Making a SSH VPN [duplicate]

command-line ssh vpn proxy

Solution 1:

It's not exactly VPN, but could be enough in the most cases. You can create ssh connection with dynamic port forwarding to create socks proxy:

ssh -D 9050 user@sshserver -fTNC

  • -D [bind_address:]port Specifies a local “dynamic” application-level port forwarding... Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported... read more at man ssh.

  • The options -fTNC will enable the compression and will push the connection in the background.

  • Optionally use autossh instead of ssh.

  • In addition, you can create crontab entry as this:

    @reboot autossh -D 9050 user@sshserver -fTNC

The rest you need to do is to tell your applications to use localhost:9050 as socks proxy. Here are few references dedicated to this task:

  • Systemwide proxy settings in ubuntu or How to on Ubuntu 18.04

  • Set Ubuntu System Proxy Settings without Restart from command-line

  • How To Route Web Traffic Securely Without a VPN Using a SOCKS Tunnel

  • Setting up Proxy in Ubuntu

  • For any other special requirements probably iptables rules can be applied.

Another solution that is more close to VPN is sshuttle, which works over ssh too. Here is its overview:

sshuttle: where transparent proxy meets VPN meets ssh

As far as I know, sshuttle is the only program that solves the following common case:

  • Your client machine (or router) is Linux, FreeBSD, or MacOS.
  • You have access to a remote network via ssh.
  • You don't necessarily have admin access on the remote network.
  • The remote network has no VPN, or only stupid/complex VPN protocols (IPsec, PPTP, etc). Or maybe you are the admin and you just got frustrated with the awful state of VPN tools.
  • You don't want to create an ssh port forward for every single host/port on the remote network.
  • You hate openssh's port forwarding because it's randomly slow and/or stupid.
  • You can't use openssh's PermitTunnel feature because it's disabled by default on openssh servers; plus it does TCP-over-TCP, which has terrible performance (see below).

It is available in Ubuntu repository, so you can install it and start your examination by the command:

sudo apt install sshuttle

It is also possible to install into a virtualenv as a non-root user. Once it is installed you can use:

 sshuttle --dns -r user@sshserver 0.0.0.0/0

This command will forward all traffic including DNS queries will be proxied through the DNS server of the server you are connect to.

Related

IPv4 is not getting configured on Ubuntu in a dualstack (IPv4/IPv6) network
Installation of NVDIA drivers on ASUS ZenBook 14 UX431FN-AN001T
Why my roommates' connection to the Internet is lost, when I'm connected to our router on Ubuntu?
What happened to dconf/Nautilus "show-advanced-permissions" in 13.04?
How to install LibreOffice 3.4 Final In Ubuntu 11.04 or 10.10
Is it raining in/at/on Stephen's Green?
Word for a kind of obviously misleading, over-sell
Word for making an implication with tone
What does the phrase "He got nothing on me" mean?
A slang word for person who is addicted to mass media promoted pop-culture [closed]
Is it “in” or “on the holidays”?
Word for a book or notebook that describes the contents of a specific set of other (note)books