The software allows running your own 4g proxy farm. It runs on a Linux box (PC) with USB hub and the modems.

Functions:

• IP resets on modems (+ automatic rotation + checking IP uniqueness)
• WebApp for checking statuses of the modems, for creating users and ports, IP rotations
• WEB API for all actions
• Bandwidth quotas and Speed limits per proxy
• Exposing proxy ports, so they are available from world wide
• Reading,sending SMS and USSD codes
• OS spoofing, to simulate OS TCP fingerprints of: MacOS, iOS, Windows,  Android (+any other OS)
• Proxy ACLs (what to allow/deny to proxy users) - blacklists
• Creating mobile VPN together with proxies
• Socks5 supports UDP and QUIC (HTTP/3.0)
• No leaks
• Native DNS from mobile carriers
• Large set of supported USB modems, LAN routers, LTE modules, Android phones.

• Onsite: box with Ubuntu, USB hub and modems
• Remote: VPS with proxy ports (optional)

Online services are used:

• IP checker - http://ip.tanatos.org/ip.php which is simple PHP script that returns visitor’s IP. It is used to detect whether a modem is really online. Can be replaced with one of https://ifconfig.co or similar, but I was not happy with their reliabiality, they are down sometimes. It is set in WebApp→Global_settings
• URL that is latency on modems measured with. Defined as COLLECTD_PINGER_HOSTNAME , default is t.co

Variables are set in the WebApp→Global_settings and in /etc/proxysmart/conf.txt.

Each variable has brief description in place.

Mongodb Schema

Mongodb contains 2 collections: modems and ports.

• modems collection.

It contains real modems, array of associative arrays, take allowed fields in store_modem API call.

• ports collection

It contains proxy ports given to the users. Each port is connected to a modem by the IMEI key. So you can attach 1 or more ports to a modem. It is array of associative arrays, take allowed fields in store_port API call.

MongoDB Configuration

MongoDB URI is defined in /etc/proxysmart/conf.txt :

• MONGODB_URI="mongodb://proxysmart2:[email protected]:27017/proxysmart?readPreference=primary&ssl=false"

If you want to use other Mongodb collection names instead of modems and ports , define them in /etc/proxysmart/conf.txt :

• MONGODB_MODEMS_COLLECTION=modemsNEW
• MONGODB_PORTS_COLLECTION=portsNEW

after changes:

• systemctl restart proxysmart
• proxysmart.sh reset_complete

Moving Mongodb to other server

Sometimes you want to move Mongodb to a cloud server.

• update MONGODB_URI to new Mongodb URI in /etc/proxysmart/conf.txt
• if your new mongodb URI has +srv extension , install a PIP module: /var/www/proxysmart/venv/bin/pip install "pymongo[srv]"
• systemctl restart proxysmart
• proxysmart.sh reset_complete

Supported OS and Architectures:

• PC / Mini-PC / Laptop: https://ubuntu.com/download , Choose Server or Desktop, version: 24.04, 22.04
• Raspberry PI : https://ubuntu.com/download/raspberry-pi , Choose Ubuntu Server 64bit, version: 22.04, 24.04

Armhf (arm 32 bit) doesn’t have Mongodb support!

Install a fresh OS.

Unplug any USB modems.

curl https://proxysmart.org/install-v2 | bash

Reboot or run proxysmart.sh reset_complete.

After that either enjoy the Demo version at http://localhost:8080 or check License section.

**Rockpi Notes**

• Read the section Adding modems of this manual.
• Plug in all modems you have,
• Navigate to the WebApp ( http://localhost:8080 or http://your_box_lan_IP_address:8080/ , proxy / proxy )
• Wait ~20 sec to let them initialize.
• For each modem, click “Add modem”, assign a Nickname.
• For each modem, create proxy ports instead of “random” ports.
• Reboot and wait 1 minute
• Navigate to the WebApp and make sure the WebApp shows the modems.

Why? In order to make proxy ports available for all users around the world.

Basic info on forwarding ports

You have 2 methods of forwarding ports :

• either forward them through a VPS
• or forward them your own LAN router.

Which to choose?

If these conditions are met:

• you have static fiber IP at 4g proxy farm location,
• and ISP allows incoming connections to that static IP
• and Upload and Download of fiber Internet is at least 40 Mbps.

.. then choose port forwarding through your LAN router. Otherwise, choose port forwarding through a VPS.

The VPS server can be a cheap 1GB DigitalOcean / Linode / Vultr VPS or similar.

It has to be located as close as possible to the 4g farm server ( for lowest ping ).

Go to the WebApp , copy content of the SSH public key from the bottom of the page. We will refer to it as PUBKEY below.

Also it is stored on disk as /root/.ssh/fwd.pub

Check if your VPS has no firewall. Disable it if it has – Both inside Linux OS and in hoster panel.

Install & run Ansible.

apt update && apt install git ansible -y
cd ~/
git clone https://github.com/ezbik/proxysmart-vps.git
cd proxysmart-vps

If running Proxysmart v2.3+ :

git checkout v2.3

edit the file vars.txt

nano vars.txt

Replace PUBKEY with the PUBKEY . Save the file by pressing Control O and exit the editor by pressing Control x .

Run Ansible:

ansible-playbook proxysmart-vps.yml

done.

in WebApp→Global_Settings:

• set VPS variable to the VPS IP.
• set PROXY_PORTS_FORWARDER_ENABLE On.
• Pick a port for SSH_REMOTE_PORT, in most cases 6001 is fine. The port (TCP) has to be free on the VPS
• Pick a port for WEB_REMOTE_PORT, in most cases 7001 is fine. The port (TCP) has to be free on the VPS
• Pick a port for OPENVPN_SERVER_PORT, in most cases 1501 is fine. The port (TCP+UDP) has to be free on the VPS.
• set VPS_SOCKS5_SERVER to scheme with authentication on VPS e.g. socks5://px:[email protected]:2323 where 3.3.3.3 is a VPS IP.
• Click SAVE

Run proxysmart.sh reset_complete

issue the command ss -tnlp and you will see proxy ports are bound with sshd daemon. That means the ports are forwarded.

• visit http://vps_ip:7001 for the WebApp , default login:password is proxy:proxy
• you can ssh to VPS IP and port 6001, and that goes to the multi-modem-server:22.

So VPN client certificates will be generated with these values and VPN clients will connect there ( 3.3.3.3:1501 )

Go to the WebApp main screen and download OpenVPN profiles for each port.

If Cloud VPS IP is changed, update it on multi-modem-server side by defining new VPS variable in WebApp→Global_settings and rerun proxysmart.sh reset_complete there (or reboot).

Steps

Consult with documentation of your LAN router. Forward these ports from ISP IP address to the LAN IP of proxysmart server:

• TCP 8001-8999 for HTTP proxies
• TCP 5001-5999 for SOCKS5 pproxies
• TCP 8080 for the WebApp , will be used in 'REWRITE_WEBAPP_TO'
• TCP 1194 for Openvpn (if it is working in TCP mode) , will be used for OPENVPN_SERVER_PORT
• UDP 1194 for Openvpn (if it is working in UDP mode) , will be used for OPENVPN_SERVER_PORT

Notes

• Set in WebApp→GlobalSettings :
• PROXY_PORTS_FORWARDER_ENABLE : Off
• REWRITE_WEBAPP_URL : On
• REWRITE_WEBAPP_TO : http://myrouter.com:8080
• REWRITE_HOST_IN_PROXY_CREDS : On
• REWRITE_HOST_IN_PROXY_CREDS_TO : myrouter.com
• OPENVPN_SERVER_HOST : myrouter.com
• OPENVPN_SERVER_PORT : 1194

Replace myrouter.com with your actual external Hostname or external IP addresss.

• click SAVE.

Then finally reconfigure the system by running proxysmart.sh reset_complete .

NOTE when dpkg will ask whether to replace old config file with new one, answer N (No) or just press Enter. So old config file is saved.

Run these commands:

curl https://proxysmart.org/install-v2 | bash

Reboot or run proxysmart.sh reset_complete.

Show

curl https://proxysmart.org/install-v2 | bash

Why? To unlock new features that are not yet in the Main version.

curl https://proxysmart.org/install-v2.2 | bash

Reboot or run proxysmart.sh reset_complete.

Show

curl https://proxysmart.org/install-v2 | bash

Proxy credentials for new modems

When adding new modems, please use

• unique HTTP ports from 8001 to 8999,
• unique SOCKS ports from 5001 to 5999.
• unique nicknames like dongleXXX or whatever else. Don’t use nicknames like randomXXX, that are assigned automatically.

• Remove PIN from the modem’s SIM card and plug in the modem into USB port or USB hub.
• Check whether your modem Web App (e.g. Huawei’s E8372 / E5xxx or ZTE MF79 or Alcatel MW4x ) requires authentication, and if it does, set its admin password to admin123. Basically to the value of DEFAULT_HILINK_ADMIN_PASSWORD variable in WebApp→GlobalSettings . Otherwise many functions will not work, and its IMEI will be detected similarly to 2-1.1.2
• Plug in the modem.
• Wait ~5 minutes
• The modem will appear in the WebApp.
• Click ADD MODEM on it, assign a unique Nickname, click APPLY.
• Create Ports on the modem - click ADD PORT against the modem, assign a unique Port name, HTTP & SOCKS5 ports, Login and Password, then click APPLY.
• Refresh the WebApp, done!

Configure the server with 2 LAN cards

Assume you have 2 LAN cards, e.g. enp6s0 main LAN, enp2s0 is dedicated for LAN modems:

nmcli con

NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  bbbee134-51c3-3830-801f-9636470e0708  ethernet  enp6s0
Wired connection 2  000ed912-2d99-3f37-882b-d79ad13102e7  ethernet  enp2s0 

• Rename Wired connection 2 → HUBS

nmcli con modify Wired\ connection\ 2 con-name HUBS

• Disable DHCP and IPV6 on HUBS and assign static IPv4 address

nmcli con modify HUBS ipv4.method manual ipv4.addresses 192.168.10.100/24 ipv6.method link-local ipv4.route-metric 300 

So you will add the LAN modems to 192.168.10.0/24 network as 192.168.10.1, 192.168.10.2 etc.

systemctl restart NetworkManager

Delete old route:

ip ro del default via 192.168.10.1

Confirm you have only 1 default route via main LAN, query with

ip ro

Output:

default via 192.168.1.1 dev enp6s0 proto static metric 100 

Add the modem

• Change the modem’s web admin password to something stored in WebApp→GlobalSettings as DEFAULT_HILINK_ADMIN_PASSWORD variable.
• Change the modem’s IP to something unique e.g. 192.168.10.10
• Put the modem's LAN outlet into Ethernet switch together with the Proxysmart server.
• On the Proxysmart server make sure you can ping the new modem by its IP you set in previous step.
• Make sure LAN_MODEMS_ENABLE is enabled in WebApp→GlobalSettings.
• Add Lan modem in the Webapp→Edit_modems , scroll to the bottom, and add as lanmodem10 , 192.168.10.10 .

Then either wait 5 minutes or run the command sudo proxysmart reset_gently, it will find new modems. Then , refresh the proxysmart Web App and assign proxy logins and passwords to the new modems.

Main guide dedicated to adding Android Phones: Android phones guide

A virtual modem is a in fact a redirect to a 3rd party proxy (HTTP or SOCKS5) so you can build own proxies based on that and resell them.

They even can be rotated if the backend proxy supports it.

How to add?

Make sure BACKEND_PROXIES_ENABLE is enabled in WebApp→Global_settings .

Add them the Webapp→Edit_modems→Virtual modems

, scroll to the bottom, and add each with the following fields

1. id has to be in the form 'bproxy' + a number e.g. bproxy1 or bproxy2
2. creds is a line with credentials of the backend proxy e.g. http://Mylogin:Mypassword@Server:3128 or socks5://Mylogin:Mypassword@Server:1080
3. ip_reset is an optional parameter , the URL for triggering IP rotation of the backend proxy

Click SAVE

Then either wait 5 minutes or run the command sudo proxysmart reset_gently, it will find new modems. Then , refresh the proxysmart Web App and assign proxy logins and passwords to the new modems.

Show full status of all modems, table (slower).

# proxysmart.sh  show_status 

Output:

+--------+----+---------+-------+----------------+-----+--------------+-----------+-------------+------+------------+----+
| NICK   | N  | DEV     | MODEL | IMEI           | HTTP| LOCAL_IP     |GW         |EXT_IP       |ONLINE| CELL:MODE  | MSG|
+--------+----+---------+-------+----------------+-----+--------------+-----------+-------------+------+------------+----+
| dongle1| 0  | modem0  | E3372h| 862329099999999| 8001| 192.168.8.100|192.168.8.1|46.216.113.63|yes   | MTS BY:LTE |    |
| dongle2| 114| modem114| E3131 | 352221099999999| 8002| 192.168.8.100|192.168.8.1|             |no    | :NO_SERVICE|    |
+--------+----+---------+-------+----------------+-----+--------------+-----------+-------------+------+------------+----+
items TOTAL 2

Show brief status of all modems, table, (faster)

Run

# proxysmart.sh  show_status_brief

Output:

| NICK    | N | DEV    | IMEI           | HTTP| LOCAL_IP     | GW         | EXT_IP        | ONLINE| MSG|
| Cdongle2| 77| modem77| 862329099999999| 8002| 192.168.8.100| 192.168.8.1| 46.216.152.241| yes   |    |
| Client5 | 93| modem93| 352221099999999| 8004| 192.168.0.100| 192.168.0.1| 46.56.186.34  | yes   |    |

Show full status of all modems , json

# proxysmart.sh  show_status_json 

Output:

[
  {
    "MSG": "",
    "N": 1,
    "IS_LOCKED": "false",
    "modem_details": {
      "NICK": "ddddddd",
      "IMEI": "940010000000001",
      "MODEL": "bproxy",
      "MODEL_SHOWN": "bproxy",
      "HUB_ID": "",
      "HUB_PORT": "",
      "UPTIME": "",
      "UDEV_UPTIME": "",
      "PHONE_NUMBER": "",
      "AT_PORT": "",
      "ADDED_TIME": "10 hours + 34.866667 minutes",
      "REBOOT_SCORE": "0"
    },
    "net_details": {
      "DEV": "bproxy1",
      "GW": "server.org:3128",
      "LOCAL_IP": "127.0.0.1",
      "LOCAL_IP6": "",
      "EXT_IP": "167.172.59.39",
      "EXT_IPV6": "2a03:b0c0:1:d0::1192:f001",
      "IS_ONLINE": "yes",
      "CurrentNetworkType": "",
      "SimStatus": "",
      "ICCID": "",
      "ConnectionStatus": "",
      "workmode": "",
      "SIGNAL_STRENGTH": "",
      "CELLOP": "DigitalOcean, LLC",
      "VALDIK": "Detected OS = Linux 2.2.x-3.x [generic];MTU = 1500;Distance = 9;PTR = pathos.tanatos.org;PTR test = Probably server user;Fingerprint and OS match. No proxy detected ;No OpenVPN detected.",
      "BAND": "",
      "APN": "",
      "HTTP_REDIRECT_IMPOSED": ""
    },
    "proxy_creds": {
      "HTTP_PORT": 30001,
      "SOCKS_PORT": null,
      "LOGIN": "def294246",
      "PASS": "def294246",
      "PROXYSTDLINE_HTTP": "127.0.0.1:30001:def294246:def294246",
      "PROXYSTDLINE_SOCKS": "",
      "VPN_USERS": [],
      "VPN_USERS_ONLINE": []
    },
    "android": {
      "battery": null,
      "version": null
    },
    "RESET_SECURE_LINK": {
      "URL": "http://i.org:7001/apix/reset_ip_secure?hash=KNQWY5DFMRPV6V67LVNZSLHBA2CB3NLUKKVFW54R5P3QK5OGNZ72SXUVRB7RZ7IUWSWHC4G4K6NYM3YK37PXNHLQJCUBXIX2C3KXSFA=",
      "VALID_UNTIL": "2028-10-17@11:16:24 +03"
    }
  },
  {
    "MSG": "",
    "N": 17,
    "IS_LOCKED": "false",
    "modem_details": {
      "NICK": "sierra",
      "IMEI": "353990074165890",
      "MODEL": "DW5811e",
      "MODEL_SHOWN": "DW5811e",
      "HUB_ID": "2-1",
      "HUB_PORT": "",
      "UPTIME": "unknown",
      "UDEV_UPTIME": "76461",
      "PHONE_NUMBER": "",
      "AT_PORT": "/dev/ttyUSB2",
      "ADDED_TIME": "1.1333333 minutes",
      "REBOOT_SCORE": "14"
    },
    "net_details": {
      "DEV": "wwan_modem17",
      "GW": "10.77.34.116",
      "LOCAL_IP": "10.77.34.115",
      "LOCAL_IP6": "",
      "EXT_IP": "146.120.151.173",
      "EXT_IPV6": "",
      "IS_ONLINE": "yes",
      "CurrentNetworkType": "WCDMA",
      "SimStatus": "READY",
      "ICCID": "8937501200200347057",
      "ConnectionStatus": "OK connected",
      "workmode": "WCDMA",
      "SIGNAL_STRENGTH": "RSSI:-74dBm",
      "CELLOP": "A1 BY",
      "VALDIK": "Detected OS = Linux 2.2.x-3.x [generic];MTU = 1400;Network link = Probably IPsec or other VPN;Distance = 9;PTR test = Probably home user;Fingerprint and OS match. No proxy detected ;No OpenVPN detected.",
      "BAND": "wcdma-900",
      "APN": "internet",
      "HTTP_REDIRECT_IMPOSED": ""
    },
    "proxy_creds": {
      "HTTP_PORT": 30041,
      "SOCKS_PORT": null,
      "LOGIN": "def294246",
      "PASS": "def294246",
      "PROXYSTDLINE_HTTP": "127.0.0.1:30041:def294246:def294246",
      "PROXYSTDLINE_SOCKS": "",
      "VPN_USERS": [],
      "VPN_USERS_ONLINE": []
    },
    "android": {
      "battery": null,
      "version": null
    },
    "RESET_SECURE_LINK": {
      "URL": "http://i.org:7001/apix/reset_ip_secure?hash=KNQWY5DFMRPV7V3MMVOREWZ4CNSOUWHHQM5IVWFTOXK3PRITT446HMUJIJHKJPDXDT773XMXRPDYGVGXYTUC4U2PRM24CHY4U7XT4VQ=",
      "VALID_UNTIL": "2028-10-17@11:16:32 +03"
    }
  }
]

Show status for a single modem, JSON

Arguements - NICK or IMEI.

# proxysmart.sh  show_single_status_json dongle111 

Output:

[
   {
      "IS_LOCKED" : "false",
      "MSG" : "",
      "N" : "17",
      "RESET_SECURE_LINK" : {
         "URL" : "http://i.org:7001/apix/reset_ip_secure?hash=KNQWY5DFMRPV7U3DQI4NMATCXAAXTYJAJ7JHP5UQYN25UE5B6CYHUUP2CIQRTOP6BHP7I26PVANIIK44LSQKFYZZYQNUEKHC23L4D7Y=",
         "VALID_UNTIL" : "2028-10-17@11:17:54 +03"
      },
      "android" : {
         "battery" : null,
         "version" : null
      },
      "modem_details" : {
         "ADDED_TIME" : "2.5166667 minutes",
         "AT_PORT" : "/dev/ttyUSB2",
         "HUB_ID" : "2-1",
         "HUB_PORT" : "",
         "IMEI" : "353990070000000",
         "MODEL" : "DW5811e",
         "MODEL_SHOWN" : "DW5811e",
         "NICK" : "sierra",
         "PHONE_NUMBER" : "",
         "REBOOT_SCORE" : "14",
         "UDEV_UPTIME" : "76544",
         "UPTIME" : "unknown"
      },
      "net_details" : {
         "APN" : "internet",
         "BAND" : "wcdma-900",
         "CELLOP" : "A1 BY",
         "ConnectionStatus" : "OK connected",
         "CurrentNetworkType" : "WCDMA",
         "DEV" : "wwan_modem17",
         "EXT_IP" : "46.56.229.83",
         "EXT_IPV6" : "",
         "GW" : "10.77.34.116",
         "HTTP_REDIRECT_IMPOSED" : "",
         "ICCID" : "8937501200200347057",
         "IS_ONLINE" : "yes",
         "LOCAL_IP" : "10.77.34.115",
         "LOCAL_IP6" : "",
         "SIGNAL_STRENGTH" : "RSSI:-75dBm",
         "SimStatus" : "READY",
         "VALDIK" : "Detected OS = Linux 2.2.x-3.x [generic];MTU = 1400;Network link = Probably IPsec or other VPN;Distance = 9;PTR test = Probably home user;Fingerprint and OS match. No proxy detected ;No OpenVPN detected.",
         "workmode" : "WCDMA"
      },
      "proxy_creds" : {
         "HTTP_PORT" : "30041",
         "LOGIN" : "def294246",
         "PASS" : "def294246",
         "PROXYSTDLINE_HTTP" : "127.0.0.1:30041:def294246:def294246",
         "PROXYSTDLINE_SOCKS" : "",
         "SOCKS_PORT" : null,
         "VPN_USERS" : [],
         "VPN_USERS_ONLINE" : []
      }
   }
]

Run

# proxysmart.sh reset_complete  

Output:

= old fake default route deleted
= adding faked default route
= added dummy netdev
= restoring default linux TTL
net.ipv4.ip_default_ttl = 64
= disabling OS Spoofing if any
= start_connections
= start openvpn server
= set openvpn proto to udp
net.ipv4.ip_forward = 1
= detected CURRENT_ALTNETWORKING_VERSION 2, desired ALTNETWORKING_VERSION 2
= [email protected] updated
= activate PMA

= lock acquired on DEV wwan_modem17
= N 17
== [add_individual_dev] generating config for DEV=wwan_modem17 N=17 HUB_ID=2-1 HUB_PORT= 
= purging old MTU rules from Iptables for modem N=17
= it is a WWAN modem
= found AT port /dev/ttyUSB2
= found MODEL DW5811e
= CDC_DEV=/dev/cdc-wdm0
= CELLOP=A1 BY A1 BY
= got IMEI=353990074165890
= SIM_STATUS=READY
= custom TARGET_MODE auto detected
= qmi_reset_sim
=> Auto
[/dev/cdc-wdm0] System selection preference set successfully; replug your device.
= SIM off
[/dev/cdc-wdm0] Operating mode set successfully
= SIM on
[/dev/cdc-wdm0] Operating mode set successfully
= CurrentNetworkType=,,WCDMA''
= _set_ns 17 WAN_APN
= qmi_stop_wan
Network cancelled... releasing resources
error: couldn't stop network: QMI protocol error (26): 'NoEffect'
Autoconnect settings updated
=start WDS with APN=internet
[/dev/cdc-wdm0] Network started
	Packet data handle: '63162352'
[/dev/cdc-wdm0] Client ID not released:
	Service: 'wds'
	    CID: '37'
[/dev/cdc-wdm0] Data bearer technology (current):
              Network type: '3gpp'
   Radio Access Technology: 'wcdma, hsupa, hsdpaplus, 64qam'
[/dev/cdc-wdm0] Current settings retrieved:
           IP Family: IPv4
        IPv4 address: 10.54.117.96
    IPv4 subnet mask: 255.255.255.192
IPv4 gateway address: 10.54.117.97
    IPv4 primary DNS: 46.56.128.20
  IPv4 secondary DNS: 46.56.128.4
                 MTU: 1500
             Domains: none
= QMI mode
udhcpc: started, v1.30.1
udhcpc: sending discover
udhcpc: sending select for 10.54.117.96
udhcpc: lease of 10.54.117.96 obtained, lease time 7200
= getting GW
= got GW=10.54.117.97
= got LOCAL_IP6=
= got V6_GW=
= got GW=10.54.117.97
= WWAN modem, init namespace:
= got model DW5811e / DW5811e
= got cellop A1 BY
= got NICK=sierra
= PHONE_NUMBER=
= adding port PORT pxsystem17 for N 17
= HTTP_PORT 127.0.0.1:30041 is free
= applying new settings: port pxsystem17 DEV wwan_modem17, N 17, IMEI 353990074165890, nick sierra, http_port 30041, socks_port 
= proxyport pxsystem17 started
= wont purge_port_remote for pxsystem17
= updated collectd conf
= adding port PORT portXrzD for N 17
= SOCKS_PORT 192.168.1.35:5001 is free
= HTTP_PORT 127.0.0.1:8001 is free
= applying new settings: port portXrzD DEV wwan_modem17, N 17, IMEI 353990074165890, nick sierra, http_port 8001, socks_port 5001
= proxyport portXrzD started
= purging gost_quic_server@5001 on VPS
= setting up GOST proxy server, version: gost3
= Gost local BA server
= Gost remote Socks5 server
= remote service name: gost_quic_server@5001 on 116.202.103.247:5001
= LDNS 127.100.1.100
= saved /tmp/conf.gost3.5001.yaml

= starting redirector@portXrzD
= port portXrzD: BIND_PORT=-R 0.0.0.0:8001:127.0.0.1:8001 -R 127.0.0.1:5001:127.0.0.1:5001
= updated collectd conf
= check expiry for PORT portXrzD
= no proxy expiry set
= kill vpn user portXrzD on OPENVPN_MGMT_SOCKET /var/run/openvpn/server.management.socket
= del rotator timer if any
= updated collectd conf
= lock released on DEV wwan_modem17

= lock acquired on DEV bproxy1
== [add_individual_dev] generating config for DEV=bproxy1 N=1 HUB_ID= HUB_PORT= 
= purging old MTU rules from Iptables for modem N=1
= Backend proxy bproxy1
Running as unit: [email protected]
= got ext IP 167.172.59.39
= got cellop DigitalOcean, LLC
= got GW=server.org:3128
= got IMEI=940010000000001
= got model bproxy / bproxy
= got cellop DigitalOcean, LLC
= got NICK=ddddddd
= PHONE_NUMBER=
= adding port PORT pxsystem1 for N 1
= PARENT_PROXY_DETAILS: { "host": "127.12.0.3", "socks_port": "4000" }
= HTTP_PORT 127.0.0.1:30001 is free
= applying new settings: port pxsystem1 DEV bproxy1, N 1, IMEI 940010000000001, nick ddddddd, http_port 30001, socks_port 
= proxyport pxsystem1 started
= wont purge_port_remote for pxsystem1
= updated collectd conf
= adding port PORT portnzar for N 1
= PARENT_PROXY_DETAILS: { "host": "127.12.0.3", "socks_port": "4000" }
= SOCKS_PORT 192.168.1.35:5002 is free
= HTTP_PORT 127.0.0.1:8002 is free
= applying new settings: port portnzar DEV bproxy1, N 1, IMEI 940010000000001, nick ddddddd, http_port 8002, socks_port 5002
= proxyport portnzar started
= purging gost_quic_server@5002 on VPS
= setting up GOST proxy server, version: gost3
= Gost local BA server
= Gost remote Socks5 server
= remote service name: gost_quic_server@5002 on 116.202.103.247:5002
= LDNS 127.100.2.100
= saved /tmp/conf.gost3.5002.yaml

= starting redirector@portnzar
= port portnzar: BIND_PORT=-R 0.0.0.0:8002:127.0.0.1:8002 -R 127.0.0.1:5002:127.0.0.1:5002
= updated collectd conf
= check expiry for PORT portnzar
= no proxy expiry set
= kill vpn user portnzar on OPENVPN_MGMT_SOCKET /var/run/openvpn/server.management.socket
= del rotator timer if any
= updated collectd conf
= lock released on DEV bproxy1

it took 76 seconds to prepare the system

all found modems initialized. after 5 sec delay the status will be shown
| NICK   | N | DEV         | MODEL  | IMEI           | HTTP | LOCAL_IP    | GW              | EXT_IP         | CELLOP   | MODE | BAND     | MSG|
| ddddddd| 1 | bproxy1     | bproxy | 940010000000001| 30001| 127.0.0.1   | server.org:3128| 167.172.59.39  | DigitalOc|      |          |    |
| sierra | 17| wwan_modem17| DW5811e| 353990074165890| 30041| 10.54.117.96| 10.54.117.97    | 178.163.151.182| A1 BY    | WCDMA| wcdma-900|    |

JSON output

# proxysmart.sh   apply_settings_for_a_modem_by_imei  868723029999406 

Output:

{
   "debug" : "= lock acquired on DEV modem0,...",
   "message" : "",
   "result" : "success"
}

Plain text output:

 proxysmart.sh  apply_settings_for_a_modem_by_imei_raw    359999999999999 

output:

= lock acquired on DEV wwan_modem17
= WAN_APN=
= PHONE_NUMBER=
= purge port portXrzD
{"msg":"ok","result":"ok"}
= purge port pxsystem17
{"msg":"ok","result":"ok"}
= adding port PORT pxsystem17 for N 17
= HTTP_PORT 127.0.0.1:30041 is free
= applying new settings: port pxsystem17 DEV wwan_modem17, N 17, IMEI 353990074165890, nick sierra, http_port 30041, socks_port 
= proxyport pxsystem17 started
= wont purge_port_remote for pxsystem17
= updated collectd conf
= adding port PORT portXrzD for N 17
= SOCKS_PORT 192.168.1.35:5001 is free
= HTTP_PORT 127.0.0.1:8001 is free
= applying new settings: port portXrzD DEV wwan_modem17, N 17, IMEI 353990074165890, nick sierra, http_port 8001, socks_port 5001
= proxyport portXrzD started
= purging gost_quic_server@5001 on VPS
= setting up GOST proxy server, version: gost3
= Gost local BA server
= Gost remote Socks5 server
= remote service name: gost_quic_server@5001 on 116.202.103.247:5001
= LDNS 127.100.1.100
= saved /tmp/conf.gost3.5001.yaml

= starting redirector@portXrzD
= port portXrzD: BIND_PORT=-R 0.0.0.0:8001:127.0.0.1:8001 -R 127.0.0.1:5001:127.0.0.1:5001
= updated collectd conf
= check expiry for PORT portXrzD
= no proxy expiry set
= kill vpn user portXrzD on OPENVPN_MGMT_SOCKET /var/run/openvpn/server.management.socket
= purging old MTU rules from Iptables for modem N=17
= del rotator timer if any
= updated collectd conf
= lock released on DEV wwan_modem17

Args: IMEI or NICKNAME.

JSON output:

# proxysmart.sh   reset_modem_by_imei    899999999999999 
# proxysmart.sh   reset_modem_by_imei    Dongle222

Output:

{
   "message" : "external ip changed from 46.216.188.74 to 46.216.113.63",
   "ext_ip" : "46.216.113.63",
   "result" : "success",
   "debug" : "= lock acquired on DEV modem0,= resetting DEV modem0 ..."
}

Plain text output:

# proxysmart.sh  reset_quick_nick  899999999999999
# proxysmart.sh  reset_quick_nick  Dongle222

Output:

= lock acquired on DEV modem93
= resetting NICK Client5 DEV modem93 local IP 192.168.0.100 N 93 GW 192.168.0.1 IMEI 359999999999999
= external IP is 46.56.178.172
=stopping redirector N 93
...
=DNS test attempt 2/7 to DNS server 1.1.1.1
Checking/setting forced routing config (skip with /etc/proxysmart/altnetworking.sh -s ...)
Applying net_cls class identifier 0x0010093 to cgroup cgproxy93
Unset reverse path filtering for interface "all"
Unset reverse path filtering for interface "modem93"
DNS OK - 0.092 seconds response time 
= passed
= restarting proxy@93 to definitely drop old connections..
= starting redirector N 93
=now detect EXT_IP
= external IP is 46.56.181.222
= purging old MTU rules from Iptables for modem N=93
deleted rule 9 from mangle/OUTPUT
= purging old MTU rules from Iptables for modem N=93
= adding MTU rules to Iptables for modem N=93 MTU=1400 MSS=1360
==save report:
start_time=2022-05-29@21:14:43 end_time=2022-05-29@21:15:13 
    total_time=27 old_ip=46.56.178.172        new_ip=46.56.181.222 target_mode=auto
= lock released on DEV modem93

Args: Nickname or IMEI.

TEXT Output

#  proxysmart.sh   reboot_modem dongle61_us

#  proxysmart.sh   reboot_modem 899999999999999

JSON Output

# proxysmart.sh reset_modem_by_imei 899999999999999 full

# proxysmart.sh reset_modem_by_imei dongle61_us full

Can accept DEV name, IMEI or Nickname. So

For Text output:

proxysmart.sh usb_reset_modem modem179
proxysmart.sh usb_reset_modem 123456789012345
proxysmart.sh usb_reset_modem Mydongle222

For Json output.

proxysmart.sh usb_reset_modem_json modem179
proxysmart.sh usb_reset_modem_json 123456789012345
proxysmart.sh usb_reset_modem_json Mydongle222

On a single modem:

Args: NICKNAME or IMEI.

# proxysmart.sh  speedtest 353990074160000
# proxysmart.sh  speedtest sierra

Response:

{
    "upload": "8.85 mbps",
    "download": "35.13 mbps",
    "share": "http://www.speedtest.net/result/16912814215.png",
    "msg": null,
    "debug": null,
    "ping": "36 ms"
}

On a single port

# proxysmart.sh  bandwidth_report_json  portNF87478
{
   "HTTP_PORT" : "8001",
   "IS_OVER_QUOTA" : "0",
   "QUOTA_DIRECTION" : "inout",
   "SOCKS_PORT" : "5001",
   "bandwidth_bytes_day_in" : "9.5KB",
   "bandwidth_bytes_day_out" : "9.6KB",
   "bandwidth_bytes_lifetime_in" : "3.5MB",
   "bandwidth_bytes_lifetime_out" : "440KB",
   "bandwidth_bytes_month_in" : "3.5MB",
   "bandwidth_bytes_month_out" : "433KB",
   "bandwidth_bytes_yesterday_in" : "6.0KB",
   "bandwidth_bytes_yesterday_out" : "4.9KB",
   "left_to_quota" : null,
   "port" : "portXrzD",
   "portName" : "ddddd",
   "quota" : null,
   "quota_type" : null
}

With arbitrary time interval.

# proxysmart.sh get_counters_port portID394848 '2023-01-28 18:10' '2023-01-28 19:20:01' 

ARGS: portID

JSON output

# proxysmart.sh   bandwidth_reset_counter  portFIFJNF

{"result":"success","debug":null}

JSON output

# proxysmart.sh  list_sms_json  869086046197801 
[
   {
      "Date" : "2021-07-08 14:05:23",
      "Content" : "Your free month has started. https://smarty.co.uk/dashboard",
      "Index" : "40001",
      "Phone" : "SMARTY"
   },
   {
      "Date" : "2021-07-12 10:23:47",
      "Content" : "621036 is your SMARTY login verification code.
      "Index" : "40002",
      "Phone" : "SMARTY"
   }
]

Plain output:

# proxysmart.sh  send_sms_raw 899999999999999 +11111111111 "ура ура 333"
= Logging in with admin:admin123
= preparing token
= Logged in 
= Sending the following message to {+11111111111}: {ура ура 333}
= preparing token
= SENT OK 
= Logging OUT
= preparing token
= RESPONSE=OK

JSON output:

# proxysmart.sh  send_sms_json  899999999999999 +11111111111 "ура ура 333"
{
   "debug" : "= Logging in with admin:admin123,= prepari..",
   "result" : "success"
}

Purges SMS from all folders.

Call by IMEI or nickname,

json output:

# proxysmart.sh purge_sms_json 899999999999999
...

# proxysmart.sh purge_sms_json dongle1
...

Plain output

# proxysmart.sh  send_ussd_raw 899999999999999 '*100#'
= Logging in with admin:admin123
= preparing token
= Logged in 
= sending USSD \*100#
= preparing token
= SENT OK
= getting response. attempt 1
= preparing token
= not yet response received
= getting response. attempt 2
= preparing token
= not yet response received
= getting response. attempt 3
= preparing token
= OK response received
Your credit is $20.00. Your operator.
= Logging OUT
= preparing token
= RESPONSE=OK

JSON output:

# proxysmart.sh  send_ussd_json  899999999999999 '*100#'
{
   "RESPONSE" : "Your credit is $20.00. Your operator.",
   "debug" : "= Logging in with admin:admin123,= preparing token,= ..."
   "result" : "success"
}

..use bandwidth stats..

By Nickname or IMEI

proxysmart.sh  get_rotation_log dongle2
proxysmart.sh  get_rotation_log 899999999999999

[
  {
    "start_time": "2022-08-10@19:29:38",
    "end_time": "2022-08-10@19:29:49",
    "total_time": "10",
    "old_ip": "4.26.28.14",
    "new_ip": "4.26.28.13",
    "target_mode": "auto"
  },
  {
    "start_time": "2022-08-10@19:29:54",
    "end_time": "2022-08-10@19:30:04",
    "total_time": "9",
    "old_ip": "4.26.248.13",
    "new_ip": "4.26.152.10",
    "target_mode": "auto"
  }
]

By PORTID <code> proxysmart.sh top_hosts port92848428 </code> Response: <code> { "bbc.com": 10, "gmail.com": 20 } </code> ++++ ==== 16. Report IP uniqueness ==== ++++ JSON output.

proxysmart.sh  unique_ips_json

{
  "DAYS": 14,
  "MAX_REPEATS": 50,
  "TOTAL_ROTATIONS": 7,
  "UNIQUE_IPS": 7,
  "NON_UNIQUE_IPS": 0,
  "UNIQUE_IPS_PERCENT": 100,
  "NON_UNIQUE_IPS_PERCENT": 0,
  "TXT": "\nIP Uniqueness report:\n\nOf past 14 days.\nA Unique IP is an IP that was encountered less than 50 times during the reported period.\nTotal IP rotations on all devices: 7\nUnique IP rotations: 7 (100%)\nNon Unique IP rotations: 0 (0%)\n"
}

TEXT output.

# proxysmart.sh  unique_ips 

IP Uniqueness report:

Of past 14 days.
A Unique IP is an IP that was encountered less than 50 times during the reported period.
Total IP rotations on all devices: 7
Unique IP rotations: 7 (100%)
Non Unique IP rotations: 0 (0%)

WEB API endpoint is the URL that Proxysmart WebApp available at.

It can be

• LAN_IP:8080 when you call it from the same LAN
• VPS_IP:7001 when you forwardded ports to the Cloud VPS
• STATIC_IP:8080 when you forwarded ports via your LAN router and your ISP gave you STATIC_IP

Also attach proper username:password (the -u parameter).

Whenever below you are seeing localhost:8080, replace it with the actual WEB API endpoint.

quick start:

• Populate modems collection with modems objects
• Populate ports collection with proxy ports objects
• for each added modem call 'Apply settings for a modem' WEB API call. It will configure each modem and its ports

Detailed start

Assume you have given a fresh Proxysmart server with multiple modems, by default each of the modems has generated a random modem nickname and random ports on it.

IMEI is a unique identifier for a modem.

So, query full status with /apix/show_status_json, gather IMEI's where nicknames are like random, for each of these IMEI do:

• generate a unique modem nickname, e.g. “dongle_100” and store modem object with /crud/store_modem
• generate proxy ports for the modem, create proxy port objects and store them with /crud/store_port
• apply the settings for the modem and for its ports with /modem/settings

(done)

if you edited a modem

call 'Apply settings for a modem' WEB API call for the modem.

if you edited a port

call 'Apply settings for a port' WEB API call for the port (faster)

or

call 'Apply settings for a modem' WEB API call for the modem. (slower, affects all modem's ports)

if you deleted a port

call 'Purge port' WEB API call for the port (faster)

or

call 'Apply settings for a modem' WEB API call for the modem. (slower, affects all modem's ports))

Request:

curl 'http://localhost:8080/apix/show_status_json' -u proxy:proxy 

Response:

[
  {
    "MSG": "",
    "N": 1,
    "IS_LOCKED": "false",
    "modem_details": {
      "NICK": "ddddddd",
      "IMEI": "940010000000001",
      "MODEL": "bproxy",
      "MODEL_SHOWN": "bproxy",
      "HUB_ID": "",
      "HUB_PORT": "",
      "UPTIME": "",
      "UDEV_UPTIME": "",
      "PHONE_NUMBER": "",
      "AT_PORT": "",
      "ADDED_TIME": "11.966667 minutes",
      "REBOOT_SCORE": "0"
    },
    "net_details": {
      "DEV": "bproxy1",
      "GW": "server.org:3128",
      "LOCAL_IP": "127.0.0.1",
      "LOCAL_IP6": "",
      "EXT_IP": "167.172.59.39",
      "EXT_IPV6": "2a03:b0c0:1:d0::1192:f001",
      "IS_ONLINE": "yes",
      "CurrentNetworkType": "",
      "SimStatus": "",
      "ICCID": "",
      "ConnectionStatus": "",
      "workmode": "",
      "SIGNAL_STRENGTH": "",
      "CELLOP": "DigitalOcean, LLC",
      "VALDIK": "Detected OS = Linux 2.2.x-3.x [generic];MTU = 1500;Distance = 9;PTR = pathos.tanatos.org;PTR test = Probably server user;Fingerprint and OS match. No proxy detected ;No OpenVPN detected.",
      "BAND": "",
      "APN": "",
      "HTTP_REDIRECT_IMPOSED": ""
    },
    "proxy_creds": {
      "HTTP_PORT": 30001,
      "SOCKS_PORT": null,
      "LOGIN": "def294246",
      "PASS": "def294246",
      "PROXYSTDLINE_HTTP": "127.0.0.1:30001:def294246:def294246",
      "PROXYSTDLINE_SOCKS": "",
      "VPN_USERS": [],
      "VPN_USERS_ONLINE": []
    },
    "android": {
      "battery": null,
      "version": null
    },
    "RESET_SECURE_LINK": {
      "URL": "http://i.org:7001/apix/reset_ip_secure?hash=KNQWY5DFMRPV74XDCJ5XV6OWRIWV46HM3QJ6GKR46JD6ZMV5EPPDUAIB5IUFR447JCEZO2BJC7UIG5LC2W2HD3DYERZZLSJNZJSI3EI=",
      "VALID_UNTIL": "2028-10-17@11:31:45 +03"
    }
  },
  {
    "MSG": "",
    "N": 17,
    "IS_LOCKED": "false",
    "modem_details": {
      "NICK": "sierra",
      "IMEI": "353990074165890",
      "MODEL": "DW5811e",
      "MODEL_SHOWN": "DW5811e",
      "HUB_ID": "2-1",
      "HUB_PORT": "",
      "UPTIME": "unknown",
      "UDEV_UPTIME": "77382",
      "PHONE_NUMBER": "",
      "AT_PORT": "/dev/ttyUSB2",
      "ADDED_TIME": "9.6333333 minutes",
      "REBOOT_SCORE": "0"
    },
    "net_details": {
      "DEV": "wwan_modem17",
      "GW": "10.54.117.97",
      "LOCAL_IP": "10.54.117.96",
      "LOCAL_IP6": "",
      "EXT_IP": "178.163.151.102",
      "EXT_IPV6": "",
      "IS_ONLINE": "yes",
      "CurrentNetworkType": "WCDMA",
      "SimStatus": "READY",
      "ICCID": "8937501200200347057",
      "ConnectionStatus": "OK connected",
      "workmode": "WCDMA",
      "SIGNAL_STRENGTH": "RSSI:-77dBm",
      "CELLOP": "A1 BY",
      "VALDIK": "Detected OS = Linux 2.2.x-3.x [generic];MTU = 1400;Network link = Probably IPsec or other VPN;Distance = 9;PTR test = Probably home user;Fingerprint and OS match. No proxy detected ;No OpenVPN detected.",
      "BAND": "wcdma-900",
      "APN": "internet",
      "HTTP_REDIRECT_IMPOSED": ""
    },
    "proxy_creds": {
      "HTTP_PORT": 30041,
      "SOCKS_PORT": null,
      "LOGIN": "def294246",
      "PASS": "def294246",
      "PROXYSTDLINE_HTTP": "127.0.0.1:30041:def294246:def294246",
      "PROXYSTDLINE_SOCKS": "",
      "VPN_USERS": [],
      "VPN_USERS_ONLINE": []
    },
    "android": {
      "battery": null,
      "version": null
    },
    "RESET_SECURE_LINK": {
      "URL": "http://i.org:7001/apix/reset_ip_secure?hash=KNQWY5DFMRPV6YBVYPNMAKNADEBKVOIHJLN6P4E3LBARXMXPRAIYRAFCVROUURJWLDFGC6AVRT2KFDRKJLCYPKBBC5B44YNZTK64SFI=",
      "VALID_UNTIL": "2028-10-17@11:31:53 +03"
    }
  }
]

Request:

curl http://localhost:8080/apix/list_ports_json -u proxy:proxy

Response:

{
  "358888888888890": [
    {
      "HTTP_PORT": "8001",
      "IS_EXPIRED": 0,
      "IS_OVER_QUOTA": 0,
      "LOGIN": "N9999999",
      "PASSWORD": "l8888-Gd",
      "PROXY_VALID_BEFORE": "",
      "RESET_SECURE_LINK": {
        "URL": "http://i.org:7001/apix/reset_ip_secure?hash=KNQWY5DFMRPV7AR2KLHJQAIBL6H2MKF2JLEUNOZLIOJQ7KATN3S74QR7PYCWM3JWX4PJVQUZNGL6I===",
        "VALID_UNTIL": "2029-03-07@20:47:51 +03"
      },
      "SOCKS_PORT": "5001",
      "http_creds": "http://NVX_MhO9:[email protected]:8001",
      "portID": "portXrzD",
      "portName": "ddddd",
      "redirector": {
        "ActiveState": "active",
        "NRestarts": 36,
        "SubState": "running",
        "UPTIME": "-1 d, 22 h, 14 m, 5 s."
      },
      "socks5_creds": "socks5://NVX_MhO9:[email protected]:5001"
    },
    {
      "HTTP_PORT": "8009",
      "IS_EXPIRED": 0,
      "IS_OVER_QUOTA": 0,
      "LOGIN": "EQAXGXOO",
      "PASSWORD": "TTcbUlMK",
      "PROXY_VALID_BEFORE": "",
      "RESET_SECURE_LINK": {
        "URL": "http://i.org:7001/apix/reset_ip_secure?hash=KNQWY5DFMRPV6V3NBPEKDNNXLHRQZ6TTY52BYKCWAQD35UUR7HZSG3QWAL3G5BKHY5KFHHUMIZCWK===",
        "VALID_UNTIL": "2029-03-07@20:47:51 +03"
      },
      "SOCKS_PORT": "5009",
      "http_creds": "http://EQAXGXOO:[email protected]:8009",
      "portID": "portewH_",
      "portName": "moldy_assistant",
      "redirector": {
        "ActiveState": "active",
        "NRestarts": 36,
        "SubState": "running",
        "UPTIME": "-1 d, 23 h, 14 m, 5 s."
      },
      "socks5_creds": "socks5://EQAXGXOO:[email protected]:5009"
    }
  ]
}

Request:

( either by IMEI or Nickname )

curl http://localhost:8080/apix/show_single_status_json?arg=dongle111    -u proxy:proxy
curl http://localhost:8080/apix/show_single_status_json?arg=899999999999999    -u proxy:proxy

Response:

[
   {
      "IS_LOCKED" : "false",
      "MSG" : "",
      "N" : "17",
      "android" : {
         "battery" : null,
         "version" : null
      },
      "modem_details" : {
         "ADDED_TIME" : "11.55 minutes",
         "AT_PORT" : "/dev/ttyUSB2",
         "HUB_ID" : "2-1",
         "HUB_PORT" : "",
         "IMEI" : "353990074165890",
         "MODEL" : "DW5811e",
         "MODEL_SHOWN" : "DW5811e",
         "NICK" : "sierra",
         "PHONE_NUMBER" : "",
         "REBOOT_SCORE" : "0",
         "UDEV_UPTIME" : "77497",
         "UPTIME" : "unknown"
      },
      "net_details" : {
         "APN" : "internet",
         "BAND" : "wcdma-900",
         "CELLOP" : "A1 BY",
         "ConnectionStatus" : "OK connected",
         "CurrentNetworkType" : "WCDMA",
         "DEV" : "wwan_modem17",
         "EXT_IP" : "18.13.151.102",
         "EXT_IPV6" : "",
         "GW" : "10.54.117.97",
         "HTTP_REDIRECT_IMPOSED" : "",
         "ICCID" : "8937501209999947057",
         "IS_ONLINE" : "yes",
         "LOCAL_IP" : "10.54.117.96",
         "LOCAL_IP6" : "",
         "SIGNAL_STRENGTH" : "RSSI:-69dBm",
         "SimStatus" : "READY",
      },
   }
]

Request:

( either by IMEI or Nickname )

curl http://localhost:8080/apix/reset_modem_by_imei?IMEI=899999999999999 -u proxy:proxy
curl http://localhost:8080/apix/reset_modem_by_nick?NICK=dongle22 -u proxy:proxy

Response:

{
   "debug" : "...",
   "ext_ip" : "46.216.248.48",
   "message" : "external ip changed from 46.216.225.112 to 46.216.248.48",
   "result" : "success"
}

Request:

( either by IMEI or Nickname )

curl http://localhost:8080/apix/reboot_modem_by_imei?IMEI=860493043888886 -u proxy:proxy
curl http://localhost:8080/apix/reboot_modem_by_nick?NICK=dongle2 -u proxy:proxy

Response:

{
   "debug" : "...",
   "message" : "new external ip cannot be detected",
   "result" : "failure"
}

{
   "debug" : "...",
   "ext_ip" : "172.58.172.255",
   "message" : "external ip changed from 172.58.172.251 to 172.58.172.255",
   "result" : "success"
}

ETA: ~ 1.5 minute

Request:

curl 'http://localhost:8080/modem/send-sms' -u proxy:proxy \
    --data-urlencode 'imei=899999999999999' \
    --data-urlencode 'phone=+11111111111' \
    --data-urlencode "sms=txt txt fff"

Response:

{"message":"Result: success","success":true}

Request:

curl 'http://localhost:8080/modem/send-ussd' -u proxy:proxy \
    --data-urlencode 'imei=899999999999999' --data-urlencode 'ussd=*100#'

Response:

{
"RESPONSE":"Your credit is $20.00. Your operator.",
"debug":"...",
"result":"success",
"success":true
}

Request:

curl 'http://localhost:8080/modem/sms/862329888888888?json=1' -u proxy:proxy

Response:

{
   "data" : [
      {
         "Content" : "Missed call : +333333333370 at 10:45 22/07.",
         "Date" : "2020-07-22 14:59:35",
         "Index" : "40001",
         "Phone" : "+333333333370"
      },
      {
         "Content" : "Welcome, your data limit 0-100МБ. .. Details: cell.org",
         "Date" : "2021-02-27 00:53:11",
         "Index" : "40002",
         "Phone" : "MYCELL"
      },
      {
         "Content" : "Hh",
         "Date" : "2021-07-16 20:32:11",
         "Index" : "40042",
         "Phone" : "+11111111111"
      }
   ],
   "success" : true
}

Args: porID

Request:

curl localhost:8080/apix/bandwidth_report_json?arg=portJFJHFHJ -u proxy:proxy

Response:

{
   "HTTP_PORT" : "8001",
   "IS_OVER_QUOTA" : "0",
   "QUOTA_DIRECTION" : "inout",
   "SOCKS_PORT" : "5001",
   "bandwidth_bytes_day_in" : "9.5KB",
   "bandwidth_bytes_day_out" : "9.6KB",
   "bandwidth_bytes_lifetime_in" : "3.5MB",
   "bandwidth_bytes_lifetime_out" : "440KB",
   "bandwidth_bytes_month_in" : "3.5MB",
   "bandwidth_bytes_month_out" : "433KB",
   "bandwidth_bytes_yesterday_in" : "6.0KB",
   "bandwidth_bytes_yesterday_out" : "4.9KB",
   "left_to_quota" : null,
   "port" : "portXrzD",
   "portName" : "ddddd",
   "quota" : null,
   "quota_type" : null
}

With arbitrary time interval:

ARGS: portID, start time, end time.

Request:

curl -G http://localhost:8080/apix/get_counters_port -X GET -d PORTID=portKFJKJKDD --data-urlencode 'START=2023-01-28 18:10' --data-urlencode 'END=2023-01-28 19:20:01' -u proxy:proxy 

Response:

{ "in": "1101534", "out": "2158378" }

del

Request (by portID ):

curl localhost:8080/apix/bandwidth_reset_counter?arg=portJKJKDHJ83  -u proxy:proxy

Response:

{"result":"success","debug":null}

Request either - by network interface e.g. modem77 - by Nickname - by IMEI

curl localhost:8080/apix/usb_reset_modem_json?arg=modem77      -u proxy:proxy
curl localhost:8080/apix/usb_reset_modem_json?arg=dongle22      -u proxy:proxy
curl localhost:8080/apix/usb_reset_modem_json?arg=868888888888889      -u proxy:proxy

Response:

{
  "USB_RESET_METHOD": "uhubctl",
  "debug": "......",
  "result": "ok"
}

Request - by Nickname - by IMEI

curl localhost:8080/apix/get_rotation_log?arg=899999999999999  -u proxy:proxy 
curl localhost:8080/apix/get_rotation_log?arg=dongle2          -u proxy:proxy 

Response:

[
  {
    "start_time": "2022-08-10@19:29:38",
    "end_time": "2022-08-10@19:29:49",
    "total_time": "10",
    "old_ip": "4.26.28.14",
    "new_ip": "4.26.28.13",
    "target_mode": "auto"
  },
  {
    "start_time": "2022-08-10@19:29:54",
    "end_time": "2022-08-10@19:30:04",
    "total_time": "9",
    "old_ip": "4.26.248.13",
    "new_ip": "4.26.152.10",
    "target_mode": "auto"
  }
]

