mptcp-socks5-proxy

This repository implements a SOCKS5 relay, that i use to "bond" my two internet connections (VDSL and 5G) together. My hole setup took me like two weeks to get everything properly setup. My findings about MPTCP were old (old kernel before it was merged into the mainline). It was really frustrating (i had other issues as well, like having the lan cable for my PPPoE adapter to near to the power cable facepalm, which resulted in many broken packages), but finally i got it working. My second biggest issue was, that i could not get squid properly to work with MPTCP (neither mptcpize run nor LD_PRELOAD worked). So, i wrote my own simple socks5 relay first in C#, which had other issues.

Now i let copilot do the work and let him wrote a c++ implementation, which works really nicely (i can read c++ code, but writing is still hard and doing it properly therefore too much effort for me).

Setup

Debian 13 (6.12.63 kernel) has MPTCP support out of the box. Both tunnel go to the same server, but with different destination ports. I use OPNsense to explicitly route tunnel 1 over my VDSL connection and tunnel 2 over my 5G connection. Using the fwmark option in the wireguard config and create a local policy for that should work as well.

  +----------------------+                       +----------------------+
  | Debian 13 (Host A)   |                       | Debian 13 (Host B)   |
  +----------------------+                       +----------------------+
         |                                               |
         |   WireGuard Tunnel 1                          |
         |   Network: 100.127.240.0/30                   |
         |-----------------------------------------------|
         |                                               |
         |   WireGuard Tunnel 2                          |
         |   Network: 100.127.241.0/30                   |
         |-----------------------------------------------|

I also set both tunnel addresses through ip mptcp endpoint add to make sure MPTCP uses both paths and updated the limits. The installation of the mptcpd package (the demon is called mptcp without the d) seems to be required. Increasing the tcp buffers seems to be neccessary as well.

# Not persistent!!!
ip mptcp endpoint add 100.127.240.x/30 dev wg0 subflow signal 
ip mptcp endpoint add 100.127.241.x/30 dev wg1 subflow signal
ip mptcp limits set add_addr_accepted 2 subflows 2
sysctl -w net.core.rmem_max=67108864
sysctl -w net.core.wmem_max=67108864
sysctl -w net.ipv4.tcp_rmem="4096 87380 67108864"
sysctl -w net.ipv4.tcp_wmem="4096 65536 67108864"

[Debian 13 - at home]
         |
         v
[mptcp socks5 proxy (entry proxy)]
         |
         v
MPTCP session (subflows over two WireGuard tunnels)
         |                     | 
         |-- WireGuard Tunnel 1 (100.127.240.0/30) --|
         |                                           
         |-- WireGuard Tunnel 2 (100.127.241.0/30) --|
         v
[Debian 13 - at the data center]
         |
         v
[mptcp socks5 proxy (exit proxy)]
         |
         v
Internet (via TCP)

Since i not only want to use mptcp for outgoing connections, but also for incoming connections, my plan is to try to setup two nginx servers (dockerized) in combination with redsocks.