configuring SSH to act as a vpn tunnel

Maybe I am asking for a miracle but, I would like to configure a web
browser to use a proxy on a remote network. The trick is, due to port
blocking rules the proxy is not accessible outside the network -- which
defeats my plans.

So, what I would like to do is somehow configure firefox to use the ssh
tunnel I establish and connect to the proxy on that remote box (that I
will start).

Before anyone just says "Export the display back for a remote FF
session" I respond:

Yes, I can do that and currently am. However, the latency and BW usage
renders it difficult to use.

so, I guess the general question is: Can I use ssh as a generic vpn??

Christian

Christian Bongiorno <""@ lastname> wrote:
> Maybe I am asking for a miracle but, I would like to configure a web
> browser to use a proxy on a remote network. The trick is, due to port
> blocking rules the proxy is not accessible outside the network -- which
> defeats my plans.
>
> So, what I would like to do is somehow configure firefox to use the ssh
> tunnel I establish and connect to the proxy on that remote box (that I
> will start).
>
> Before anyone just says "Export the display back for a remote FF
> session" I respond:
>
> Yes, I can do that and currently am. However, the latency and BW usage
> renders it difficult to use.
>
> so, I guess the general question is: Can I use ssh as a generic vpn??
>
> Christian

It works, but due to the complexity, it's slow.

For generic VPN, my vote to OpenVPN,
<http://sourceforge.net/projects/openvpn/>.

It runs on both Windows and all kind of UNIXish
systems, including Linux.

There is a theoretical problem of running TCP on top
of TCP, like SSH and many other VPN tunnels do.
OpenVPN can run on top of UDP, where the problem
does not exist.

--

Tauno Voipio
tauno voipio (at) iki fi

Christian Bongiorno wrote:

> so, I guess the general question is: Can I use ssh as a generic vpn??
>

While many apps can run over ssh, why not just use a vpn? I use OpenVPN,
which can be configured to use any udp or tcp port (udp preferred).

> Maybe I am asking for a miracle but, I would like to configure a web
> browser to use a proxy on a remote network. The trick is, due to port
> blocking rules the proxy is not accessible outside the network -- which
> defeats my plans.
>
> So, what I would like to do is somehow configure firefox to use the ssh
> tunnel I establish and connect to the proxy on that remote box (that I
> will start).

If you're planning to run the proxy server on the remote host just to
forward your connections from work, then don't-- there's a simpler way.
Set up a "dynamic port forward" in the client invocation, e.g. -D1080.
This will cause ssh to act as a local SOCKS proxy. SOCKS packets sent
to localhost:1080 will be forwarded over the encrypted channel to the
ssh server, which will unwrap them, send them out to the net, and
forward replies back through the tunnel to the client.

Now just tell Firefox to use localhost:1080 as a SOCKS server. Be sure
to specify SOCKS v5, since this will cause DNS queries to be resolved
remotely instead of locally.

Otherwise, if you're planning to have the remote proxy server running
anyway, then you can just do as Dave suggested-- forward
localhost:someport to remotehost:proxyport, and tell Firefox to use
localhost:someport as a proxy server.

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"

Christian Bongiorno <"<firtname>"@ wrote:
> Maybe I am asking for a miracle but, I would like to configure a web
> browser to use a proxy on a remote network. The trick is, due to port

> blocking rules the proxy is not accessible outside the network --
which
> defeats my plans.

If you can access a remote machine via SSH you can use that to
forward requests to the proxy server, using OpenSSH's tunnels.

For example I have a host I can connect to from work, and I simpl
run:

ssh -L 8080:localhost:8080 username@my.home.gateway

This forwards all traffic sent to the local machine on port 8080
to port 8080 on the home gateway which is running squid.

Once this is done inside your browser you simply set your proxy
to b localhost:8080 and all will work correctly.

> so, I guess the general question is: Can I use ssh as a generic vpn??

You can (google for ppp over ssh) but it's slow and incurs a penalty
in
speed.

Instead you should simple use SSH's tunnel facilities, which will be
perfect for your problem. (And the proxy server doesn't even have to
run on the host you're SSH'ing to, so long as the two hosts can see
each other all will be well).

Steve
--
# Debian System Administration
www.debian-administration.org/

Dave {Reply Address in.sig} wrote:

> Also a good trick if you're using a wireless connection at your local
> coffee shop or elsewhere, ssh to home and browse/read mail/news via there,
> then it's a lot harder for people to see what you're doing because all
> they get are encrypted packets on an ssh link.

I did just that last week, except with a vpn. I was in a coffee shop, that
just started offerring WiFi and it's free until April. So, I forced myself
to drink a "Chocolate Lover's Latte, vanilla fudge brownie", so that I
could try out the WiFi service. ;-)