We are going to use Dante, a free SOCKS server.

It relies on system users for authorization. Create a user specifically for proxy:

useradd -s /sbin/nologin socks5
passwd socks5   # remember this password, it'll be your proxy password

I’m going to show two dante installations: from linux (Debian) repos and building it from the sources.

dante-server from linux repos

Pros: easy setup
Cons: very old version 1.1.14 from 2006

apt install dante-server

Unfortunately dante setup is not user-friendly and documentation is poor. But it requires minor config changes to get fully-functional SOCKS5:

Create/edit dante config (/etc/danted.conf):

logoutput: syslog stderr
internal: eth0 port = 9100
external: eth0
method: username rfc931
user.privileged: root
user.notprivileged: socks5
user.libwrap: socks5
client pass {
        from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
        log: connect disconnect
}
pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        protocol: tcp udp
}
pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bindreply udpreply
        protocol: tcp udp
}

Build dante-server from the sources

Pros: newer 2017 version compared to 2006 in the repos
Cons: a little bit more patience and manual configuration

Install requirements:

apt install libwrap0-dev checkinstall build-essential

Download the latest dante from download page. Here goes 1.4.2 version setup.

wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz
tar xzf dante-1.4.2.tar.gz
cd dante-1.4.2
./configure && make && checkinstall --pkgname=dante-server

Now we can procees with configuration. Create /etc/sockd.conf file:

logoutput: syslog stderr /var/log/sockd.log
errorlog: /var/log/sockd.errlog
internal: eth0 port = 9100
external: eth0
socksmethod: username
user.privileged: root
user.notprivileged: socks
user.libwrap: socks
client pass {
        from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
        log: connect disconnect
}
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        protocol: tcp udp
}
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bindreply udpreply
        protocol: tcp udp
}

Unfortunately custom built server has no start/stop script, but it can be easily created for systemd. Create /lib/systemd/system/danted.service file:

[Unit]
Description=Dante SOCKS proxy
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/sbin/sockd -f /etc/sockd.conf
StandardOutput=syslog
StandardError=syslog
Restart=on-failure
RestartSec=5

Add dante to system autostart:

systemctl daemon-reload
systemctl enable danted

Now you can use standard systemd commands to control the service:

systemctl start danted
systemctl stop danted

Usage

Now our SOCKS proxy is available via <server IP>:9100 with the following auth: socks5/<password>