Skip navigation

VPN over SSH

1022 Views 4 Replies Latest reply: Jan 12, 2013 8:46 PM by BobHarris RSS
Lorenzo91 Calculating status...
Currently Being Moderated
Jan 12, 2013 6:10 AM

Hi. This is my situation: I have a 10.8.2 machine behind an http/https proxy and a firewall so that the only open ports are 22, 80 and 443; at home there's a 10.6.8 server on which I can open every port I need. At work the connection is great (symmetric DSL 10 Mbit), while at home I've only 1 Mbit of upstream.

So, what I want to do is make the applications that don't support natively http proxy and so can't pass first through the proxy and then through the firewall, be tunneled at home. Just an example: iChat jabber won't connect at office so it would be great for me to tunnel only the packets from this app. Browsers, on the other hand, should work without being tunneled because faster.

What I already tryed is dynamic port forwarding and socks local proxy with ssh -D xxxx user@remotehost command but this don't allow me to tunnel selectively packets. I thought to a VPN, but every port I need is blocked, so, as far as I know the last possibility is VPN over SSH.

Two questions: VPN allow me to do the selective tunnel? And, could you please explain me how can I set it up?

iMac, OS X Mountain Lion (10.8.2), 3.06 GHz Intel Core 2 Duo
  • BobHarris Level 6 Level 6 (12,545 points)
    Currently Being Moderated
    Jan 12, 2013 6:39 AM (in response to Lorenzo91)

    Are you trying to setup a VPN between your home and work system?

    If so, then consider Hamachi (free for personal use) from  This will establish a VPN between several systems so that they appear to all be on the same LAN.


    If you want some kind of VPN to a proxy server which then accesses the outside world, I'm not sure that is going to work so well.


    You could setup an ssh tunnel for specific ports to transship some protocols


    ssh -L from_port:ultimate.destination.system.address:destination_port transshipping.system.address


    NOTE:  The connection from your starting system to the transshipping system is encrypted as an ssh tunnel.  The connection from the transshipping system to the ultimate destination system is a generic regular TCP/IP connection (no encryption).

  • Linc Davis Level 10 Level 10 (108,160 points)
    Currently Being Moderated
    Jan 12, 2013 10:43 AM (in response to Lorenzo91)

    You may be able to do at least some of what you want by creating a SOCKS proxy and tunneling it through SSH to your home server. You would then direct applications to use that proxy in the Network preference pane. Some will use it, some probably won't.


    The easiest way to create the tunnel would be to use an application such as "Meerkat."


    Using Meerkat to secure wireless web browsing


    Otherwise you can do it in the shell; see the ssh(1) man page for details.

  • BobHarris Level 6 Level 6 (12,545 points)
    Currently Being Moderated
    Jan 12, 2013 8:46 PM (in response to Lorenzo91)

    Hamachi can work through a Proxy server.  Hamachi -> Preferences -> Settings -> Advanced -> Server Conne ction -> Use Proxy


    Or you can use port forwarding if you prefer.  The following URL tells you the ports Hamachi would use if you decide NOT to use a Proxy server.

    < CAO>


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.