Skip to content

Instantly share code, notes, and snippets.

@Leayal

Leayal/DantedConfig-ForPSO2JP.md

Last active September 5, 2021 16:17
Show Gist options
  • Save Leayal/0c2e60b2895941cdb309c17f566ccc9c to your computer and use it in GitHub Desktop.
Save Leayal/0c2e60b2895941cdb309c17f566ccc9c to your computer and use it in GitHub Desktop.
Download ZIP
Danted SOCKs Server's configuration file for PSO2.
Raw
DantedConfig-ForPSO2JP.md

Configuration documentation for Danted to setup for PSO2 JP.

Before starting, please note that:

  • All the IPs and network interfaces below are of sample, you may need to change accordingly to your environment setup. Specifically, the internal and external one.
  • All the comments in the sample below should explain the minimum information about why the configuration is needed. However, it's best to read the full documents coming from Danted here (For Danted version 1.4.x). I know it's very technical, but if you understand what you're doing, you won't get the security risks and misconfigurations.
  • The server configuration file should be located in /etc/sockd.conf (if Danted is built from source for Ubuntu). You might need to find the configuration file yourself if the danted server you're running is using another configuration file.

Full sample:

# listen on... can be an IP or an interface
# If it's an interface, Danted can query all IP addresses of the given interface and then bind to all the found IP addresses including both IPv4 and IPv6 (if IPv6 is available in the interface).
# Otherwise, if specify IPs, you have to specify multiple `internal` config like below comments below:
## internal: 10.0.0.1 port = 1080 # Bind to local network IPv4.
## internal: 192.168.1.2 port = 1080 # Bind to local network IPv4.
## internal: ::1 port = 1080 # Bind to loopback IPv6.
internal: eth0 port = 1080
# send out through... can be an IP or an interface. This `external` config uses same logic as `internal` above. However, it's best to use interface name here.
external: eth0

# for user auth run as this user
user.privileged:   root
# otherwise run as this user
user.unprivileged: nobody
# auth with user login, passwd
socksmethod:       username
# log to this file
logoutput:         /var/log/sockd.log

# IPv4 and IPv6 need block/pass rules for their own. Can't specify IPv4 and IPv6 in one same rule.
# By default, Danted will block everything outside of "pass" rules. But specify them explicitly won't hurt.

# Block all requests to localhost and loopback (IPv4)
socks block { from: 0.0.0.0/0 to: lo log: connect }
socks block { from: 0.0.0.0/0 to: eth0 log: connect }

# Block all requests to localhost and loopback (IPv6)
socks block { from: ::/0 to: lo log: connect }
socks block { from: ::/0 to: eth0 log: connect }

# allow everyone from everywhere so long as they auth, log errors
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error # connect disconnect
    socksmethod: username
}

# Allow gameguard logging through proxy.
# When the game is started up, gameguard will upload log data (I don't know what the data is) to the gameguard's server.
# For safety reason, allow it, since it could be logging the IP as well.
# For IPv4
socks pass {
    from: 0.0.0.0/0 to: mgr.gameguard.co.kr
    command: bind connect
    log: error # connect disconnect iooperation
    socksmethod: username
}
# For IPv6
socks pass {
    from: ::/0 to: mgr.gameguard.co.kr
    command: bind connect
    log: error # connect disconnect iooperation
    socksmethod: username
}

# Allow login from launcher through proxy.
# It would be funny if SEGA sees your real IP when logging in with the launcher and the IP logging in in-game are different, wouldn't it?
# For IPv4
socks pass {
    from: 0.0.0.0/0 to: auth.pso2.jp
    command: bind connect
    log: error # connect disconnect iooperation
    socksmethod: username
}
# For IPv6
socks pass {
    from: ::/0 to: auth.pso2.jp
    command: bind connect
    log: error # connect disconnect iooperation
    socksmethod: username
}

# This is for when the game attempts connection to see if the game server alive (when selecting ships).
# For IPv4, no need IPv6 because there's no IPv6 endpoints.
socks pass {
    from: 0.0.0.0/0 to: gs*.pso2gs.net port 12000-14000
    command: bind connect udpassociate
    log: error # connect disconnect iooperation
    socksmethod: username
}

# This is for when the game attempts connection to blocks. Hence, truly logging in and play.
# Currently, SEGA JP Server is 202.234.x.x
# Read more about IP Submask about why there's "/16" after the IP and why there's 0.0 in the IP.
# For IPv4, no need IPv6 because there's no IPv6 endpoints.
socks pass {
    from: 0.0.0.0/0 to: 202.234.0.0/16 port 12000-14000
    command: bind connect udpassociate
    log: error # connect disconnect iooperation
    socksmethod: username
}

# generic pass statement for incoming connections/packets
# because something about no support for auth with bindreply udpreply ?
socks block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bindreply udpreply
        log: error # connect disconnect
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment