# Set System Proxy (IP Switching)

In this chapter, you will learn how to set up an IP proxy for the current mobile phone. FIRERPA supports setting up HTTP and SOCKS5 proxies for your phone, which will route all of its communication traffic through the configured proxy. This feature does not currently support IPv6.

## Connecting to a Proxy

This interface has many parameters. Assuming the proxy you obtained from your service provider is `http://1.x.x.x:8080`, you only need a few lines of code to route the device's traffic through this proxy. You can continue to the `Full Parameters` section below to learn about all available parameters.

```python
profile = GproxyProfile()
profile.type = GproxyType.HTTP_CONNECT

profile.drop_udp = True
profile.host = "1.x.x.x"
profile.port = 8080

d.start_gproxy(profile)
```

It is important to note that after setting up the proxy, currently running applications will not immediately use it. This is because these applications have already established their TCP connections before the proxy was set. Therefore, you need to manually close and reopen the target application for it to establish a connection through the proxy.

## Proxy Types

| Proxy Type | Description |
|---|---|
| GproxyType.HTTP_CONNECT | HTTP |
| GproxyType.HTTPS_CONNECT | HTTPS (HTTP+TLS) |
| GproxyType.SOCKS5 | Socks5 |
| GproxyType.SHADOWSOCKS | Shadowsocks |
| GproxyType.HTTP_RELAY | Deprecated |


### Shadowsocks Encryption Parameters

The following list shows the supported Shadowsocks encryption types. Only the encryption methods listed are supported; obfuscation parameters are not.

| Encryption Type | Name |
|---|---|
| AES | aes-128-cfb |
| AES | aes-192-cfb |
| AES | aes-256-cfb |
| AES | aes-128-ctr |
| AES | aes-192-ctr |
| AES | aes-256-ctr |
| CAMELLIA | camellia-128-cfb |
| CAMELLIA | camellia-192-cfb |
| CAMELLIA | camellia-256-cfb |
| DES | des-cfb |
| AES-AEAD | aes-128-gcm |
| AES-AEAD | aes-192-gcm |
| AES-AEAD | aes-256-gcm |
| AEAD | chacha20-ietf-poly1305 |

For Shadowsocks, use the following method to set the encryption method and password.

```python
profile.login = "chacha20-ietf-poly1305"
profile.password = "your_password"
```

## Disconnecting the Proxy

You can use the following to disconnect the proxy set by FIRERPA on the system. This interface is very simple and does not require any additional parameters.

```python
d.stop_gproxy()
```


## Full Parameters

Below is the complete parameter configuration information for the proxy interface. You can decide whether to use each parameter based on its description.

You can configure the type of proxy service with the following parameter. For a SOCKS5 proxy, it would be `GproxyType.SOCKS5`.

```python
profile.type = GproxyType.HTTP_CONNECT
```

If you need to redirect DNS queries, this parameter will cause all DNS queries from the system to be forwarded to this address. If coexisting with OpenVPN, do not set this to OpenVPN's internal network DNS, as it may cause a complete network disconnection. When this configuration is not used, the system's default DNS is used.

```{attention}
If the `dns_proxy` parameter is set to proxy DNS queries, the DNS server you use must support TCP queries. Most common DNS servers support TCP queries.
```

```python
profile.nameserver = "114.114.114.114"
```

Configuration for the proxy server's IP address and its port number.

```python
profile.host = proxy_server_address
profile.port = proxy_server_port
```

If your proxy server requires login authentication, you can provide it using the following parameters. This depends on your proxy provider. For the Shadowsocks type, `login` is the encryption method.

```python
profile.login = "proxy_server_login_username"
profile.password = "proxy_server_login_password"
```

Used to block UDP traffic in the system. Why block UDP traffic? Because most public proxy services today do not support proxying UDP traffic from the system. Of course, some SOCKS5 servers do support UDP proxying, such as our self-hosted solution, and Shadowsocks also typically supports UDP. Therefore, disabling system UDP traffic is a good option. This option is disabled by default.

```python
profile.drop_udp = False
```

Used to configure whether to bypass the local network. If set to `True`, traffic to router subnets like 192.168.x.x and 10.x.x.x will not go through the proxy. It defaults to `False`. Note that if `udp_proxy` is enabled, this option has no effect on UDP traffic.

```python
profile.bypass_local_subnet = True
```

Used to configure whether to proxy UDP traffic. Your proxy must meet some prerequisites: it must be a `GproxyType.SOCKS5` or `GproxyType.SHADOWSOCKS` proxy, and your proxy server must have UDP proxy support enabled. You can install a SOCKS5 UDP-supported proxy server or build your own SS server using the documentation we provide. It defaults to `False`. This option will be ignored if you are using an HTTP proxy or if the `drop_udp` option is `True`.

```python
profile.udp_proxy = False
```

Used to set whether you need to forward all DNS traffic through the proxy. When this option is enabled, all DNS traffic on the device will be sent through the proxy, which can prevent DNS pollution. When using this option, you must also specify the `nameserver` parameter. It should not be used in packet capturing scenarios, as packet capturing software may not handle DNS packets correctly, leading to a pseudo network disconnection.

```python
profile.dns_proxy = False
```

You can use the following configuration to set a proxy for only a specific application in the system. Traffic from other applications will not go through the proxy.

```python
# Please choose one of the following three ways to select the target application.
app = d.application("com.android.browser")
app = d.get_application_by_name("Browser")
app = d.application("com.android.browser", user=999) # Cloned application

profile.application.set(app)
```

## Auto-applying the Proxy

You can make FIRERPA automatically connect to a preset proxy server on startup, ensuring that your phone's traffic always goes through the proxy. Copy the following configuration, modify it with your proxy information, write it to the `properties.local` file, and then restart FIRERPA. Some fields not described here have the same names as those described in the `Full Parameters` section.

```ini
gproxy.enable=true
gproxy.type=http-connect
gproxy.host=1.x.x.x
gproxy.port=8080
gproxy.password=
gproxy.login=
```

## Setting up a Proxy Server

FIRERPA provides an out-of-the-box SOCKS5 proxy service Docker container in the `tools` directory that also supports UDP. You can learn how to deploy your own proxy server in the relevant sections of this documentation on deploying a proxy service.