Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net-proxy/dante/ChangeLog6
-rw-r--r--net-proxy/dante/Manifest18
-rw-r--r--net-proxy/dante/files/sockd.conf243
-rw-r--r--net-proxy/dante/files/socks.conf127
4 files changed, 385 insertions, 9 deletions
diff --git a/net-proxy/dante/ChangeLog b/net-proxy/dante/ChangeLog
index 99d580f51909..43c60e494dce 100644
--- a/net-proxy/dante/ChangeLog
+++ b/net-proxy/dante/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for net-proxy/dante
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/dante/ChangeLog,v 1.80 2014/09/08 11:53:42 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/dante/ChangeLog,v 1.81 2014/09/09 04:55:58 ssuominen Exp $
+
+ 09 Sep 2014; Samuli Suominen <ssuominen@gentoo.org> +files/sockd.conf,
+ +files/socks.conf:
+ Restore two necessary files wrt #522386 by Zhu Sha Zang
08 Sep 2014; Samuli Suominen <ssuominen@gentoo.org> -dante-1.3.2.ebuild,
-dante-1.4.0-r1.ebuild, -dante-1.4.0.ebuild, -dante-1.4.0_pre1-r1.ebuild,
diff --git a/net-proxy/dante/Manifest b/net-proxy/dante/Manifest
index f50eee488be8..a0c7de1defcf 100644
--- a/net-proxy/dante/Manifest
+++ b/net-proxy/dante/Manifest
@@ -12,8 +12,10 @@ AUX dante-1.4.0-socksify.patch 1203 SHA256 4ee5e22067ef6b3cd5bfaf1774bb19940e1ae
AUX dante-sockd-conf 463 SHA256 b22c8261148fcb96cfd8942baa85633a790826a444920f7d87fc23d2dcf18a74 SHA512 5987980cb74ac69a8eba383eeadeef9d20bfe2317873eed70bec844509167b49dc8408ba3911cea7ef71900f559dd524b4c7099a93b8a777b513de750c032621 WHIRLPOOL ae2484a8b4e63a1c5d96cd04a88fb00b08be024204d35d0a172c0c9c2b55d663be6ef80d122156c63f961cfe61fe2cc11eee83d9344a2f719546ed5e72ddf448
AUX dante-sockd-init 1812 SHA256 5956be225fd9e90c96127721b04ead92c201fd7d674ccfc7373b2b9de12c496f SHA512 00f37c35b84489260badd78550a6ffa48e2e5430ca63863457d2ab9b79e5c0efb3807d9ba4a62dce54b580a17c31f1e0965fac643c5befda0486042c6575ea4d WHIRLPOOL 261bef0b8392787addec1356ca30e869710e63698dbbbcb6aeb63cbfea29a0b801cd8fdfd7914201c2eeb1c2e3abf1e89ff0a6e386c0cfaa222d907dad8e90d4
AUX dante-sockd.service 167 SHA256 81e3dd10ca13fd022905147000661598a3fd6183998a2f7068e66af3c4c7cb53 SHA512 0acc71e1ab429d38c61db45dc5eb3c9ea58d822eefc83912ae9d569486eb281184f07183a40754eaf6e4f6f67c46a3683629734d6333767623d702f98bc720de WHIRLPOOL 6b6258f43872a8344cfd4b418846092d0f63e6de9f769793f721b027fd69c7c7c84d3839d60dd9f4a67a7c6994fcb47a569fbf10189cb08f7f95715224fd57e4
+AUX sockd.conf 7031 SHA256 3ea0e08ee7e5b018d1df1b83af92fb6051fb44a486e0822e28775d104bfcfee7 SHA512 a443ea203aefd3ed51b10c7140dde2fc64dfa31c2fb08539a45353ab77daea42c63b160c276f0ef9e4c683032260f93228af64db83ade7476ff6d353b63dec19 WHIRLPOOL 130a0a017071129061d6ca6987448d51c515785f3802e18b99f7df0150e41d8e03b2f2d88dea21769d5ec0d544d9d82eaccd813c86a1360881598a453f7e6e7f