Request:

curl http://localhost:8080/modem/settings -d imei=862329099999999 -u proxy:proxy

Response:

{
  "message": "Result: success, message: applied", 
  "success": true
}

Args: portID

Request:

curl http://localhost:8080/apix/apply_port?arg=port029348 -u proxy:proxy

Response:

{
  "msg": "success",
  "result": "ok"
}

• it deletes the port object from the DB
• it stops its proxies

Args: portID

Request:

curl http://localhost:8080/apix/purge_port?arg=port029348 -u proxy:proxy

Response:

{
  "msg": "ok",
  "result": "ok"
}

Request either - by Nickname - by IMEI

curl localhost:8080/apix/purge_sms_json?arg=Nick77      -u proxy:proxy
curl localhost:8080/apix/purge_sms_json?arg=868888888888889      -u proxy:proxy

Response:

{ "result": "success", "msg": "" }

By PORTID

Request:

curl localhost:8080/apix/top_hosts?arg=port2847472 -u proxy:proxy

Response:

{
  "bbc.com": 10,
  "gmail.com": 20
}

Request:

curl localhost:8080/apix/unique_ips_json -u proxy:proxy

Response:

{
  "DAYS": 14,
  "MAX_REPEATS": 50,
  "TOTAL_ROTATIONS": 7,
  "UNIQUE_IPS": 7,
  "NON_UNIQUE_IPS": 0,
  "UNIQUE_IPS_PERCENT": 100,
  "NON_UNIQUE_IPS_PERCENT": 0,
  "TXT": "\nIP Uniqueness report:\n\nOf past 14 days.\nA Unique IP is an IP that was encountered less than 50 times during the reported period.\nTotal IP rotations on all devices: 7\nUnique IP rotations: 7 (100%)\nNon Unique IP rotations: 0 (0%)\n"
}

This call just stores the object. Then you have to call “Apply Settings for a modem”.

Request:

curl -u proxy:proxy localhost:8080/crud/store_modem --data-raw data='{"IMEI": "123456789012345", "name":"MyModem"}'

Response:

{
  "result": "success"
}

Mandatory Fields

• IMEI - 15 digits
• name - a Nickname of the modem

Optional Fields

• TARGET_MODE - the mode, one of ( 3g / 4g / auto / default ) the mode will work in.
• AUTO_IP_ROTATION - how often to rotate the IP on the modem (minutes)
• PHONE_NUMBER - arbitrary field for setting phone number just for your information ) e.g. “+1111111111”
• NOTES - arbitrary string for some info about the modem.
• WAN_APN - for LTE modules, APN to be set during bringing up the modem online, if correct APN can't be detected automatically. E.g. “my.cool.apn.com”
• mtu - set MTU fix for the modem, e.g. 1400

Example 1, only mandatory fields.

{
  "IMEI": "862329041087714",
  "name": "dongle2"
}

Example 2, mandatory + optional fields.

{
  "IMEI": "862329041087719",
  "name": "dongle21",
  "AUTO_IP_ROTATION": 10,
  "PHONE_NUMBER": "+1111111111",
  "TARGET_MODE": "4g",
  "WAN_APN": "internet",
  "mtu": 1400
}

This call just stores the object. Then you have to call “Apply Settings for a port”.

Request:

curl -u proxy:proxy localhost:8080/crud/store_port --data-raw data='{"IMEI": "353990074165890", "portID":"lel9999", "portName":"yyyyyyyy", "proxy_password":"aaaaaaaaa", "proxy_login":"aaaaaaaaaa", "http_port":8005, "socks_port": 5005}' 

Response:

{
  "result": "success"
}

Mandatory fields :

• IMEI: IMEI of the modem to attach the port to, e.g. 862329041087719
• portID: unique port ID, for existing ports, use existing value. For new ports, construct it like 'port' + at least 6 alphanumeric chars, e.g. portFj7H36sd1
• portName: arbitrary port name, e.g. Customer Cool
• proxy_login: Proxy login, e.g. kileq, length is larger than 5.
• proxy_password: Proxy password, e.g. Jdh27dh , length is larger than 5.
• http_port: Http port, e.g. 8005 , Must be 8001-8999
• socks_port: Socks5 port, e.g. 5005 , Must be 5001-5999

Optional fields :

• DENIED_SITES_ENABLE - if 1 , then apply DENIED_SITES_LIST , see below
• DENIED_SITES_LIST - array of denied sites. Applied if DENIED_SITES_ENABLE is “1”.
• bw_quota : bandwidth quota in MB
• QUOTA_TYPE can be daily/monthly/lifetime. Latter means you allocate the quota forever till its over quota
• IP_MODE: can be :
  • 4 : ipv4 only
  • 6 : ipv6 only
  • 46 : prefer ipv4 but also allow ipv6
  • 64 : prefer ipv6 but also allow ipv4
  • null : leave default
• PROXY_VALID_BEFORE: expiry date
• MAXCONN: max allowed connections
• CONNLIM: allow this number of new connections within 60 seconds
• bandlimin: download speed (megabits per second, mbps)
• bandlimout: upload speed (megabits per second, mbps)
• OS - spoofed destination OS, can be
  • (empty or absent field) No spoofing
  • “android:1” Android, p0f compliant but slow
  • “android:3” real Android, almost like Linux
  • “macosx:3” macosx:3
  • “macosx:4” real MacOSX 12.6 / iPhone 13 Pro Max
  • “ios:1” ios:1, p0f compliant
  • “ios:2” ios:2, real Iphone
  • “windows:1” real Windows 10
• white_list - array of whitelisted customers' IP's (so proxy access for them is password-less)

Example 1, only mandatory fields.

{
  "portID": "portO",
  "IMEI": "862329041087719",
  "portName": "PEPA",
  "http_port": "8005",
  "socks_port": "5005",
  "proxy_login": "kileq",
  "proxy_password": "Jdh27dh"
}

Example 2, mandatory + optional fields.

{
  "portID": "portQ",
  "portName": "DEDA",
  "IMEI": "862329041087719",
  "MAXCONN": 100,
  "CONNLIM": 100,
  "DENIED_SITES_ENABLE": 1,
  "DENIED_SITES_LIST": [
    "bad.com",
    "porn.com"
  ],
  "PROXY_VALID_BEFORE": "2028-02-22T12:54",
  "IP_MODE": "46",
  "OS": "ios:2",
  "bandlimin": "10",
  "bandlimout": "10",
  "bw_quota": 200,
  "QUOTA_TYPE": "monthly",
  "http_port": "8004",
  "proxy_login": "mokos",
  "proxy_password": "rQ1h6J",
  "socks_port": "5004",
  "white_list": [
    "192.168.0.0/16",
    "78.140.162.201",
    "78.140.162.202"
  ]
}

Destination format: v2

So it can be later imported in V2 version of Proxysmart.

Request:

curl -u proxy:proxy localhost:8080/crud/backup_export

Response:

{
  "modems_collection": [
    {
      "IMEI": "920000000000002",
      "name": "dddddddddd"
    }
  ],
  "ports_collection": [
    {
      "IMEI": "920000000000002",
      "portID": "portnqIj",
      "portName": "Port_dddddddddd",
      "http_port": "8001",
      "socks_port": "5001",
      "proxy_login": "yyyyyyyy",
      "proxy_password": "yyyyyyyyyyyy",
      "DENIED_SITES_ENABLE": 0
    }
  ],
  "local_settings": {
    "lan_modems": [
      {
        "gw": "192.168.8.8",
        "dev": "lanmodem1"
      },
      {
        "gw": "192.168.8.9",
        "dev": "lanmodem2"
      }
    ]
  }
}

Request:

curl -u proxy:proxy localhost:8080/crud/backend_proxies -X POST --header "Content-Type: application/json" -d \
  '[ 
    { 
    "id" : "bproxy1" , 
    "creds" : "http://MyLogin:MyPass@MyProxyHost1:3128" ,
    "ip_reset": "http://MyProxyHost1/reset1"
    },
    { 
    "id" : "bproxy2" , 
    "creds" : "http://MyLogin:MyPass@MyProxyHost2:3128" 
    } 
  ]' 

• id: a string like “bproxy” + number
• creds: credentials in format protocol://login:password@host:port
• ip_reset: (optional) Ip reset link

Response:

{
  "message": "",
  "result": "success"
}

Request:

curl -u proxy:proxy localhost:8080/crud/backend_proxies -X GET --header "Content-Type: application/json" 

Response:

[
  {
    "creds": "http://MyLogin:MyPass@MyProxyHost1:3128", 
    "id": "bproxy1",
    "ip_reset": "http://MyProxyHost1/reset1"
  },
  {
    "creds": "http://MyLogin:MyPass@MyProxyHost2:3128", 
    "id": "bproxy2"
  }
]

Request:

curl -u proxy:proxy localhost:8080/crud/lanmodems -X POST --header "Content-Type: application/json" -d \
  '[ 
      {
        "dev": "lanmodem3",
        "gw": "192.168.8.3"
      },
      {
        "dev": "lanmodem2",
        "gw": "192.168.8.2"
      }
  ]' 

• dev: a string like “lanmodem” + number
• gw: the LAN modem's IP address

Response:

{
  "message": "",
  "result": "success"
}

Request:

curl -u proxy:proxy localhost:8080/crud/lanmodems -X GET --header "Content-Type: application/json" 

Response:

[
  {
    "dev": "lanmodem3",
    "gw": "192.168.8.3"
  },
  {
    "dev": "lanmodem2",
    "gw": "192.168.8.2"
  }
]

Installation is shipped with default demo license.

It allows you to run proxy on 1 modem.

In order to run more modems, buy a License.

Method1. From the WebApp:

• Open the proxysmart WebApp at http://localhost:8080 or http://LAN_IP:8080
• Scroll down to the Machine Data text.
• Copy MachineData value to the Clipboard.

Method2. From the CLI:

• Open terminal
• Run sudo proxysmart.sh license_status
• Copy machine_data value

Send the copied value to proxysmart.org

You will be given the license and license signature. Both are sequences of numbers and characters. Then submit both either via WebApp or CLI:

submitting via WebApp

Open the WebApp , http://localhost:8080 , expand License section and type in the keys & submit both.

submitting via CLI

run commands

proxysmart.sh submit_license LICENSE
proxysmart.sh submit_license_signature LICENSE_SIGNATURE

If your paid license expired or broken, restore DEMO license, run:

sudo cp -v /usr/share/doc/proxysmart/examples/license.txt* /etc/proxysmart/

One of

• http://localhost:8080/
• http://LAN_IP:8080/
• http://VPS_IP:7001/

By default login/password are proxy / proxy.

• If proxy ports are forwarded via remote cloud VPS: then the proxies can be used from all over the Internet, by that VPS IP and proxy port numbers.
• From the same LAN where multimodem server is located: by the server’s LAN IP and proxy port numbers.

Why? In order to test quality of connnection between proxy/VPN users and the server, not involving mobile equipment.

