Skip to main content

Setting up proxy tunneling

We will set up a proxy server on a GCP VM instance running Shadowsocks and use it to tunnel the Sandbox network traffic. This will allow you to use a dedicated IP address for outgoing requests.

GCP VM setup

  1. Create a firewall rule to allow all tcp/udp traffic to port 8388.
    Replace your-project-id with your actual project ID.
  2. Create a VM instance with the following tags: allow-shadowsocks.
    Replace your-project-id with your actual project ID.
  3. After the VM is created, you can connect to it using the following command:
    Replace your-project-id with your actual project ID.

Shadowsocks server setup (VM)

SSH into the VM and follow the instructions below to install and configure Shadowsocks.
  1. Install the necessary packages, if missing:
  2. Download and install Shadowsocks (v1.24.0):
  3. Create a shadowsocks configuration file:
    Replace STRONG_PASSWORD_HERE with your own password.
    /etc/shadowsocks/server.json
  4. Enable IP forwarding:
    /etc/sysctl.d/99-shadowsocks.conf
    Optional: Update the Ubuntu Firewall rules to allow traffic to port 8388:
  5. Start the Shadowsocks server:
    You should see the following in the console output:
  6. Optional: Create a systemd service to start the Shadowsocks server on boot:
    /etc/systemd/system/ssserver.service
    Reload the systemd daemon and start the service:
    You can check the status of the service with the following command:

Shadowsocks client setup (sandbox)

Create a custom Sandbox template that uses the shadowsocks client to tunnel TCP traffic through the proxy server we set up above.
Route only designated traffic through the proxy.
  1. Create a configuration file for the shadowsocks client:
    Replace SERVER_IP with the IP address of the proxy server and STRONG_PASSWORD_HERE with your own password.
    config.json
  2. Create a template file (template.ts / template.py):
  3. Create a build script (build.ts / build.py):
  4. Build the template using the build script:

Using the proxies

Create a new Sandbox from the built template and run a curl command to verify that the traffic is routed through the proxy:
Only designated traffic should be routed through the proxy.
You should see the IP address of the proxy server.