AUX sockd.conf-with-libwrap.patch 870 SHA256 ba4bb30ad5933b890d1b09c6468708f37abf012de3f8696482d1c46c5c1f2978 SHA512 087cec0bcdfb989e6cbcb0c7006ae014b7e94fe268f68e1e6516dbb034f9e7e64523ea7edab669433eb16faeb4f6232a9794c401acd2eacce08e1b560469315f WHIRLPOOL edeb4b19ff5d39cd889777bc417b36d3d6d1ab7eaf4e926a239968253260bdb502b7f3b68354556f4ac33b37cd9e18af5dbbaf3c11cac570a7dae3f01b1f5367
AUX sockd.conf-with-pam.patch 295 SHA256 e67499de8b976e17a9c7c0556e999e03f4bf06e8e57b78ba6dd41a128de0b719 SHA512 78728605362360650e6a20869744fc941782b75d149c0835542faaad931104cb32dda56de77a7b4f9a4fa683053139c551bcf77607a047fb1be68b6da9388630 WHIRLPOOL aa68139d3766446d43987eab1d4f2d9b22deb0e0eb3acbfcd9adb198f359b1c039eb71f07359362e9d99fe64f5194103c8fa77b603d8b7aac882926dea93d271
+AUX socks.conf 4185 SHA256 3dc8c06ca5a8309015c495ea50f62097ee6a605ac262665ffa5f19e0e8a5a9d8 SHA512 d15ea77e20ad750f10285a42c9c6305cbed48313dea205139d8cf59fda4a4640bdd5c5bd2c295b32e0015b774d463f9ad34fa5a22fb188ae921dba1a533553eb WHIRLPOOL e7c39b3f9711f2a6f32d3a7d7c44bc0105d1dc236ae2b51be7257a38dc15f211a38a44c0869fbee4c381dacf946da88909b85b91a7628aeaadab737f2169d480
DIST dante-1.1.19.tar.gz 895713 SHA256 b49f0936282a14c41a03cd70158d1a11e6af3564a18d4b3337f291fb6dae0936 SHA512 765e0042f323d9cb20e42642b30856132737974cd756c303d544c1a400dde5e86b6528d4233afdcf73f1baf9b3e0efacda8aabe5c04afa50495edf6e8a248b83 WHIRLPOOL c83553cbf58c6ea7651a7bfad408460c38d3cda6342825d46e0c1311a665f5422afeb00c5f936262172673764323a96377545bcd5815356dbcad3ba6c0f54f72
DIST dante-1.3.2.tar.gz 949049 SHA256 6b736f32ec58b899c24cf14be02491a0631a778e385314370d5dea4baf482efb SHA512 ee6214ffcb48904cbb361b275e78af5d4a5e0281a3fab6eb5a6913219f4cfebda2d2a7509a88c561e315f9061102c954339ad495cdecf2125e266f85d7e49ca3 WHIRLPOOL e98d31f0bf725d3961582c540cb4180535e1abfdc3138b04663e478dd228e7e642103fd707fa59b904fce8ccd7762ff975fa4310f82669975a042e4bbcf4f8b0
DIST dante-1.4.0.tar.gz 1253458 SHA256 55d448f2d523e69b5637ef12c05556f39201a2c397b4671a2aaaa914ba65684b SHA512 978a70eb789dd2d00a9ac4a7671d13450f9ac96344ae41382c38de7a12e98c2e24159c2e140c95caff0cc9119f7cf409a8716130b34957020706a17c0f96de38 WHIRLPOOL 72e03fe8dabb71d25b34600db4e59dbbc2dfacc32ada26c9931bf33fc0050e7bd506182658517d7653027dbc4cc01e27dd1294fafef7dc3589135c16efa92d96
@@ -22,16 +24,16 @@ EBUILD dante-1.1.19-r4.ebuild 2390 SHA256 1d7bdb749a5438caa8d310a1b49f0487c003fd
EBUILD dante-1.3.2-r1.ebuild 2208 SHA256 b49ea55b9931e114c715263fdf01ce16ca6a1a7d74ddbf158a65f908cf42e9b8 SHA512 0f0e9aba173eefba1a4bd157efbc0b60a0ffbb7665b9875b315267af44c92c6970c04724c5b70b45c653d106ac14c79d83c92c2ee30d1d4fba7591613f75d241 WHIRLPOOL 062500ccf1bf9fc522f135489425ff9c228d4515e6da9745c3f7e9f89de2d4daf6b27258ca852c51c9a94ee92527c194f965b6ea94d94216a91554646ea15e99
EBUILD dante-1.4.0-r2.ebuild 2705 SHA256 64f45bbca0da085402b4640764800c6da8b19e2af6b1495457fa98dce062090e SHA512 4a809f910f4f0befbae0a9f6192ff3e62185c8efb8b88ea95126ff0fb210e25ac795038177afb5fa48cfeee07f5933aeee6ca57f727c72bfeb313b8a17bf6ebd WHIRLPOOL 10c492348ef1762c2aa8872b50b590dcc1242a80ca845d9817ecccd83582320af64ae5351491464465dc5786b5216508f41d7031729107ce120e22738d5efaaf
