Server Configs

Setting up doxx.net Client as a System Service

Creating Systemd Service File

  1. Create the service file:
sudo nano /etc/systemd/system/doxx.net.service
  1. Add the following content:
[Unit]
Description=doxx.net VPN Client
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/doxx.net -server tcp-encrypted.mia.us.doxx.net:443 -token YOUR_TUNNEL_TOKEN
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
  1. Enable and start the service:
sudo systemctl daemon-reload
sudo systemctl enable doxx.net
sudo systemctl start doxx.net
  1. Check service status:
sudo systemctl status doxx.net

5. Advanced Routing Configuration with -no-routing

When using the -no-routing flag, you’ll need to manually configure routes to maintain connectivity with doxx.net services while controlling which traffic goes through the VPN.

Basic Setup with -no-routing

  1. Modify your systemd service file to include the -no-routing flag:
[Service]
ExecStart=/usr/local/bin/doxx.net -server tcp-encrypted.mia.us.doxx.net:443 -token YOUR_TUNNEL_TOKEN -no-routing
  1. Add the required route for doxx.net services:
# Get your doxx.net VPN IP (usually shows when connecting)
# Example: Connected: 10.1.2.3 -> tcp-encrypted.mia.us.doxx.net:443

# Add route for all doxx.net internal services (10.0.0.0/8)
sudo ip route add 10.0.0.0/8 via 10.1.2.3

# For Windows:
route ADD 10.0.0.0 MASK 255.0.0.0 10.1.2.3
  1. Create a routing script:
#!/bin/bash
# /usr/local/bin/doxx-routes.sh

# Wait for VPN connection
sleep 5

# Get VPN IP (adjust grep pattern as needed)
VPN_IP=$(ip addr show dev doxx0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)

# Add route for doxx.net services
ip route add 10.0.0.0/8 via $VPN_IP

# Add any other routes you want to go through VPN
# Example: Route specific subnet through VPN
# ip route add 192.168.1.0/24 via $VPN_IP
  1. Update systemd service to use routing script:
[Service]
ExecStart=/usr/local/bin/doxx.net -server tcp-encrypted.mia.us.doxx.net:443 -token YOUR_TUNNEL_TOKEN -no-routing
ExecStartPost=/usr/local/bin/doxx-routes.sh

Common Use Cases

  1. Split Tunneling: Route only specific traffic through VPN
# Route specific subnet through VPN
ip route add 192.168.1.0/24 via $VPN_IP

# Route specific host through VPN
ip route add 192.168.1.100/32 via $VPN_IP
  1. Selective Privacy: Choose which applications use VPN
# Route specific ports through VPN
ip route add 192.168.1.0/24 via $VPN_IP table 100
ip rule add fwmark 1 table 100
iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1

Troubleshooting

  1. Check Routes:
ip route show
ip route show table all
  1. Verify Connectivity:
# Test doxx.net connectivity
ping 10.1.0.1

# Check route being used
traceroute 10.1.0.1
  1. Common Issues:
  • If you lose connection to doxx.net services, verify the 10.0.0.0/8 route is present
  • If routes disappear after reboot, ensure the routing script is being executed
  • Check systemd logs: journalctl -u doxx.net -f

Remember to replace YOUR_TUNNEL_TOKEN with your actual tunnel token from a0x13.doxx.net portal.

Last updated on 1 Jan 2024
Published on 1 Jan 2024