SSH tunnel over VPN

I am using a VPN software which, like all VPNs, changes the system configuration in certain ways to make use of their servers.

Sometimes, I need to use an SSH tunnel proxy. I use Sidestep which automatically sets and unsets the proxy settings on the system when I need to use it. And I'm trying to make sure that when I'm using the SSH tunnel proxy, all the connections are still going through via VPN first, then to the SSH tunnel.

My fear is that when I turn the proxy on, the settings are overridden and my machine directly connects to the proxy server only.

So I connect first to the VPN, then to the proxy server. When I visit a site to check my IP, I see the last IP of the chain (the ssh tunnel proxy).

How can I make sure that the local machine is not directly connecting via the SSH tunnel, overriding the VPN settings?

I tried with say, the traceroute google.com command, but it returns an unknown host error when using both the VPN and the SSH tunnel (same with other commands such as ping). When using JUST the VPN or the proxy, it works as expected, showing two different routes.


The easiest way, right off the bat, is to look at the IP you are connecting from.

When I connect (via SSH) to my Mac or FreeBSD machines, I get a nice little header that looks something like the following:

Last login:  Fri Jan 16 14:20:43 2020 from xxx.xxx.xxx.xxx

Now, if I'm connecting internally, it will be from my private address space, from public, it will be something else, if via VPN, it will be from my VPN service address space.

But that's my last connection.

To check what it is currently, you can check your current IP address:

$ ipconfig getifaddr en0

Again, check the IP space. As for your traffic, unless you've created a firewall rule (pf) on your local Mac to route SSH traffic through a different interface, it will be going through your VPN.

We know this is the case because of your already good diagnostics:

When using JUST the VPN or the proxy, it works as expected, showing two different routes.