EBUILD dante-1.4.1.ebuild 2667 SHA256 93d5cb61fe06e927b0c77236c6807996b5eb2eae007db49746c8399b724581dd SHA512 ce8b75a25c2c9b662aa49b3fc299db562c5280ac39c947b861dfbf06f3498d87cc2777ee25baa4d6d4c445792dcf2afd4966d70fa8ca95b34ea0585530f70693 WHIRLPOOL e989624038c4c9c9e85d8d601843e33bc609cfbcddea011c1986e7dd313db2d2152a8f331a99453243c1d1ec453f9c33aaf77462fc4addc73a444e2637660808
-MISC ChangeLog 19387 SHA256 a187ad64397431499b2888cd599840c6be7bc2ad878084379048598dec0f047c SHA512 b4e57435867b7f9c74701a7d0d1349b9b650264c662541e76aee4e2820793bd7be71592cbef57864b3e7ab87b949a06e829bf0079a432f77c39d84cd1a37b223 WHIRLPOOL 39a35138207c434688f9ab5cca10ed5f728435e124528941a92753140dba4c4ba9b3dc7f7809b5c5b7cef619a69b2d4a18e3e3734110f1b98880d4604bc9e04a
+MISC ChangeLog 19540 SHA256 5d99e4672d9ed74dd4262af3ef56c8f312c095cb12a7607cf9fc182ffaab1b98 SHA512 ed321570115cc31cb132cd012b984fbd766df19258eb7f1a5c3813b1c47657cedbe4fd9d62ee7af85c90774ec4394ee13c59ba1a9bf1d7e7d880ff48ae3c5d74 WHIRLPOOL f9870750df02f692bb180ddf8c81525e3ecb1cbbe19b5e8db7b57d81fc0ec506fdce83674778e16c10b7d4b29b9ecd2dd8824ad7f922bbdccf5c5a128704c2f0
MISC metadata.xml 246 SHA256 7302ea59a7112d51c6936fa5aa83204412d7391441c729a54de3651b81c35add SHA512 da5edb1cbf3b7e72b1bf22120bcc2efcc794e1e2f032e57426286de9817dba3ef39d95313dbee4cba51c0198f8b4297ac8f1d412335ee00d32e470799d05b7c4 WHIRLPOOL f5a9fd6f048d1732243da133861886c7a8ff3bd024ca831c98496d3150441512929c86bb263a8d89ff96ee5720dcc06c423227cdcc840a9062d9f8bcaf7197e2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-iQEcBAEBCAAGBQJUDZgBAAoJEEdUh39IaPFNHUUH/05ygjIEM3c81ht7dGYLu3cF
-AvPQUXPiHYX9PFejs4xwl6NEd0ygmDHOc21B93wFvgYzRZLMdgsFS5j7U3pTu8bd
-YgEXKK+tb/Ip5d/AX31ARDr2wHzujvD2fd6DD9hsZ6uWUqLPwmQKp4Vvtav2fxzh
-s+qboBgSPiANF7h3g/Z5P9UUZ6NpRJ/wthvrrBjAgCOhxhYncg5YPR0HKV8viosB
-D3yD5/b0iFqjCHPPmL+c+Yg8RIpm6Gs3WerC6Jcjl6RC0Q5j8zq2E1kqfvRayJOp
-nsvIOdgHZfJycWKM4sg3XHmny2hkMZ5EWwTVo34lx3LxsAAubUF8usGpBgFU1iE=
-=yidB
+iQEcBAEBCAAGBQJUDoeUAAoJEEdUh39IaPFNhSoH/RhvRwr+RoFtjiSGIzXO1L4H
+g92fivVwmox8dYmz1xdwm94m7o1Y4+/9g7I6yjV5UM54jNvNqtvtHuojYVvSxOz8
+xonuU9n86oBqFm3+IyI1Wrnn0unFTDcY8GIO0wkXkvxWjr3xJRqnZa9Nl+u5gaQk
+bbj+iQX0bYDlTC8VlRW4YIz6TtsYlX9wO3AWP706iuc1+3b/sw04HzpH9LlYgY7e
+2z1CpvgwMbihHj77TeqaBw+/nvjR+X+I5/DVdbFWpuO1ILtVLOPA4wpHiup+gK4C
+i54zadnZ+RFzNfB8nhLfm337xtmvWV9DCopTPS4TEWxu2fVTa5Akqn6pkOY7BAI=
+=IOQ8
-----END PGP SIGNATURE-----
diff --git a/net-proxy/dante/files/sockd.conf b/net-proxy/dante/files/sockd.conf
new file mode 100644
index 000000000000..70b18747ba34
--- /dev/null
+++ b/net-proxy/dante/files/sockd.conf
@@ -0,0 +1,243 @@
+# The configfile is divided into two parts; first serversettings,
+# then the rules.
+#
+# The recommended order is:
