Skip to content

Creating a SOCKS5 proxy for Diablo III

Here’s a simple tutorial how to create SSH Tunnel and Socks proxy to play Diablo III behind a firewall, or just to avoid 3007 errors. You’ll only need a SSH server where you can connect to.

Creating the SOCKS5  SSH tunnel with Putty

Step 1: Open Putty and go to the Tunnels menu. Set source port to 9999, and then set Dynamic as the port type, and press Add.

Step 2: To prevent unwanted disconnects from the SSH server you should set a value to “seconds between keepalive packages”. Open the Connections menu and set some value to seconds between the keepalive packages. 30 seconds is smaller than my server’s disconnect time, so that’s fine for me.

Set the seconds between keepalive packages to 30

Step 3: Open the session page, and connect to SSH Server. Just replace the Host Name “” with the server you want to connect to.
You can also save your session in this page (if you don’t want to configure the SSH tunnel again) by writing a name into the saved session, and then pressing save.

Write your server address to the host name and press Open

Write your server address to the host name and press Open

Choosing the Proxifier Software

The Proxifier is a proxy server, that can route your traffic though the SOCKS SSH tunnel, that we just created. The Diablo III uses UPD, so you should choose Proxifier SW that supports the SOCKS5 UDP Associate. You can get pretty good comparison at Wikipedia article here: I decided to use Widecap, since it’s for windows, it supports UDP, and it’s free.

Configuring Widecap for Diablo III

The Widecap UI is a bit messy, but you’ll get used to it 🙂
Step 1: Create a new proxy by clicking proxies/new proxy button. Then set the Server port into localhost:9999 (the SOCKS tunnel we just created). Then create a new Chain by clicking the Create new button at near the chain. You should invent a better name to your chain than the “Unused”

Connect to localhost:9999, and Create a new Chain, and click OK

Step 2: 
Create a new rule, by clicking the “new rule” button under the network.You can give a name to your rule in the Main tab. Next click the chain tb, and set the proxy chain you to the rule that you created in Step1.

Set the chain into to the rule that you created in step 1

Now you can add the real rule, by clicking the address tab, and adding a new address rule. In this example I used only, which is the, but if you’re behind some nasty firewall you should just choose to route all ports by choosing the option “Any”. Please also notice that the might later resolve into some other IP than, if you want to only route that domain, you should ping and see what it resolves. 

Create new rule, and set the IP

Currently it seems that playing the Diablo III causes about 15-20MB of traffic to the so it’s not eating too much bandwidth from my SSH server.
Step 3:
Configure the Diablo III to use the newly created rule. Click to the view programs page. Then Drag and Drop the Diablo III.exe file into the programs area. After this right-click the Diablo III.exe, and choose “modify program”. Then choose the rule you created in the Step 2 for the Diablo III and press OK. If you’re behind a firewall, you should also add the same rule for the Diablo launcher, so it can update the Diablo III for you.

Set the newly created rule for Diablo III.exe

Protip: install openSSH server to port 443

Many public networks at the airports etc. have quite strict firewall rules, so you can’t normally access to the SSH via port 22. My favourite hack is to run the OpenSSH server at 443 port, so I can connect into it pretty much from anywhere I like. The best part is that with SOCKS5 proxy I can even play Diablo III by bypassing these firewalls.


  1. Bob Cran says:

    Is you solution working through a NAT? I am amble to connect to, but my credentials can never be verified. I’ve read (in a thread you posted in) that this could be caused by UDP through SSH.

    • Summeli says:

      If your SOCKS server is behind the NAT, then it doesn’t work. But if you’re having the SOCKS server in localhost, as in this example, then it should work.
      At least I can login even with the rule “all traffic” through the SOCKS5 proxy.
      However I haven’t really pushed much of loggin into this case. Maybe there’s some blizard update agents etc. involved, which are still used in login phase? you can see at least 2 blizard agents running in windows processes, when you’re playing diablo III.

      • Bob Cran says:

        Yeah, I had all these processes setup in Widecap with the rule setup, but still behind a NAT, so still didn’t work. I’ve read that setting up OpenVPN on the SSH tunnel works (here:, but did not have the time to test, have no clue how to setup OpenVPN and don’t know if it works through a NAT either.
        Still, thanks for the useful post, and sorry about all the typos in the previous post, wrote it in a hurry :P.

      • Bob Cran says:

        And to clarify my setup, I’m running Widecap and Putty on localhost that doesn’t have access to (work computer), connecting through the SSH tunnel to my personnal computer which is behind a NAT (my personnal router). I might try removing to router next week to make sure the NAT is really the reason this isn’t working.

  2. Russell says:

    I am not able to add Programs in WideCap. What am I missing here?
    I already have an ssh server running and I know that works I use it for some other stuff.
    I can make the putty connnection to the ssh server, I set proxy and rule up but cannot add programs in WideCap.
    – TIA

  3. Lucas says:

    Hey, you should make an GBA emulator for Windows Phone!

  4. unnamedBoss says:

    Maybe please make NES emulator for Symbian Belle.

  5. Louwrens says:

    any of you running forticlient – if so – run it administrator – and close it – this also couse connection errors

  6. Tommy says:

    Widecap blocks/disable my cisco annyconnect. Annyone know what to do?

  7. Sanny says:

    when try to force certain connections go through a series of proxy servers, one simple software ProxyAware is enough. Support SSH, SOCKS5 and HTTPS and chaining. No local socks5–>ssh server is needed anymore.

  8. Robert D says:

    Very good article, but I don’t get what host name should I use on putty…

  9. BINX says:

    Hi first of all thank you for this great tutorial. I just have one problem though, after following step by step i was able to connect through battlenet to play diablo3. I have access to all my characters and to the auctions house, when i want to connect anyone of my characters into the game it loads for a while then tells me that “the connection to the game has been lost. The client game has been disconnected from the server.” Any ideas where the problem is coming from? or did i miss a step in the configuration, is the port used on the ssh server of great importance? because mine is set on port 80 should i change it to your specification? hope to get some help soon thx again

    • Summeli says:

      To play the game you probably have to map all the ports via proxy. This was just enough for me to get the log-in & AH working. I had different routes to the game servers.

      • Binx says:

        If i understood correctly i will have to map all the ports including the ip address of the EU game server from within whitecap? If you know of a tutorial for this following step can you please link the site thank you. I will try it on my own and see if i get it to work will let you know thanks again.

Leave a Reply