Drop dead easy OpenSSH VPN like setup + SOCKS

sullrich

OpenSSH can provide a really nifty VPN using SOCKS.

For information on how to achieve this with FireFox/Putty (Windows):

http://thinkhole.org/wp/2006/05/10/howto-secure-firefox-and-im-with-putty/

And information on how to do this with OSX:

http://www.dribin.org/dave/blog/archives/2004/11/22/ssh_socks/

Once you use putty or SSH to establish the -D option simply set your browser or operating system settings (OSX in this case) to use the SOCKS proxy.  For OSX users you can find the Proxy settings under System Preferences, Networking, (Interface in question ethernet/firewall/airport), Proxies.  Note that this is a per interface settings.

Check out http://www.bitvise.com/ if you are a windows user.

A OpenSSH tunneler frontend is available for OSX: http://projects.tynsoe.org/en/stm/

And finally, feel free to mention other utilities on all platforms that help out with this type of system.

kwag

I would like to add something to this thread.
If you want an SSH account, so you can tunnel to, I suggest www.silenceisdefeat.org
You can donate anything from $1.00 up, and they give you an SSH account!
I use it all the time ;)
BTW, silenceisdefeat runs OpenBSD, so that is very cool too :)

-Karl

ismail

Hello!

I use pFsense for load balancing on two ADSL lines. It works pretty good. Those ADSL lines were used for http traffic (I had a squid server who has the pfsense box as the gateway). I used another machine with squid because I read in the forums that outgoing load balancing cannot work with squid. Now I want to use it for p2p traffic (direct connect and maybe bittorrent) - so I needed a SOCKS server. I found out that OpenSSH could "emulate" a SOCKS4/5 proxy (i'm not sure about SOCKS5, but ayway…).

1. I was wondering if the problem with squid and load balancing is the same in this case with OpenSSH (acting as a SOCKS proxy server);
2. Where should I put the command for starting the server to run at each restart? The command is something like

ssh -D0.0.0.0:1080 -p222 localhost ...

Thanks.

I think a better way is to install some real SOCKS server (maybe Dante… or nylon), but this is not something I would try without a package available...  :-
Btw, all of my users would have to enter the SOCKS proxy IP and port (the LAN IP of pFsense and 1080) in their direct connect clients. After limited testing, it seems it works... not sure about the load balacing...

PS Sorry, didn't know if I should post this in the OpenSSH or Routing and Dual Wan forums…

hoba

No service installed at the pfSense itself can make use of loadbalancing. Only connections going through the pfSense can be balanced. So if you added the proxy to the machine that runs pfSense it will only make use of WAN (the default gateway).

To run some custom commands on bootup/filterreload have a look at the hidden config.xml options: http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden

ismail

Thanks for clarification.