If you run a VPN or proxy service, integrating your SOCKS5 proxy with a central authentication system like FreeRADIUS gives you full control over user access.
In this guide, we’ll show you how to set up a Dante SOCKS5 proxy that authenticates users via FreeRADIUS on Ubuntu 24.04 LTS (kernel 6.8.0+). This setup lets you manage users, passwords, and policies directly from your RADIUS server — ideal for ISPs, proxy providers, or businesses offering dedicated IPs.
🧱 What You’ll Need
A valid shared secret between the proxy and RADIUS
Ubuntu 24.04 LTS (64-bit)
Root or sudo access
A working FreeRADIUS server (local or remote)
⚙️ Step 1: Install the Required Packages
Update your system and install the dependencies:
sudo apt update
sudo apt install dante-server libpam-radius-auth freeradius-utils -y🔐 Step 2: Configure PAM to Use FreeRADIUS
Edit the PAM RADIUS configuration file:
sudo nano /etc/pam_radius_auth.confAdd your RADIUS server details (replace the secret and IP with yours):
123.123.123.12:1812 secret123 3 0Explanation:
- 123.123.123.121812 → Your FreeRADIUS server IP and port
- secret123 → Shared secret
- 3 → Timeout in seconds
- 0 → No specific source IP binding
Lock down the permissions:
sudo chmod 600 /etc/pam_radius_auth.conf🧩 Step 3: Create a PAM Service for Dante
Create a new PAM profile called danted:
sudo nano /etc/pam.d/dantedAdd:
auth required pam_radius_auth.so
account required pam_permit.soThis tells PAM to use RADIUS for authentication.
🧱 Step 4: Configure Dante Server
Edit the Dante configuration file:
sudo nano /etc/danted.confUse the following configuration (replace eth0 with your network interface):
logoutput: syslog
internal: eth0 port = 1080
external: eth0
user.privileged: root
user.notprivileged: nobody
socksmethod: pam.username
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
pamservicename: danted
}Notes:
- socksmethod: pam.username replaces the old method: pam keyword (deprecated).
- Logging is set to syslog to avoid permission issues on read-only log files.
🚀 Step 5: Restart and Enable Services
sudo systemctl enable danted
sudo systemctl restart danted
sudo systemctl restart freeradiusCheck Dante’s status:
sudo systemctl status dantedAnd monitor logs:
sudo journalctl -u danted -f🧪 Step 6: Test Authentication
Before testing the proxy, ensure FreeRADIUS is accepting credentials:
radtest username password 123.123.123.12 0 secretIf you see:
Access-Acceptauthentication works.
Now test the SOCKS5 proxy itself:
curl -x socks5h://username:password@YOUR_SERVER_IP:1080 https://api.ipify.orgIf successful, you’ll see your proxy’s public IP address.
🧰 Step 7: Secure and Optimise (Optional)
For production environments:
- Restrict access to trusted IPs:
client pass { from: YOUR_ADMIN_IP/32 to: 0.0.0.0/0 }
client block { from: 0.0.0.0/0 to: 0.0.0.0/0 }- Harden logs: enable rate limits and rotate logs via syslog.
- Use firewall rules: open only port 1080.
- Optional: add bandwidth control or per-user limits in Dante or via RADIUS attributes.
✅ Conclusion
You’ve now set up a fully authenticated SOCKS5 proxy using Dante with FreeRADIUS on Ubuntu 24.04.
This configuration provides a centralised, scalable authentication system that’s ideal for VPN providers, proxy resellers, and dedicated IP networks.
If you run a proxy or VPN business, this setup lets you integrate with billing systems like WHMCS or custom panels, and control user sessions directly via RADIUS.
