Skip to content

feat: Add SOCKS5 Proxy Support with Bootstrap Only Mode #1752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
scrense-hash wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

feat: Add SOCKS5 Proxy Support with Bootstrap Only Mode #1752

scrense-hash wants to merge 6 commits into from

Conversation

@scrense-hash
Copy link

@scrense-hash scrense-hash commented Jan 3, 2026
edited
Loading

Summary

This PR adds SOCKS5 proxy support to Session Desktop with a "Bootstrap Only" mode, allowing users to route traffic through a SOCKS5 proxy server to bypass network restrictions and Deep Packet Inspection (DPI).

Key Features

1. Full SOCKS5 Proxy Support

  • Route all application traffic through a SOCKS5 proxy server
  • Support for authenticated (username/password) and unauthenticated proxies
  • TLS options preservation through proxy (certificate pinning still works)
  • Automatic retry and timeout handling for proxy connections

2. Bootstrap Only Mode

  • NEW: Optional mode to use proxy only for initial connection phase
  • When enabled, proxy is used only for SEED_NODE connections (node discovery)
  • All other traffic (SERVICE_NODE, SOGS, etc.) sent directly
  • Useful for bypassing initial connection blocks while maintaining direct P2P performance

3. Proxy Settings UI

  • New "Proxy" page in Settings
  • Toggle to enable/disable proxy
  • Bootstrap Only mode toggle
  • Configure host, port, username (optional), password (optional)
  • Input validation and error handling
  • Settings saved and applied immediately

Technical Implementation

Core Changes

  • InsecureNodeFetch.ts: Added SOCKS5 proxy agent with TLS preservation

    • Custom SocksProxyAgentWithTls class to maintain TLS options
    • Agent caching for performance
    • Destination-based proxy routing (Bootstrap Only support)
    • Increased timeout for SOCKS connections (30s)

  • SeedNodeAPI.ts: Updated to use proxy for seed node connections

    • Marks requests as FetchDestination.SEED_NODE
    • Increased timeout when proxy enabled

  • ProxySettingsPage.tsx: New settings page for proxy configuration

    • Input validation (host required, port 1-65535)
    • Bootstrap Only toggle
    • Save/apply functionality

  • settings-key.ts: New setting keys for proxy configuration

    • proxyEnabled, proxyHost, proxyPort
    • proxyUsername, proxyPassword
    • proxyBootstrapOnly

Localization

  • English and Russian translations added
  • Clear descriptions for Bootstrap Only mode

Testing

Tested with:

  • ✅ Tor SOCKS5 proxy (localhost:9050)
  • ✅ Authenticated SOCKS5 proxies
  • ✅ Bootstrap Only mode (proxy for seed nodes, direct for service nodes)
  • ✅ Full proxy mode (all traffic through proxy)
  • ✅ TLS certificate pinning through proxy
  • ✅ Auto-updater disabled when proxy enabled (security measure)

Build Artifacts

All platform builds verified:

  • Linux: deb, rpm, AppImage, freebsd
  • Windows: x64 installer
  • macOS: arm64 and x64 (dmg + zip)

Build artifacts available at: https://github.com/scrense-hash/session-desktop/actions/runs/20681144343

Use Cases

  1. Bypass Network Blocks: Route traffic through SOCKS5 proxy to access Session network in restricted regions
  2. DPI Circumvention: Encrypted SOCKS tunnel prevents Deep Packet Inspection
  3. Bootstrap Only: Use proxy only for initial connection, then direct P2P for better performance
  4. Corporate Networks: Use existing SOCKS5 infrastructure for Session traffic

Breaking Changes

None. This is a purely additive feature with no impact on existing functionality when disabled.

Related Issues

Addresses requests for proxy support in Session Desktop to improve accessibility in restricted network environments.

scrense-hash and others added 6 commits January 3, 2026 21:53
@scrense-hash
feat: add SOCKS proxy support
71e1612
@scrense-hash
Fix proxy agent TLS caching
7d35afd
@scrense-hash
Fix TLS options flag in proxy agent
27c0267
@scrense-hash
fix: show Save button when proxy is disabled to allow saving disabled…
9187eca 
… state
@scrense-hash @claude
feat: add Bootstrap Only mode for SOCKS5 proxy
e78cbfd 
Add "Bootstrap Only" toggle in proxy settings to use proxy only for
initial connection phase (handshake). When enabled, only SEED_NODE
requests go through proxy, all other traffic is direct.

Changes:
- Add proxyBootstrapOnly setting key
- Add UI toggle in ProxySettingsPage
- Implement shouldUseProxyForDestination() logic
- Add localization for ru and en
- Update getProxyAgent() to accept destination parameter

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@scrense-hash
fix: add proxy-bootstrap-only to SettingsToggles type
896c90b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@scrense-hash