+# Serversettings:
+# logoutput
+# internal
+# external
+# method
+# clientmethod
+# users
+# compatibility
+# extension
+# connecttimeout
+# iotimeout
+# srchost
+#
+# Rules:
+# client block/pass
+# from to
+# log
+#
+# block/pass
+# from to
+# method
+# command
+# log
+# protocol
+# proxyprotocol
+
+# the server will log both via syslog, to stdout and to /var/log/lotsoflogs
+#logoutput: syslog stdout /var/log/lotsoflogs
+logoutput: syslog
+
+# The server will bind to the address 10.1.1.1, port 1080 and will only
+# accept connections going to that address.
+#internal: 10.1.1.1 port = 1080
+# Alternatively, the interface name can be used instead of the address.
+#internal: eth0 port = 1080
+
+# all outgoing connections from the server will use the IP address
+# 195.168.1.1
+#external: 192.168.1.1
+
+# list over acceptable methods, order of preference.
+# A method not set here will never be selected.
+#
+# If the method field is not set in a rule, the global
+# method is filled in for that rule.
+#
+
+# methods for socks-rules.
+#method: username none #rfc931
+
+# methods for client-rules.
+#clientmethod: none
+
+#or if you want to allow rfc931 (ident) too
+#method: username rfc931 none
+
+#
+# An important section, pay attention.
+#
+
+# when doing something that can require privilege,
+# it will use the userid "sockd".
+user.privileged: sockd
+
+# when running as usual,
+# it will use the unprivileged userid of "sockd".
+user.notprivileged: sockd
+
+#
+# some options to help clients with compatibility:
+#
+
+# when a client connection comes in the socksserver will try to use
+# the same port as the client is using, when the socksserver
+# goes out on the clients behalf (external: IP address).
+# If this option is set, Dante will try to do it for reserved ports aswell.
+# This will usually require user.privileged to be set to "root".
+#compatibility: sameport
+
+# If you are using the bind extension and have trouble running servers
+# via the server, you might try setting this. The consequences of it
+# are unknown.
+#compatibility: reuseaddr
+
+#
+# The Dante server supports some extensions to the socks protocol.
+# These require that the socks client implements the same extension and
+# can be enabled using the "extension" keyword.
+#
+# enable the bind extension.
+#extension: bind
+
+
+#
+#
+# misc options.
+#
+
+# how many seconds can pass from when a client connects til it has
+# sent us it's request? Adjust according to your network performance
+# and methods supported.
+#connecttimeout: 30 # on a lan, this should be enough if method is "none".
+
+# how many seconds can the client and it's peer idle without sending
+# any data before we dump it? Unless you disable tcp keep-alive for
+# some reason, it's probably best to set this to 0, which is
+# "forever".
+#iotimeout: 0 # or perhaps 86400, for a day.
