How to share WiFi/hotspot over SSH tunnel
I have created a SSH tunnel on my laptop connected to LAN. I want to share the internet via WiFi/hotspot, but over the SSH tunnel. I mean any computer using this wireless should connect to the internet via the SSH tunnel (automatically without setting proxy).
In other words, I want to set the proxy setting only on my laptop (e.g., 127.0.0.1:1028), and any computer using the WiFi/hotspot from my laptop should be able to use internet without any proxy setting.
What you want is not possible with pure SSH (i.e. the -D proxy option to create the poor-mans VPN).
Here's two options that do work, though:
- use sshuttle (available in the repositories) and tell it to forward all traffic from the subnet of your hotspot through the "VPN". See the manpage for more info.
- set up OpenVPN on the remote system and your local system. The traffic of the connected hotspot users should go through the VPN by default. You might also want to look at this serverfault question.
It is possible using pure ssh -D if one adds redsocks and iptables to the mix. This is much simpler than configuring an OpenVPN especially if you don't have privileges on the remote machine.
For creating the hotspot on Ubuntu I recommend http://ubuntuhandbook.org/index.php/2014/09/3-ways-create-wifi-hotspot-ubuntu/ which uses the built-in default network-manager.
With redsocks installed and configured one can use iptables to redirect all traffic from the wifi hotspot to redsocks which then passes it through the socks proxy.
For instance if your wifi hotspot is on the 10.42.0.1/24 subnet and the incoming redsocks port is 12345 issue:
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t nat -A PREROUTING -s 10.42.0.0/24 -p tcp -j REDIRECT --to-ports 12345
For a detailed set of instructions visit http://abidmujtaba.blogspot.com/2016/07/ubuntu-create-wifi-hotspot-access-point.html