SSH Tunneling

Hi there. Im on WiFi network that has OpenDNS implemented on it with impossible amount of restrictions. Dont get me wrong im not some kind of a porn maniac, but things like Facebook are dead which sucks.

Right now, im using Silenceisdefeat.com SSH tunneling service, but it is very slow because there's only one time 1$ payment.

I need faster tunnel. now i've got some questions:

1. I'm pretty sure i can do the same thing with Linode, right?

2. Is there lot's to set up?

3. Im a noob when it comes to *nix but quite advanced in computing and did some programming ages ago, so i guess i know whassup. Will it be hard to set everything up for me?

i guess this is it for now. thanks in advance

13 Replies

It's actually quite simple. The linode already has the SSH service installed. On the client: ssh -d 8080 user@server.com

Then simply change your browser's settings to proxy all traffic (including DNS) through localhost:8080.

Although, I would recommend OpenVPN instead. That way, everything is tunneled through without you having to mess with program settings, etc.

thanks saman, so briefly what steps i will need to complete?

Install OS…activate/configure SSH and that's it?

You just have to deploy one of Linode's standard Linux distributions (no need to install the OS from scratch). Then create a user account (don't do your tunneling as root!), configure sshd to listen on a non-standard port (443, usually, to make your tunnel look like SSL/TLS traffic) and you are all set. Works like a charm for me.

@saman007uk:

It's actually quite simple. The linode already has the SSH service installed. On the client: ssh -d 8080 user@server.com

Then simply change your browser's settings to proxy all traffic (including DNS) through localhost:8080.

Although, I would recommend OpenVPN instead. That way, everything is tunneled through without you having to mess with program settings, etc.

By the way, the command above must be executed on YOUR computer (assuming that you're running *nix too). On the Linode side, all you need is to create a suitable user account.

@hybinet:

@saman007uk:

It's actually quite simple. The linode already has the SSH service installed. On the client: ssh -d 8080 user@server.com

Then simply change your browser's settings to proxy all traffic (including DNS) through localhost:8080.

Although, I would recommend OpenVPN instead. That way, everything is tunneled through without you having to mess with program settings, etc.

By the way, the command above must be executed on YOUR computer (assuming that you're running *nix too). On the Linode side, all you need is to create a suitable user account.

Im running Winxp so will be tunneling thru Putty i guess. So really, all i have to do is deploy linux distribution and create a user

account. is that it? cheers


Peter thanks for you reply.

I use putty and vista to tunnel ssh to my linode…..its easy as pie.

````
ssh -d 8080 user@server.com

Hmm… notwithstanding the comment I made above, that line of code doesn't seem to work as expected. For some reason, my linode can't seem to find the correct application protocol to use once the connection has been tunneled over there. Might be a firewall or configuration issue. But even then, -d is an incorrect option (it's -D).

The following is from a working setup that I use on a different box. It uses both SSH tunneling and a lightweight proxy server to achieve the effect of a secure proxy. This is obviously more complicated than it needs to be, but it has the added benefit of having at my disposal tinyproxy's configuration options with detailed logging and access controls. For example, I can let a few other people use my secure proxy, but restrict what they use it for.

On the Linode,

1) Install tinyproxy (apt-get install tinyproxy) -- tinyproxy is very lightweight, so it won't burden your linode.

2) Make tinyproxy only listen to localhost (edit /etc/tinyproxy.conf) -- otherwise you have an open proxy that can be abused.

3) Restart tinyproxy (/etc/init.d/tinyproxy restart)

On the home computer,

4A)````
ssh -L 8080:localhost:12345 user@server.com

8080 is the local port, and 12345 is the tinyproxy port on the linode. What this does is forward my home computer's local port 8080 to the linode's local port 12345, where tinyproxy is listening.

4B) If you're on Windoze, use Putty and go to Connection - SSH - Tunnels. Enter: Source port = 8080, Destination = localhost:12345. Click "Add" and connect to your server.

5) Make your web browser use 127.0.0.1:8080 as a proxy.

6) Enjoy your encrypted, uncensored internet!

If DNS is a problem, you'll want to send the DNS queries through the tunnel too. In Firefox, this is done via the network.proxy.socksremotedns boolean preference in about:config. I believe you must configure the browser to treat your tunnel as a SOCKS 5 tunnel for this to work.

My proxy command is:

ssh -fNCD 8080 linode.example.com

Tunnel doc:

http://www.curby.net/docs/ssh-tunnels.txt

You really do not need a linode to do this. Any shared hosting with ssh access will do

this software may help:

http://nemesis2.qx.net/pages/MyEnTunnel

@blacktulip:

You really do not need a linode to do this. Any shared hosting with ssh access will do

And you will get a nastygram from your provider when you burn through their bandwidth. There's nothing wrong with getting a Linode to use as an ssh tunnel, that's what I used mine for when I first got it. I've since branched out to using it for irc, serving my website, fileserving, seeding torrents… but I digress.

I really do not think normal browsing can use a lot of bandwidth. Of couse a linode can do a lot more other things.

You will get lots of threads like this once GAFA is switched on.

GAFA = Great Australian Firewall Appliance

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct