it's to allow to configure tunnel mode on the ssserver (while now it's only for sslocal).

[zonyitoo]

Or from another point of view it's to allow to configure tunnel mode on the ssserver (while now it's only for sslocal).

Of course. ssserver is designed as a remote server of shadowsocks, so it is only for working with sslocal.

Idea is that ssserver would not terminate connections on its own but to forward them to some other socks server (such as Warp in my example).

ssserver is running in a remote server. It's outbound is to connect target remote servers. Why were targets are connected via a socks5 server?

[vt-alt]

In my example browser connects with socks5 to a local shadowsocks-windows, but shadowsocks-windows does not allow to configure tunnel protocol. So idea is to allow remote ssserver (which local shadowsocks connects to) to also allow configuring tunnel or chaining mode.

(ps. This may also be useful for general proxy chaining, like terminating all ssserver connections to Tor which runs on the same remote server as ssserver.)

[zonyitoo]

If I understand it correctly: your ssserver was hidden from sslocal with a socks5 proxy.

Client -> sslocal -----(socks5)-----> ssserver -> Target

So the key issue in this topology is that sslocal must connect to ssserver with socks5 proxy protocol.

It should be Ok to add Proxy support in the ServerConfig, for example:

{
	"servers": [
		{
			"server": "1.2.3.4",
			"server_port": 8999,
			"proxy": "socks5://2.3.4.5:1080"
		}
	]
}

[zonyitoo]

For now, you can achieve this goal with other tools, like proxychains.

I don't know if there are any replacements in Windows Platform.

[vt-alt]

My scheme is

browser using socks5 -> local shadowsocks-windows (sslocal) ------> remote ssserver

I want to add additional proxy at the ssserver node, such as CF Warp (which supports socks5). But I cannot configure shadowsocks-windows because it's config UI is very basic and it's overrides gui-config.json thus there is no way I can add "protocol": "tunnel" to it.

Yes perhaps I can try to run one ssserver instance under proxychains. Thanks.

[chuxi]

I am figuring how to make such route . Because many resources are blocked from the VPS ips. for example, now I can not post twitter with my vultr server :(

                      vps server node
             | --------------------------------- |
sslocal ---> |  ssserver ---> warp socks5 proxy  | ---> warp gateway ---> target resource
             | --------------------------------- |

[vt-alt]

BTW, To use proxychains (on Debian 11) with systemd service: it turned out that systemd services are not very compatible with LD_PRELOAD they using to wrap connections. So it's ended up using this line (which equals to LD_PRELOAD=libproxychains.so.4) — ExecStart=/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --preload /usr/lib/x86_64-linux-gnu/libproxychains.so.4 /usr/bin/ss-server -c /etc/shadowsocks/warp.json.

Some sites detect Warp as a kind of public proxy too.