+
+# do you want to accept connections from addresses without
+# dns info? what about addresses having a mismatch in dnsinfo?
+#srchost: nounknown nomismatch
+
+#
+# The actual rules. There are two kinds and they work at different levels.
+#
+# The rules prefixed with "client" are checked first and say who is allowed
+# and who is not allowed to speak/connect to the server. I.e the
+# ip range containing possibly valid clients.
+# It is especially important that these only use IP addresses, not hostnames,
+# for security reasons.
+#
+# The rules that do not have a "client" prefix are checked later, when the
+# client has sent its request and are used to evaluate the actual
+# request.
+#
+# The "to:" in the "client" context gives the address the connection
+# is accepted on, i.e the address the socksserver is listening on, or
+# just "0.0.0.0/0" for any address the server is listening on.
+#
+# The "to:" in the non-"client" context gives the destination of the clients
+# socksrequest.
+#
+# "from:" is the source address in both contexts.
+#
+
+
+# the "client" rules. All our clients come from the net 10.0.0.0/8.
+#
+
+# Allow our clients, also provides an example of the port range command.
+#client pass {
+# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
+# method: rfc931 # match all idented users that also are in passwordfile
+#}
+
+# This is identical to above, but allows clients without a rfc931 (ident)
+# too. In practise this means the socksserver will try to get a rfc931
+# reply first (the above rule), if that fails, it tries this rule.
+#client pass {
+# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
+#}
+
+
+# drop everyone else as soon as we can and log the connect, they are not
+# on our net and have no business connecting to us. This is the default
+# but if you give the rule yourself, you can specify details.
+#client block {
+# from: 0.0.0.0/0 to: 0.0.0.0/0
+# log: connect error
+#}
+
+
+# the rules controlling what clients are allowed what requests
+#
+
+# you probably don't want people connecting to loopback addresses,
+# who knows what could happen then.
+#block {
+# from: 0.0.0.0/0 to: 127.0.0.0/8
+# log: connect error
+#}
+
+# the people at the 172.16.0.0/12 are bad, no one should talk to them.
+# log the connect request.
+#block {
+# from: 0.0.0.0/0 to: 172.16.0.0/12
+# log: connect error
+#}
+
+# unless you need it, you could block any bind requests.
+#block {
+# from: 0.0.0.0/0 to: 0.0.0.0/0
+# command: bind
+# log: connect error
+#}
+
+# or you might want to allow it, for instance "active" ftp uses it.
+# Note that a "bindreply" command must also be allowed, it
+# should usually by from "0.0.0.0/0", i.e if a client of yours
+# has permission to bind, it will also have permission to accept
+# the reply from anywhere.
+#pass {
+# from: 10.0.0.0/8 to: 0.0.0.0/0
+# command: bind
+# log: connect error
+#}
+
+# some connections expect some sort of "reply", this might be
+# the reply to a bind request or it may be the reply to a
+# udppacket, since udp is packetbased.
+# Note that nothing is done to verify that it's a "genuine" reply,
+# that is in general not possible anyway. The below will allow
+# all "replies" in to your clients at the 10.0.0.0/8 net.
+#pass {
+# from: 0.0.0.0/0 to: 10.0.0.0/8
+# command: bindreply udpreply
+# log: connect error
+#}
+
+
+# pass any http connects to the example.com domain if they
+# authenticate with username.
+# This matches "example.com" itself and everything ending in ".example.com".
+#pass {
+# from: 10.0.0.0/8 to: .example.com port = http
+# log: connect error
+# method: username
+#}
+
+# block any other http connects to the example.com domain.
+#block {
+# from: 0.0.0.0/0 to: .example.com port = http
+# log: connect error
+#}
+
+# everyone from our internal network, 10.0.0.0/8 is allowed to use
+# tcp and udp for everything else.
+#pass {
+# from: 10.0.0.0/8 to: 0.0.0.0/0
+# protocol: tcp udp
+#}
+
+# last line, block everyone else. This is the default but if you provide
+# one yourself you can specify your own logging/actions
+#block {
+# from: 0.0.0.0/0 to: 0.0.0.0/0
+# log: connect error
+#}
diff --git a/net-proxy/dante/files/socks.conf b/net-proxy/dante/files/socks.conf
new file mode 100644
index 000000000000..4a7d1520a7b5
--- /dev/null
+++ b/net-proxy/dante/files/socks.conf
@@ -0,0 +1,127 @@
+# The configfile is divided into two parts; first misc. settings,
+# then the routes. Objects in '[]' are optional.
