Making a SSH VPN [duplicate]
Solution 1:
It's not exactly VPN, but could be enough in the most cases. You can create ssh connection with dynamic port forwarding to create socks proxy:
ssh -D 9050 user@sshserver -fTNC
-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding... Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported... read more atman ssh
.The options
-fTNC
will enable the compression and will push the connection in the background.Optionally use
autossh
instead ofssh
.-
In addition, you can create
crontab
entry as this:@reboot autossh -D 9050 user@sshserver -fTNC
The rest you need to do is to tell your applications to use localhost:9050
as socks proxy. Here are few references dedicated to this task:
Systemwide proxy settings in ubuntu or How to on Ubuntu 18.04
Set Ubuntu System Proxy Settings without Restart from command-line
How To Route Web Traffic Securely Without a VPN Using a SOCKS Tunnel
Setting up Proxy in Ubuntu
For any other special requirements probably
iptables
rules can be applied.
Another solution that is more close to VPN is sshuttle
, which works over ssh too. Here is its overview:
sshuttle
: where transparent proxy meets VPN meets sshAs far as I know, sshuttle is the only program that solves the following common case:
- Your client machine (or router) is Linux, FreeBSD, or MacOS.
- You have access to a remote network via ssh.
- You don't necessarily have admin access on the remote network.
- The remote network has no VPN, or only stupid/complex VPN protocols (IPsec, PPTP, etc). Or maybe you are the admin and you just got frustrated with the awful state of VPN tools.
- You don't want to create an ssh port forward for every single host/port on the remote network.
- You hate openssh's port forwarding because it's randomly slow and/or stupid.
- You can't use openssh's PermitTunnel feature because it's disabled by default on openssh servers; plus it does TCP-over-TCP, which has terrible performance (see below).
It is available in Ubuntu repository, so you can install it and start your examination by the command:
sudo apt install sshuttle
It is also possible to install into a virtualenv as a non-root user. Once it is installed you can use:
sshuttle --dns -r user@sshserver 0.0.0.0/0
This command will forward all traffic including DNS queries will be proxied through the DNS server of the server you are connect to.