VPN over SSH

Question

Level 1

14 points

VPN over SSH

Hi. This is my situation: I have a 10.8.2 machine behind an http/https proxy and a firewall so that the only open ports are 22, 80 and 443; at home there's a 10.6.8 server on which I can open every port I need. At work the connection is great (symmetric DSL 10 Mbit), while at home I've only 1 Mbit of upstream.

So, what I want to do is make the applications that don't support natively http proxy and so can't pass first through the proxy and then through the firewall, be tunneled at home. Just an example: iChat jabber won't connect at office so it would be great for me to tunnel only the packets from this app. Browsers, on the other hand, should work without being tunneled because faster.

What I already tryed is dynamic port forwarding and socks local proxy with ssh -D xxxx user@remotehost command but this don't allow me to tunnel selectively packets. I thought to a VPN, but every port I need is blocked, so, as far as I know the last possibility is VPN over SSH.

Two questions: VPN allow me to do the selective tunnel? And, could you please explain me how can I set it up?

iMac, OS X Mountain Lion (10.8.2), 3.06 GHz Intel Core 2 Duo

Posted on Jan 12, 2013 6:10 AM

Reply

Answer 1

BobHarris

Level 9

52,955 points

Jan 12, 2013 6:39 AM in response to Lorenzo91

Are you trying to setup a VPN between your home and work system?

If so, then consider Hamachi (free for personal use) from LogMeIn.com. This will establish a VPN between several systems so that they appear to all be on the same LAN.

If you want some kind of VPN to a proxy server which then accesses the outside world, I'm not sure that is going to work so well.

You could setup an ssh tunnel for specific ports to transship some protocols

ssh -L from_port:ultimate.destination.system.address:destination_port transshipping.system.address

NOTE: The connection from your starting system to the transshipping system is encrypted as an ssh tunnel. The connection from the transshipping system to the ultimate destination system is a generic regular TCP/IP connection (no encryption).

Reply

Answer 2

Lorenzo91 Author

Level 1

14 points

Jan 12, 2013 6:59 AM in response to BobHarris

Thank you, Bob.

In reality I'd like to bypass the proxy and the firewall and the only possible way is through port 22, ssh. Ports 80 and 443 are proxied. On which port does hamachi work? Is it proxy compatible?

I already knew ssh -L command, the problem is that you have to manually specify every single port you need to forward. I found this http://macdevcenter.com/pub/a/mac/2002/12/20/vpn.html?page=2 but I can't understand if is possible to restrict the service only to some applications.

Reply

Answer 3

Linc Davis

Level 10

209,535 points

Jan 12, 2013 10:43 AM in response to Lorenzo91

You may be able to do at least some of what you want by creating a SOCKS proxy and tunneling it through SSH to your home server. You would then direct applications to use that proxy in the Network preference pane. Some will use it, some probably won't.

The easiest way to create the tunnel would be to use an application such as "Meerkat."

Using Meerkat to secure wireless web browsing

Otherwise you can do it in the shell; see the ssh(1) man page for details.

Reply

Answer 4

BobHarris

Level 9

52,955 points

Jan 12, 2013 8:46 PM in response to Lorenzo91

Hamachi can work through a Proxy server. Hamachi -> Preferences -> Settings -> Advanced -> Server Conne ction -> Use Proxy

Or you can use port forwarding if you prefer. The following URL tells you the ports Hamachi would use if you decide NOT to use a Proxy server.

<http://help.logmein.com/SelfServiceKnowledgeRenderer?type=FAQ&id=kA030000000DGD6 CAO>

Reply