+#
+#
+# recommended order is:
+# [debug]
+# [logoutput]
+# [resolveprotocol]
+#
+# routes:
+# from to via
+# [command]
+# [extension]
+# [protocol]
+# [proxyprotocol]
+
+
+#debug: 1 # uncomment to enable debugging
+
+#logoutput: stdout # users usually don't want to be bothered with that.
+
+# What protocol should be used for resolving hostnames? It's important
+# to set this right.
+#resolveprotocol: udp # default
+#resolveprotocol: tcp # set this if your socksserver only supports socksv4.
+#resolveprotocol: fake # set this if your clients can't access nameserver,
+ # neither directly nor proxied.
+
+
+
+#
+# the routes
+#
+
+# specifying routes for accepting remote connections (via bind()) is
+# difficult since we can't know what the "to:" address is
+# until we actually get the connection Since we support letting
+# the client accept connections both via the proxyserver and
+# "directly" at the same time, we have two options though:
+# a) specify a route for bind (only) first going via the proxyserver.
+# This will also handle "direct" connections.
+# b) specify a route for bind (only) first going "direct".
+# This means clients will only be able to accept "direct"
+# connections.
+
+# we want to accept remote connections via the proxyserver.
+#route {
+# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1080
+# command: bind
+#}
+
+# we do not want to accept remote connections via the proxyserver.
+#route {
+# from: 0.0.0.0/0 to: 0.0.0.0/0 via: direct
+# command: bind
+#}
+
+
+# if you don't route all local connections via direct, you should
+# at least route nameserver connections via direct connections if you
+# can. That can make for much better performance, depending on
+# your setup. Make sure the nameserver line is the first.
+#
+# Assuming your nameserver runs on address 10.1.1.1, you can do it like this:
+#route {
+# from: 0.0.0.0/0 to: 10.1.1.1/32 port = domain via: direct
+#}
+
+
+# have a route making all connections to loopback addresses be direct.
+#route {
+# from: 0.0.0.0/0 to: 127.0.0.0/8 via: direct
+# command: connect udpassociate # everything but bind, bind confuses us.
+#}
+
+# Our net is the 10.0.0.0/8 net, let clients going to local address go
+# direct, not via server.
+#route {
+# from: 0.0.0.0/0 to: 10.0.0.0/8 via: direct
+#}
+
+# for poor souls trapped behind a msproxy server.
+#route {
+# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1745
+# protocol: tcp # server supports tcp
+# proxyprotocol: msproxy_v2 # server runs msproxy_v2
+#}
+
+# clients going anywhere else go via server listening at
+# IP address 10.1.1.1, port 1080. Note that unless you have
+# specified a direct connection for DNS, or the socksserver is resolvable
+# without network traffic, you can't give a hostname for the socksserver,
+# you must give a IP address. (the reasons for that are logical enough,
+# you would create a loop otherwise.)
+#route {
+# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1080
+# protocol: tcp udp # server supports tcp and udp.
+# proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
+# method: none #username # we are willing to authenticate via
+# # method "none", not "username".
+#}
+
+# this is identical to the above, but it matches hostnames instead.
+# This is if you have clients that are unable to resolve hostnames.
+# It can be important that hostname routes come after address routes.
+#route {
+# from: 0.0.0.0/0 to: . via: 10.1.1.1 port = 1080
+# protocol: tcp udp # server supports tcp and udp.
+# proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
+# method: none #username # we are willing to authenticate via
+# # method "none", not "username".
+#}
+
+# identical to above two routes, but using a httpproxy instead.
+#
+
+#route {
+# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 3128
+# command: connect # only thing a httproxy supports.
+# proxyprotocol: http_v1.0
+#}
+
+#route {
+# from: 0.0.0.0/0 to: . via: 10.1.1.1 port = 3128
+# command: connect # only thing a httproxy supports.
+# proxyprotocol: http_v1.0
+#}