How?

For the proxy users:

Open the URL in the browser: The WebApp plus /openspeedtest/ e.g. http://VPS_IP:7001/openspeedtest/ , login/password are speedtest / pw2000pw

For the VPN users:

While connnected over the VPN, open the URL in the browser: http://172.22.27.1/openspeedtest/ , login/password are speedtest / pw2000pw

Method1. Click the button “Reset Complete” on the main screen of the WebApp in the bottom.

Method2. In linux console, run: proxysmart.sh reset_complete

Also it is done after reboot automatically by a Cron job.

• click EDIT on a modem or a port, set new values
• click APPLY

The options are below.

• From Web App

Click Reset Ip button.

• From command line.

Run: proxysmart.sh reset_quick_nick dongle1

Where dongle1 is a Dongle “nickname” that is seen from output of proxysmart.sh show_status

• From Web API.

check WEB API section of this manual.

How to rotate a modem periodically?

• WebApp method

Update modem’s settings in the WebApp and click APPLY.

• Cron method

Install a Cron job. Edit a file /etc/cron.d/proxysmart, add a line ( or uncomment a commented line.. )

*/10 * * * * root run-one /usr/local/bin/proxysmart.sh reset_quick_nick dongle3

so that a modem with the Nickname dongle3 is rotated every 10 min.

Repeat for each modem you want to rotate periodically.

Hi , technically it depends on how powerful this PC is, and how intensively proxies are used.

• Raspberry PI - 4 proxies (roughly)
• a miniPC (Intel NUC or similar) - up to 10
• a Laptop like Core i5 - up to 30.

Also it depends on what Plan you buy.

Also it depends on USB configuration, for maximum number of modems:

• disable USB3.0 in BIOS
• use USB2.0 hubs

In some cases custom TTL must be set in order to have Cell Operator think we are not using the modem in hotsport  tethering mode. I.e. we don’t share its data. By default Linux OS has ttl = 64. To change Cell Operator perception of the situation, we want to set it +1 i.e. 65.

Edit WebApp→GlobalSettings and set CUSTOM_TTL_SET and CUSTOM_TTL_VALUE=65 and regenerate settings.

In some cases different MTU values connect with different types of ISP’s. You may want to change it.

Mtu can be only lowered. E.g. if you have MTU 1390, you can set 1340. Not opposite.

- WebApp → GlobalSettings → enable CUSTOM_MTU_SET . - Set MTU in the WebApp for each modem.

Those are optional and are set in the WebApp

• WHITELIST - allowed customers IP’s who are not required to type in proxy password (IP-based auth).
• bandwidth (speed) limit. Values are in mbps (megabits per second).
• DENIED_SITES_ENABLE (on/off) and DENIED_SITES_LIST (list of blocked sites patterns).
• Bandwidth Quota (Megabytes) and Bandwidth Quota Type (daily/monthly/lifetime)

Proxysmart 2.2+

• Open WebApp. Locate the modem. Click its IMEI to open its individual page
• Click Browse Modem

All proxysmart versions

• Open WebApp. Locate the modem. Configure a proxy on your desktop browser.
• Use proxy login & password as desribed below (14.1 chapter).
• Visit modem IP via that proxy.

Since 2023-09-10 it is enabled by default.

Edit WebApp→GlobalSettings and set

PROXY_ADMIN_ENABLE  enabled
PROXY_ADMIN_LOGIN   SuperAdmin
PROXY_ADMIN_PASS    Hqmz81mmZr

And regenerate configs. So only admin user is allowed to use modems web interfaces, and normal proxy users are not.

In the WebApp, set monthly traffic quota. Click EDIT & APPLY.

Set OPEN_PROXIES in WebApp→GlobalSettings and regenerate all configs.

Note, when proxy ports are forrwarded via a VPS, the proxies are available to any internet user. Use it with caution.

Click Bandwitdh Stats in the WebApp, or use “Report Bandwidth” CLI or WEB API call.

Run a command

ss -o state established | grep -c :8038

But change 8038 with HTTP port of a desired proxy

You have these options.

• Click Read SMS in the WebApp
• run proxysmart.sh list_sms_for_a_modem_by_imei_json 999999999999999 i.e. IMEI of required modem.
• Browse to the modem IP ( it is shown as GW in proxysmart.sh show_status ) through the proxy. Click SMS button.

By default it is set to proxy / proxy.

In the WebApp→GlobalSettings scroll to the bottom, set new WebApp password. NOTE: login remains proxy.

Command line method.

sudo htpasswd -b /etc/nginx/htpasswd proxy NewAweSomePassword999999

If you want to change username as well, just delete the file and then assign new password

sudo rm /etc/nginx/htpasswd
sudo htpasswd -b -c /etc/nginx/htpasswd MyNewUsername NewAweSomePassword999999

Os Spoofing is used to simulate other OS TCP fingerprints.

What OS can I spoof?

MacOSX, iOS,  Windows,  Android.

How to enable OS Spoofing?

In the WebApp set the needed OS per each proxy port (click EDIT PORT).

How to test OS Spoofing ?

Visit one of these websites (IP checkers) through a proxy. Find something like “OS TCP fingerprints”.

• http://witch.valdikss.org.ru/
• https://thesafety.us/
• https://whoer.net → extended results
• https://browserleaks.com/ip

Can I dump OS TCP fingerprint from a real device and use it?

Yes, contact me.

I enabled OS TCP spoofing, but it is not working!

The reason may be that the operator passes all traffic through its internal proxy, or in other way modifies TCP signatures. Then local OS TCP modifications are overwritten. Is it bad? No! Because still traffic looks natural as it was coming from this operator network.

Try other operator.

When >50 modems are added, play with MAX_PARALLEL_WORKERS_STATUS variable, on faster CPU’s it can be set to 8 or 16 (to the number of CPU cores). It can be set by editing the file /etc/proxysmart/conf.txt. It affects number of threads

• when generating status of the modems
• when generating configuration of newly added modems

Set TARGET_MODE the modem's settings in the Proxysmart WebApp. Allowed values:

• auto
• 3g
• 4g

Lock network mode to 4G and rotate its IP.

In the WebApp, create more ports on the modem, each port means a dedicated proxy.

Yes but it’s off by default.

On modems , edit APN and set APN type for both IPv4 and IPv6 , e.g. Ip4Ip6 or Ip4+ip6, there is a dropdown list for that.

On Proxysmart box: Update WebApp→GlobalSettings → IPV6_SUPPORT On

and reset configuration proxysmart.sh reset_complete ; or even better do a reboot.

There is a plugin embedded, run it as root,

/usr/lib/nagios/plugins/proxysmart-nagios-helper.sh IMEI

or

/usr/lib/nagios/plugins/proxysmart-nagios-helper.sh NICKNAME

so it will return OK/WARN/CRIT/UNKNOWN and corresponding exit code.

These links

• Can be safely passed to your customers. They don’t reveal real dongle parameters like IMEI or Nickname.
• They don’t require HTTP basic authentication
• They depend on the proxy password. So, when you change the proxy password - old IP rotation links, associated with that proxy, will stop working.

A link can be copied from the WebApp→Ports list. Each Port has its own IP rotation link. If one port rotates IP, then other ports of the same modem affected too.

If you realized you gave a link to a customer, and want to revoke it, just set new password for the proxy.

If you want to invalidate all links of all modems, set a new secret: set RESET_LINK_SECRET in WebApp→GlobalSettings .

On Proxysmart 2.3+ it is enabled by default.

It is needed for proper work of HTTP/3.0 which uses UDP.

QUIC (UDP over socks5) will work either in your LAN or via a VPS. Steps are below.

Make sure you finished the Cloud VPS setup part, with Ansible

cd /root/proxysmart-vps/
nano vars.txt

- set vps_socks5_udp: 1

Save the file (press Control O) and exit the editor (Control x)

Run Ansible again

ansible-playbook ./proxysmart-vps.yml

set in WebApp->GlobalSettings → QUIC_SUPPORT : On.

and reboot or reconfigure all proxies (run proxysmart.sh reset_complete ).

Note: make sure the VPS has enough RAM, each proxy needs 50MB of RAM. Also add swap if needed.

It may be needed when you need even faster IP reset. In this case, post-checks are not made, so it is not sure if the modem really went online after IP reset. It can be activated by DIRTY_IP_ROTATION in WebApp→GlobalSettings

In /etc/proxysmart/conf.txt

• by Device name, populate this array IGNORED_DEV=( modem132 modem0000000002) – array of Network Interfaces that are not processed
• by IMEI, populate this array IGNORED_IMEI=( 9999999999999999 8888888888888888 ) – array of IMEI that are not processed

It is useful when for some reason you want to run speed tests towards a custom server, instead of Ookla servers.

Update WebApp→Global_settings with IP of the WEB server:

• SPEEDTEST_CUSTOM : enabled

DL_URL can be an URL of a large enough file (~100Mb+). And UL_URL is an URL that accepts large enough POST request.

If you want to avoid too frequent IP rotations triggered by your users – in WebApp→Global_settings set MINIMUM_TIME_BETWEEN_ROTATIONS as 120, so for 120 seconds minimum delay.

• Individual (per proxy) block lists : WebApp → Edit Port, check DENIED_SITES_ENABLE, populate DENIED_SITES_LIST
• Global block list - for all proxies: WebApp→Global_settings → check DENIED_SITES_ENABLE populate DENIED_SITES_LIST , click SAVE and re-apply all modems settings.

How blocklists are processed:

• if you block porn.com, then also www.porn.com is blocked.
• if you block gov, then also nyc.gov,www.nyc.gov are blocked.
• IP's are blocked also e.g. 23.23.23.23

Note for Socks5 proxies

When a domain blacklist is imposed, then by default users still can access blocked sites by their IP’s.

In order to prevent it, set DENY_IP_REQUESTS in WebApp→Global_settings and run proxysmart.sh reset_complete for resetting all configuration (or reboot).

The feaure it not ready.

In WebApp→Global_settings set RETRY_IP_ROTATIONS .

So when Old_IP == New_IP, then IP rotation is retried. Up to MAX_RETRY_IP_ROTATIONS attempts which is by default 3.

For example to prevent using IP’s that were in use 1 time (or more) within last 24h: set in WebApp→Global_settings :

RETRY_IP_ROTATIONS                 # enables Re-rotation, enable it.
NON_UNIQUE_IP_OCCURS 1             # how many times an IP must occur to be considered NonUnique. E.g. 1
NON_UNIQUE_IP_PERIOD 24hour        # during which period an IP must occur to be considered NonUnique. E.g. 1day or 1hour

On Proxysmart 2.3+ it is enabled by default

By default Proxysmart can't see original clients IP's. So we have to enable it:

Steps:

1. On Proxysmart server

• set PROXY_PORTS_FORWARDER_SOFTWARE=ssh+haproxy in WebApp→Global_settings
• run proxysmart.sh reset_complete for resetting all configuration.

