How to Configure iOS to Use Socks Proxy over SSH with a Linux/Unix Host

The socks proxy I created following Proxy Using SSH Tunnel works very well on both Linux and Windows. However, when I try to configure my iPhone and iPad with iOS, I find iOS does not support socks proxy in its settings interface. I don’t know why it is not added while socks proxy is indeed supported by the iOS operating system. This post introduces how to configure iOS to use the socks proxy created by the SSH tunnel.

Here, we assume that you have already set up one proxy (hence, you need one Linux or Unix host or others that you can set up SSH proxies listening on public IPs) that listens on an IP address which can be connected by the iOS device. One typical configuration may be that both the Linux host and the iOS device are connected to the same WiFi network which you iOS device is connected to. Here, assume the address and the port of the socks proxy over SSH tunnel is proxy_host:proxy_port. In summary, what you need are

You need additional hosts and configurations. The benefit is that the proxy provided by the Linux/Unix host is very solid and stable.

Prepare an PAC file on a host

You need a Proxy Auto-Config (PAC) file to configure iOS to use the socks proxy. The PAC file is a text file that contains the content like this:

function FindProxyForURL(url, host)
{ 
     return "SOCKS proxy_host:proxy_port";
}

Here, you need to replace the proxy_host:proxy_port with your proxy setting.

You will need a Web server to host the PAC file. One in your local network or one connected to the Internet are both fine. There are many options to do this. You may set up your own web server, use Dropbox, choose a shared hosting server or use github.

Here, in this tutorial, we assume this PAC file is named proxy.pac and is stored at address http://www.my-server.com/proxy.pac.

Configure the iOS device to use the socks proxy

Now, we can configure the iOS to use the socks proxy by pointing it to the PAC file.

In the iOS, go to Settings -> Wi-Fi and click the blue right arrow on the right of your wireless network, choose Auto in the HTTP Proxy section, and fill the URL of the PAC file (http://www.my-server.com/proxy.pac in our example).

By now, you have configured your iOS device to use the socks proxy over SSH tunnel. Check Who am I and you should already have been behind the proxy.

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

27 comments:

  1. I hosted my file here:

    http://copy.com/yTqsQZqHAsl2F0nE/sunshine.pac

    And used this same url on my iphone, but for some reason it doesn’t work. It doesn’t send traffic through the proxy. I was wondering if i did something wrong. The IP address and ports on the .pac file work because I use them on other pc’s in the local network and they successfully connect to the proxy.

  2. Thanks for this information. But this only sets the proxy for a single WIFI connection. Is there a way to set the proxy system-wide? For instance, so that I use the proxy over the 3G data link as well?

    1. Yes there are ways to set the system-wide proxy (but I never tested them yet): https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html

      Note that: you need to turn the device to the supervised mode (you will need a Mac and the Apple Configurator app; a tutorial).

      If you are using a VPN, it will be easier: there is an option to set the proxy that you will connect through to the VPN server.

  3. Hi, can I place my PAC file inside my ssh server?
    I am using free ddns service for my dns address.

  4. Hello,
    where i need to put the pac file? Stored where? In my iphone or on my ssh server?

    “Assume this PAC file is named proxy.pac and is stored at address http://www.my-server.com/proxy.pac.”

    I have debian ssh vps, iphone connected thorugh http proxy also

    could you help me?

      1. Thank you for you reply!
        I am in Office with:

        -PC Office with http proxy for surfing (proxy:8080)
        -iPhone on same lan
        -vps for tunneling

        I would like to surf free and under SSH with my iPhone.

        -I set iphone in same lan with proxy auto with ( file:///private/var/root/proxy.pac)

        -proxy.pac filed with: “function FindProxyForURL(url, host)
        {
        return “SOCKS localhost:1084″;
        }”

        – ssh_config file with this line added:
        “Proxycommand connect -H IPofOfficePC:4040 %h %p”

        -SSH connection with mterminal “ssh -D 1084 -C -p Proxyport -N root@IPofVPS”

        – in my Office PC port 4040->8080

        The problem is that only Safari is under Socks proxy (has same IP of my VPS) but other apps not! I cannot open whatsapp.. Facebook msg… :-(

        1. Your settings look good.

          But be aware that iOS does not force the apps to use the system proxy. Instead, apps poll the system proxy settings to receive proxy configuration. Hence, apps can bypass the proxy settings and make the connections out directly.

          Apps like whatsapp and facebook message may choose to bypass the proxy settings (but I am not 100% sure about this).

          1. Hi!
            I should use it on server pc (work office windows pc) or on a client (iphone jailbroken)?
            Can you explain me how please!
            Read also other my comments below:
            I report to you here:
            “*I can open an SSH tunnel with kitty in work windows pc with port forwarding dynamic. But still i can surf under socks only with Safari in my iphone client :-(
            Please help me!”

            Thanks again ^^

          2. Hi Willy,

            sshuttle runs on the client (your iOS).

            As noted, I did not ever tried it on iOS. Neither do I know whether it works and how hard to make it work.

            Please check the shuttle manuals online and see whether you can make it work for you. We would be happy to know the results.

  5. Update:
    I can open an SSH tunnel with kitty over work proxy with port forwarding dynamic.

    In the proxy.pac i set workPCip:PORTforwarded

    But still i can surf under socks only with Safari :-(

    Please help me!

  6. Hi! How can I run sshuttle on Iphone? I think impossible.. on manuals nothing written, no istructions to follow for iphone :(

  7. hi, I rent a vps, and use socks5 proxy over ssh.Now i can use my laptop to connect the vps and can use proxy. However, i use your method and this is my pac file address ,but this dosent’t work on my iphone

  8. Hey!
    Very handy tutorial, many thanks! One point tho
    $ ssh -D 8080 username@sshd_server
    wouldn’t allow other users to use the tunnel
    $ ssh -g -D 8080 username@sshd_server
    would solve this problem!

  9. Thanks _very_ much for this. Managed to unblock Bluey for my 4 year old (wonderful Australian series!). You have absolutely made her (and my!) day.

Leave a Reply

Your email address will not be published. Required fields are marked *