Recommendations for SOCKS5 proxy services as cloud gateway

I’m currently researching for a way to route all traffic from a Balena device through a proxy. The thread here raised an interesting approach as well as some very relevant questions - routing all traffic through a proxy…

Generally speaking, though I am interested if there are any recommendations on how to get production/scalable SOCKS5 proxy on the cloud side. The purpose is to route all traffic from a Balena device to a single IP address (with white label domain) on a single port and have that proxy relay requests to the wider internet.

These devices need to be deployed behind restrictive firewalls where we have to negotiate our access to the wider internet. Our job would be made much easier if we could ask for all traffic to a single external IP address to be placed on the allowlist.

Are there any method - or even better, SaaS products - that offer this sort of service that you’d recommend?

  • static reserved IP address to connect to proxy via single port
  • white label domain on reserved IP
  • authentication & logging

Hi @nebbles, welcome to the Balena forums.

I’m not sure exactly about using a socks proxy, but have you considered using a VPN? balenaOS already has openvpn installed (we use it for our management VPN) and I think it should be possible to create network manager connection file that does this.

Hope that helps.

James.

Hi James, thanks for the quick response. Would consider a VPN, our concern would be scaling it to multiple devices. Perhaps you could provide some insight on how you handle so many VPN connections to IOT devices through a single host?

The thought of the proxy was a lightweight middleman for directing all outbound traffic from the Balena Device through a single point. I had seen https://www.balena.io/docs/reference/OS/network/2.x/#connecting-behind-a-proxy and had the belief that this was going to be the only way to manage all traffic from a Device.

This thread specifically didn’t give me much hope for the VPN approach:

I think the socks documentation is the right direction for you here. In regards to scaling that on the cloud side: going via a loadbalancer should allow you to handle a fair number of connections by allowing you to have potentially multiple machines act as proxies

please do share any obstacles you encounter while implementing your solution. we’re always looking out to remove those for you where we can :slight_smile: