Socks Proxy Over Ssh Tunnel Through Vpn

VPNs are powerful tools and can help keep your network traffic secure. If you have a VPS or dedicated server, you could even run a VPN service from your server. The issue is that setting up and configuring a VPN can be time consuming and complicated. For some uses, there may be an easier way to securely route your traffic through a remote server (like your VPS or dedicated server).

An SSH tunnel is another method of rerouting some or all traffic from one location (like your local computer) through another (your remote server). All of this rerouted traffic is securely encrypted as it travels between your local machine and the remote server thanks to SSH. With a tunnel active and traffic proxied through the tunnel, that traffic will appear to be coming from your remote server instead of your local machine. This can be useful to bypass remote network issues or restrictive firewalls.

This article will explain how you can set up an SSH tunnel from your local MacOS (née OS X) machine.

If you are looking for an article explaining how to set up an SSH tunnel on your Windows machine, see our article here.

Requirements

The Mac already ships with all of the tools needed to set up an SSH tunnel, but you'll also need a remote server to SSH your connection through. Here's the full list of requirements:

1. A remote server running SSH and the ability to make other outbound connections to the internet.
2. A user account on the remote server that is able to log in via SSH.
3. Access to the Terminalapplication in/Applications/Utilities/Terminal(.app)on your Mac.
4. Access to the Networksection in System Preferencesso you can set up the system-wide proxy.
5. Alternately, access to Firefox or another browser that can accept locally configured proxy connections.

Setting up an SSH Tunnel

To set up the tunnel, you need to execute a command in the Mac's Terminalapplication.

1. Open theApplication sfolder on your Mac (if you don't know where this is. open your hard drive and the folder will be found there.
2. Scroll down to theUtilitiesfolder and open that as well.
3. Locate theTerminalorTerminal.appfile in theUtilitiesfolder and double click on the icon for the terminal.
4. This will open a new window where you will be able to type some text.

5. Type the following into the terminal window:

   ssh -f -N -M -S /tmp/sshtunnel -D 1080 USER@server.domain.com -p22

   Replace USERabove with the username of the user on the remote server you are logging in as, this could be "root" but it is generally safer to use an unprivileged user instead.
   Replace server.domain.comwith the hostname or IP address of your remote server.
   Replace22 at the end of the line above with whatever port your remote server accepts SSH connections on (22 is the default).

   If you want to understand what this command is doing, read on, otherwise skip tostep 6.

   -f: This forks the process into the background so you don't have to keep the terminal window open to maintain the SSH tunnel.
   -N: This tells the SSH process to not execute any commands on the remote server (we are only forwarding traffic through the remote server).
   -M: Put the SSH client into master mode. We're doing this so we can easily enter a command later to gracefully end the SSH tunnel without having to kill the connection.
   -S: This is used in conjunction with the-M command. This sets up a special kind of file (called a socket) that will allow us to enter a command later to gracefully end the SSH tunnel without having to kill the connection./tmp/sshtunnel is the full path to the socket file this command is creating.
   -D: This sets up a dynamic application level forwarding service and1080 is the port it will listen on. This command creates the SOCKS proxy we'll use later.
   -p: Specify the port on which the remote server is listening for SSH connections.

6. You will be asked to log into your remote SSH server.

   If you have to enter a password, the terminal will not show you bullets for your key strokes. You won't see anything at all. Just type your password and hit Return on your keyboard.

7. Once you are connected to your remote server, you can quit theTerminal application.

Configure the Proxy Service

Now you need to set up the SOCKS proxy so that your Mac routes traffic through your remote server instead.

Until you complete this step, your traffic is not secure.

MacOS Firefox Only

If you cannot make changes to your Mac's network settings, you can still use Firefox to secure your web browsing traffic. With this method, only traffic in Firefox is routed through the proxy service, all other traffic is routed normally.

1. From the hamburger menu (the menu item that looks like 3 parallel lines), select Preferences.
   
2. You will be in theGeneralsection of the options, scroll down to the bottom and click on theSettings... button in theNetwork Settings section.
   
3. Now you need to fill in the proxy details based on the proxy you set up earlier.
   
   
   1. Select the radio button next toManual proxy configuration
   2. In the SOCKS Hostsection, enter 127.0.0.1.
   3. Enter1080 as thePort(or whatever local port you selected when you set up the SOCKS proxy earlier),
   4. Click the radio button to select SOCKS v5.
4. There are a few more options to consider before finalizing setup.
   
   
   1. Neither of the SSH tunnel options we set up require a password or authentication to use, so the first option,Do not prompt for authentication if password is saved is not going to affect anything.
   2. The important item isProxy DNS when using SOCKS v5. You should check the box next to this option, otherwise your DNS requests will be made locally and someone will be able to see what sites you visited even if they can't see what you did when you went there.
   3. Enable DNS over HTTPS This will provide an additional layer of security at the risk of slowing down access to websites even more (at least on the first access).
   4. Click theOK button to apply these changes.

Test the proxy by revisiting https://hostdime.com/ip and make sure your reported IP address has changed. If you don't see a change in the IP address, try forcing the page to refresh or quit and restart your browser and try again.

Disabling the SSH Tunnel and Proxy Service

To disconnect from the SSH tunnel, follow these steps:

1. Disable SOCKS proxy use either by unchecking the SOCKS Proxy from the Advanced... section of the Network preference pane or by switching toSystem ProxyorNo Proxyin thePreferencesof Firefox, depending on which set of directions you followed.

2. Disconnect the SSH tunnel and close the connection to your remote server.

   1. Launch theTerminalapplication from yourUtilitiesfolder in theApplicationsfolder.

   2. In the terminal window, enter the following command (editing it as needed):

      ssh -S /tmp/sshtunnel -O exit server.domain.com -p22

      Replaceserver.domain.comwith the IP address or server hostname of your remote server.
      Replace22 with the port number that your remote server accepts SSH connections on. 22 is the default.

      If you have problems for any reason disconnecting from your remote server this way, you can always restart your Mac and that will automatically kill the connection.

   3. Quit the theTerminalapplication.
3. Test your connection to https://hostdime.com/ip and make sure the IP that gets reported is no longer the IP address of your remote server.

Socks Proxy Over Ssh Tunnel Through Vpn

Source: https://www.hostdime.com/kb/hd/security/browsing-the-internet-through-an-ssh-tunnel-on-macos

Share this post