Socks Proxy noProxy Format

adamp · August 30, 2021, 1:03pm

Hello,

We have IoT devices in regions that prevent Balena VPN from establishing connection. In order to get around this we have a socks5 proxies running. The proxy is working great to enable Balena VPN connectivity but I would like to disable proxying some services that utilize AWS Global Accelerator. Based on the documentation, I can supply a list of addresses not to proxy via noProxy: Balena API Proxy

If I place an address with a wildcard prefix, it causes Balena VPN connection to fail (devices show heart beat only). If I remove just the noProxy with empty list, the VPN connection is restored.

Below is essentially what the body of the request looks like. We have a number of APIs at different subdomains that I’d like to bypass the proxy (files.test.company.services, service.test.company.services).
Am I using noProxy incorrectly?

{
  "network": {
    "proxy": {
      "type": "socks5",
      "ip": "SOCKS_PROXY_ADDRESS",
      "port": 1080,
      "login": "SOCKS_LOGIN",
      "password": "SOCKS_PASSWORD",
      "noProxy": [
        "*.company.services"
      ]
    }
  }
}

nitish · September 3, 2021, 3:47pm

Hi @adamp,

I was looking at the documentation link you pointed out, and as I see we allow a list of IP/subnet not hostnames. Ref from the doc below:

The “noProxy” setting for the proxy is an optional array of IP addresses/subnets that should not be routed through the proxy. Keep in mind that local/reserved subnets are already excluded by balenaOS automatically.

Link: Interacting with the balena Supervisor - Balena Documentation

Can you try a specific IP and see if that lets you establish the connection?

Regards,
N

ab77 · October 14, 2021, 6:21pm

Hi there, can you try specifying your proxy endpoint IP as well as the wildcard exclusion:

github.com

balenalabs/proxy-tunnel/blob/master/balena.sh#L30

    
      
              ssh_private_key_file="${HOME}/.ssh/id_${ssh_key_type}"
              touch "${ssh_private_key_file}"
              chmod 0600 "${ssh_private_key_file}"
              echo "${ssh_private_key}" | base64 -d > "${ssh_private_key_file}"
          fi
          
          
# https://www.balena.io/docs/reference/supervisor/supervisor-api/#patch-v1devicehost-config
          if [ "${proxy_ipv4}" != '' ]; then
              tmpconfig="$(mktemp)"
              config="$(mktemp)"
              echo "{\"network\":{\"proxy\":{\"noProxy\":[\"${proxy_ipv4}\"],\"type\":\"${proxy_type}\",\"ip\":\"${proxy_ipv4}\",\"port\":${proxy_port}}}}" | jq -r > "${config}"
              cat < "${config}" > "${tmpconfig}"
              
              # handle proxy authentication
              if [ "${proxy_user}" != '' ] && [ "${proxy_pass}" != '' ]; then
                  cat < "${config}" | jq ".network.proxy += {\"login\":\"$proxy_user\"}" > "${tmpconfig}"
                  cat < "${tmpconfig}" > "${config}"
                  cat < "${config}" | jq ".network.proxy += {\"password\":\"$proxy_pass\"}" > "${tmpconfig}"
                  cat < "${tmpconfig}" > "${config}"
              fi

The above project which automatically configures a device by excluding the proxy IP itself, to prevent a loop.

markcorbinuk · November 4, 2021, 4:15pm

Hello @adamp

Did you have any luck trying the IP configuration suggestions made by my colleagues?

Regards - Mark

Topic		Replies	Views
Correct way to configure SOCKS5 proxy on isolated Balena device General network	6	150	July 11, 2024
Recommendations for SOCKS5 proxy services as cloud gateway General network	4	2456	August 26, 2020
Firewall configuration without wildcards balenaOS network	5	730	July 19, 2021
Excluding a container from proxy rerouting Product support	2	199	April 20, 2022
Unexpected EC2 domain communication Product support	4	338	March 8, 2022

Socks Proxy noProxy Format

Related topics