2. On the VPS

cd /root/proxysmart-vps/
nano vars.txt

set

haproxy_enabled: 1

Save the file (press Control O) and exit the editor (Control x)

Run Ansible again

ansible-playbook ./proxysmart-vps.yml

Edit /etc/proxysmart/conf.txt and set DNS_SERVER_PROXIES="1.1.1.1" where 1.1.1.1 is a custom DNS server, it must be publicly available.

Click the button “Reset Complete” on the main screen of the WebApp in the bottom or in the console, run: sudo proxysmart.sh reset_complete or reboot the server.

On the Proxysmart server in a folder /var/log/3proxy/ , each filename is named for HTTP proxy port.

Logs are rotated daily and 90 copies are saved, details are in /etc/logrotate.d/3proxy.

Logs of IP rotations are in a folder /var/log/proxysmart/dongle_rotations/.

If you want to run NoLogs policy, create a cron script that deletes the logs, i.e. the files

/var/log/gost/*
/var/log/3proxy/*
/var/log/sniproxy*
/var/log/haproxy*

Assume a chain UsbModem→PC→VPS→ProxyUser. Final Proxy speed is limited by:

• Download speed of the modem
• Upload speed from PC to VPS
• Download speed from VPS to the ProxyUser

Download speed of the modem.

It can be measured on the side of the PC e.g. in the Proxysmart WebApp by clicking the Speedtest button.

How to improve it?

• try other carriers
• try other modems
• try better location with better signal (i.e. not your Home)

Upload speed from PC to VPS.

Normally it correlates with quality of home internet (Fiber/xDSL) and can be measured by running speedtest on the PC in browser or in Terminal (speedtest-cli). Upload value has to be high.

With different types of port forwardings:

wan (Home Internet is used for ports forwarding) : remote proxy user's DownloadSpeed is limited to minimum of (ModemDownloadSpeed, HomeInternetUploadSpeed )

cell (each modem forwards its proxies through its internet) : remote proxy user's DownloadSpeed is limited to minimum of (ModemDownloadSpeed, ModemUploadSpeed )

How to improve it?

• get a better home internet with better upload
• switch from WiFi to Ethernet

Download speed from VPS to the ProxyUser

It can be measured by downloading a file from VPS to the Proxyuser.

How to improve it?

• Change location of the VPS to a Cloud Hoster that has better reachability to the clients from all over the world

Reason 1: Compare LTE category of the modem and the phone. Phone has higher LTE cat e.g. 12..20, while modem has LTE cat 4..6 (depends).

Reason 2: when the speed is really bad (about 1mbps) then it is Operator's throttling. Perhaps you bought a plan that allows only phones/tablets and doesn't allow modems.

Why is it needed? When home base internet is unstable or its upload speed <15mbps.

A VPS is needed in order to expose the ports this way ( see VPS integration chapter ).

How it works

Each proxy forwards its port through its modem, not using base internet.

PRO's :

• Home base internet speed & stability is not important

CON's :

• each modem is working in bidirectional mode
• proxy speed is limited to 4G Upload speed which is slow

Steps: on Proxysmart server

• set PROXY_PORTS_FORWARDER_TYPE=cell in WebApp→Global_settings
• run proxysmart.sh reset_complete for resetting all configuration.

Sometimes only a reboot can fix a modem. In order to enable, set AUTOREBOOT_DONGLES in WebApp→Global_settings. How it works:

• if a situation occurs , “reboot score” of a modem is increased by the value, according to the situation:

SCORE_IP_ROTATION_FAIL=10                   # score increments when IP rotation failed
SCORE_IP_NOT_DETECTED=2                     # score increments when IP not detected
SCORE_IP_RECONNECT_FAIL=10                  # score increments when IP not auto-reconnected
SCORE_WWAN_DATA_FAIL=10                     # score increments when WWAN device can't establish Data connection
SCORE_WEBAPP_FAIL=20                        # score increments when the modem's WebApp is stuck

• when the modem’s reboot score reaches MAX_REBOOT_SCORE then the modem is rebooted.
• special case, do USB reset instead of a reboot, when AUTO_USB_RESET_DONGLES is 1, it is useful when modems’ WEB APP is not available.

• Check if the modem has good signal.
• Check if the modem has correct APN (set in its Web Dashboard).
• Check if its SIM card is active (not blocked on Operator side) and is topped up.
• Check the modem on another PC (e.g. your own Windows desktop) without WiFi and without Ethernet (to make sure Internet is provided by the dongle that being tested).

When ports forwarded through a VPS

Assume 2 Proxysmart servers:

• Server1
• Server2

On each, make sure the proxies are configured on these ports:

• Server1 : http 8001..8099, socks5 5001..5099
• Server2 : http 8101..8199, socks5 5101..5199

Make settings in the WebApp→GlobalSettings:

For Server1:

• VPS - IP of the VPS
• PROXY_PORTS_FORWARDER_ENABLE on
• SSH_REMOTE_PORT: 6001
• WEB_REMOTE_PORT: 7001
• OPENVPN_SERVER_PORT: 1501

For Server2:

• VPS - IP of the VPS
• PROXY_PORTS_FORWARDER_ENABLE on
• SSH_REMOTE_PORT: 6002
• WEB_REMOTE_PORT: 7002
• OPENVPN_SERVER_PORT: 1502

When ports forwarded through a static office IP

Assume 2 Proxysmart servers:

• Server1, LAN_IP1
• Server2, LAN_IP2

On each, make sure the proxies are configured on these ports:

• Server1 : http 8001..8099, socks5 5001..5099
• Server2 : http 8101..8199, socks5 5101..5199

Then on the router, make forwardings.

For Server1:

• WebApp: (from external IP) TCP 8080→LAN_IP1:8080
• Proxies: (from external IP) TCP 8001..8099,5001..5099 → LAN_IP1
• Openvpn: (from external IP) TCP+UDP 1194→LAN_IP1:1194

For Server2:

• WebApp: (from external IP) TCP 8082→LAN_IP2:8080
• Proxies: (from external IP) TCP 8101..8199,5101..5199 → LAN_IP2
• Openvpn: (from external IP) TCP+UDP 1195→LAN_IP2:1194

If you don't rotate IP's and they are detected each time as a new IP - it is natural behaviour of mobile provider, when it routes its clients through random different gateways every 1 minute or so. T-Mobile USA is known of doing so.

Solution: in the WebApp→GlobalSettings set COLLECTD_PINGER_KEEPALIVE to On, so there will be a pinger daemon that keeps open connection to a hostname defined as COLLECTD_PINGER_HOSTNAME through each modem.

Why? Get single log of all requests from Proxies (HTTP/Socks5) clients and VPN clients.

Installation On Proxysmart server

In the WebApp→GlobalSettings set SNIFFER_ENABLED and click Apply.

run proxysmart.sh reset_complete

Watch the log /var/log/proxy_log.log on Proxysmart server.

It is rotated and 365 daily copies are stored on disk.

Then it is bound to a button “Download Proxy Logs”.

It can also be installed on a VPS if the VPS is working as proxies frontend.

Installation On VPS

not supported yet.

Log format

File: /var/log/proxy_log.log

    _ws.col.Time  frame.interface_name   ip.src  tcp.srcport   ip.dst   tcp.dstport  
    #   1          2                        3       4           5           6
    
    socks.remote_name    socks.dst    socks.port   socks.dstport 
    # 7                         8         9         10
    
     http.request.method    http.host  
    #   11                  12        

     tls.handshake.extensions_server_name  x509ce.dNSName
    #   13                                  14

These are very old 3g modems like Huawei E303, E173, E156; ZTE MF110, MF193, MF190. In order to make them work with proxysmart,

edit WebApp→GlobalSettings and set PPP_MODEMS_ENABLE .

Make Quectel / Sierra Wireless LTE modules work in PPP mode

Why? sometimes they fail working in QMI mode. So:

• edit WebApp→GlobalSettings and set PPP_MODEMS_ENABLE
• place a file /etc/udev/rules.d/21-wwan.rules

# ignore QMI_WWAN endpoints on Quectel, to make it work in PPP mode.
SUBSYSTEM=="net", ACTION=="add",  ATTRS{idVendor}=="2c7c" , ATTRS{idProduct}=="0125",  ENV{.LOCAL_ifNum}=="04", PROGRAM="/usr/local/bin/usb_ignore.sh %p"
# ignore QMI_WWAN endpoints on SierraWireless  , to make it work in PPP mode. Save to 21-wwan.rules:
SUBSYSTEM=="net", ACTION=="add",  ATTRS{idVendor}=="413c" , ATTRS{idProduct}=="81b6",  ENV{.LOCAL_ifNum}=="08", PROGRAM="/usr/local/bin/usb_ignore.sh %p"

• re-plug modems or reboot Proxysmart server

In Telegram start a chat with a bot https://t.me/userinfobot and get your Telegram numeric ID.

In Proxysmart WebApp→GlobalSettings , set TG_ALERTS_ENABLE ; and set TG_ALERTS_RECEIVER to your Telegram numeric ID.

In Telegram start a chat with Proxysmart bot https://t.me/nagios737bot and send 'hi'.

After that the bot will send you alerts.

Together with building proxies, it is possible to build Mobile VPN.

It is enabled with WebApp→GlobalSettings → OpenVPN integration → OPENVPN_INTEGRATION

So download the VPN profiles and connect using any VPN client software.

• Download and install software:

Windows: https://openvpn.net/community-downloads/ or https://openvpn.net/client-connect-vpn-for-windows/

MacOS: https://tunnelblick.net/

Android: https://play.google.com/store/apps/details?id=de.blinkt.openvpn or https://f-droid.org/en/packages/de.blinkt.openvpn/

IOS: https://apps.apple.com/us/app/openvpn-connect/id590379981

• Import downloaded OpenVPN profile, tap Connect.
• use Login and Password from the corresponding proxy.

• You can switch to TCP or UDP.
• In WebApp→GlobalSettings set OPENVPN_PROTOCOL to tcp or udp and run proxysmart.sh reset_complete
• On Clients, either download profiles again, or change protocol in client settings.

Logs of openvpn sessions - /var/log/openvpn/sessions.log. Format:

'$time','$type','$local_port','$proto','$duration','$bytes_in','$bytes_out','$Real_IP','$Real_PORT','$Ovpn_CERT','$Ovpn_IP','$IMEI','$proxy_login','$auth_reject_why'

• type - session_start / session_stop / auth_reject
• local_port - local port of Openvpn server
• proto - tcp-server or udp
• duration - when type is session_stop, how many the session lasted
• Real_IP, Real_PORT - of a client
• auth_reject_why - when type is session_stop, the reason why auth was rejected

• IPV6 is not supported

• No P0f-spoofing with Proxysmart APK app.

• IPV6 is not supported

• Proxy ports range: HTTP 8001..8999, SOCKS5 5001..5999

• Not supported on Ipv6

TCP port 25 is blocked, we don't send spam. If you want to send normal emails then you can use ports: 587, 465. Port 25 is for server2server communication only.