In this article you will learn how to create a mobile proxy from your Android phone with remote access.
What you will need
- An Android phone
- A virtual server running Debian 8
Purchasing and setting up the server
Purchase a server — for example, here for 99 RUB/month, plan MSK-KVM-SSD-1. This is more than enough for connecting 10 or more phones.
Once you receive server access credentials, begin the setup.
Installing OpenVPN
Download the archive, extract it and place it in the root of the server.
Open a terminal and enter the following commands:
cd opt/ovpn-server chmod +x server-install.sh ./server-install.sh
Wait for the VPN installation to complete. You will see the message:
You can start openvpn server with command: service openvpn start
Start the OpenVPN server:
service openvpn start
Generate a profile for your mobile device:
chmod +x generate-client-config.sh ./generate-client-config.sh android-profile
To connect multiple phones, generate multiple profiles:
./generate-client-config.sh android-profile2 ./generate-client-config.sh android-profile3
Profiles will appear in the /etc/openvpn/client directory.
Enabling IPv4 forwarding
Open the configuration file:
nano /etc/sysctl.conf
Uncomment the following line (remove the # sign):
net.ipv4.ip_forward=1
Save the file: Ctrl+O, Enter, Ctrl+X. Then apply the changes:
sysctl -p
Setting up the phone
Server setup is complete. Save the profiles to your computer, then transfer them to the phone — one profile per device.
Download two apps on Android: VPN Client and Socks Server.
We use SOCKS proxy because it supports username/password authentication. For HTTP/S proxies you can install Proxy Server, but it does not support login/password auth. In practice, SOCKS also provides better anonymity than HTTP/S.
Launch VPN Client, import the profile and connect to the VPN server. Make sure Wi-Fi is disabled before connecting.
Connect all remaining phones the same way.
Verifying connections
Confirm the connection was successful:
netstat | grep openvpn
You should see active connections with the status ESTABLISHED.
Configuring Socks Server
Launch the Socks Server app and add a server:
- Server name — any name
- Port — any port in the range 5000–65000 (unique per phone)
- Authentication type — Username/Password
- Leave all other settings as default
Add a user (Users tab): enter the login and password for the proxy. Save and start the server.
Configuring iptables
The last step is to configure port forwarding. Enter the commands below, substituting your own values:
iptables -t nat -A PREROUTING -d 185.204.0.9 -p tcp -m tcp --dport 8812 -j DNAT --to-destination 10.8.0.13:8812 iptables -t nat -A POSTROUTING -d 10.8.0.13 -p tcp -m tcp --dport 8812 -j SNAT --to-source 10.8.0.1 iptables -t nat -A PREROUTING -d 185.204.0.9 -p tcp -m tcp --dport 8813 -j DNAT --to-destination 10.8.0.21:8813 iptables -t nat -A POSTROUTING -d 10.8.0.21 -p tcp -m tcp --dport 8813 -j SNAT --to-source 10.8.0.1
Where:
185.204.0.9— main IP of your server8812,8813— ports set in the Socks Server app for each phone10.8.0.13,10.8.0.21— VPN IP addresses of the phones (see Socks Server → Info)
Save the iptables rules to autostart (substitute your own IPs and ports):
echo "" > /etc/rc.local cat > /etc/rc.local << END #!/bin/bash ulimit -n 600000 ulimit -u 600000 iptables -t nat -A PREROUTING -d 185.204.0.9 -p tcp -m tcp --dport 8812 -j DNAT --to-destination 10.8.0.13:8812 iptables -t nat -A POSTROUTING -d 10.8.0.13 -p tcp -m tcp --dport 8812 -j SNAT --to-source 10.8.0.1 iptables -t nat -A PREROUTING -d 185.204.0.9 -p tcp -m tcp --dport 8813 -j DNAT --to-destination 10.8.0.21:8813 iptables -t nat -A POSTROUTING -d 10.8.0.21 -p tcp -m tcp --dport 8813 -j SNAT --to-source 10.8.0.1 exit 0 END
Test your SOCKS proxies by entering the server IP, port, login and password from Socks Server into a checker or your software.
The article will be updated: automatic IP rotation by timer and on demand.
