0

My question is simple:

  • is it possible to transfer all net traffic through an ssh-tunnel such that a user (i.e. me) does not have to change any configuration in the programs (e.g. firefox) accessing the internet. (I know that it is possible for VPN)

  • how is it done (I have an apple computer with unix tools)

If the question is duplicate (I did not find any matching older question) please direct me to the answer.

Fabian
  • 103
  • So if you know that it is possible for VPN, why don't you use VPN? – Daniel Hilgarth Apr 05 '11 at 07:00
  • It is NOT possible without VPN or something similar, because you need an endpoint you can connect to that also supports the SSH tunnel. – Daniel Hilgarth Apr 05 '11 at 07:01
  • Which server are you talking about? – Daniel Hilgarth Apr 05 '11 at 07:03
  • VPN support can be achieved pretty easily with OpenVPN... – Daniel Hilgarth Apr 05 '11 at 07:04
  • I am not an expert: isn't is possible that the endpoint supports an SSH tunnel but not VPN? I have to access the university network from home in order to be able to download papers from journals. At the old university, I could use VPN. Now I have to use ssh-tunnel which is more awkward (I have to redirect everything to a local port which then is tunneled). Is it not possible that all ports are tunneled? –  Apr 05 '11 at 07:04
  • Well, you have asked the question on a programming site, so you are stuck with non-experts until it is moved to superuser. ;-) VPN is what you want, because you don't only need a tunnel, you need more: You need to route all traffic trough the tunnel and then the server needs to route the data to the appropriate receivers. This means, the data will still travel unencrypted through the internet. You -> your server (encrypted). But: Your server -> website (unencrypted if you are using HTTP) – Daniel Hilgarth Apr 05 '11 at 07:07
  • 1
    @Fabian: Your latest comment makes things clearer. Are you only interested in redirecting web traffic like HTTP, HTTPS or FTP? If so, you could install a local proxy on your computer, configure firefox to use that proxy and make the proxy redirect everything to that one port... – Daniel Hilgarth Apr 05 '11 at 07:09
  • @Daniel Hilgarth: your second to last question makes things clearer for me. So VPN does more than setting up a tunnel... So if I don't want to change the proxy all the time (and the settings in all my scripts) then I will have to ask somebody to install OpenVPN on the server. –  Apr 05 '11 at 07:14
  • @Fabian: This really would be the easiest way... OpenVPN is set up pretty fast and simple to administer. – Daniel Hilgarth Apr 05 '11 at 07:17

2 Answers2

1

There is this : Setting up a Layer 3 tunneling VPN with using OpenSSH and there is this :OpenSSH: The Poor Man's SOCKS Proxy

Both can be used to transport all your traffic over the SSH tunnel, but you will always need to do something on both ends to get it working.

Jan van Haarst
  • 36
0

On my system, all my web antics are done using Firefox (web sites) and Thunderbird (e-mail). I know you asked how to achieve SSH tunnel without setting preferences of the software using it but you have to do that once at the start but once it is done, you are set.

So I set up SSH using OpenSSH and then just configured Firefox and Thunderbird to use my SSH tunnel via a SOCKS5 proxy via the system settings of each program. That way, I do not suffer any degradation in speed (whereas my 30Mb connection fell to about 300K with a Free VPN service but it stays at 30Mb this way) and it is just applied every time I use either program without doing anything other than starting the SSH tunnel at logon.

I wrote up how to do it in detail here on my blog if anybody is interested

Gizmo_the_Great
  • 583