Furion

Furion is an encrypted proxy (SOCKS5 + SSL) written in Python. I've written it to help myself get over the Great Firewall of... you know where.

It has no external dependencies other than a standard Python 2.x (>2.5) installation. The advantages of Furion vs a SSH Socks5 proxy are:

  • You don't need to reconnect if something happens and your network breaks for a while (e.g. put your laptop to sleep/standby)
  • Easier to manage/share accounts
  • Better security, it only allows proxy to destination port 80/443, and prevents DNS leak by not allowing using IP address as destination in the protocol.
  • Can easily use other Furion server as upstream, making a chain of proxies.

Here is how I use it: I run a copy of Furion on a small VPS box of mine in the US, configured as server (with SSL and authentication turned on), and on my desktop I run Furion configured as client, with SSL and authentication off,  and using my VPS as upstream proxy. This way I can configure my browser to use the local Furion as socks5 proxy and visit any website that my VPS can reach. It's pretty cheap to buy a low-end VPS nowadays (I personally have a few $15/year ones), plus you can share with your friends too once you get it working. Here is a simple diagram showing how it works:

graph TD
Browser--socks5-->FC(Furion Client);
FC--socks5 + ssl-->GFW(The Great Firewall);
GFW-->FS(Furion Server);
FS-->WS(Web Site);
WS-->FS;
FS--socks5 + ssl-->GFW;
GFW-->FC;
FC(Furion Client)--socks5-->Browser;

Firefox and Chrome have extensions that can auto switch to use a proxy when visiting a banned URL (e.g. autoproxy for FireFox and SwitchySharp for Chrome), which make this much easier to use for the purpose.

Code is in a HG repo on bitbucket. No GUI yet, just a plain console program, and all settings are done in configuration file: furion.cfg. There are two cfg examples in the examples directory. There is also an executable for Windows configured to use my VPS as upstream that should be ready for immediate use. Don't abuse this or it might be taken down anytime. Download the windows executable here. By default it listens on 127.0.0.1 port 11080. Set that as socks5 proxy address in your browser and you are good to go.

A few caveats:

  1. Many recent versions of Internet Explorer don't have SOCKS5 support at all. Firefox/Chrome are recommended instead, you will want to use one of the automatic proxy switching extensions mentioned above anyway.
  2. FireFox users need to set network.proxy.socks_remote_dns to true in about:config, otherwise Furion would refuse connections. This is done by design to avoid DNS poisoning.
  3. When running Furion server, you need a pem file for SSL encryption, I have put one in the examples directory for convenience, but keep in mind it's not safe to use that same pam file, generate your own pem file instead if you care.
  4. To enable authentication for Furion server, you need a simpleauth.passwd and write username/password in it. An example is also available in the examples directory in source tree.
  5. On a OpenVZ VPS with small memory (256M or less), you probably want to set a smaller stack size than default, like "ulimit -s 256", to reduce memory usage, or Furion could have problem when allocating many new threads.