Use SSH as a VPN

From CSLabsWiki
Jump to: navigation, search

This page summarizes how to utilize ssh to create a "poor man's" VPN. This can typically be done using any default install of ssh on a Linux system but this tutorial was written using a default install of CentOS 5 and utilizes Windows 7 as the client (Notes for Linux mentioned). This example creates a SOCKS proxy, which isn't a full VPN connection like OpenVPN.

This tutorial is geared more towards home users. A full VPN tunnel is possible with sshd but it cannot be accomplished easily in Windows and therefore isn't easily used on multiple OSs.

If you notice a problem with this How-To or would like to provide feedback, please email Matt.

Prerequisets

Linux server with sshd installed and open in iptables

PuTTY installed (if Windows)

Create the SOCKS Proxy

If you are using Linux, this is very easy. Just connect to your ssh server with the -D flag and a high port.

  • ssh -D PORT server.address.com

If you are using Windows, it is still fairly easy but requires a bit more work.

Open up putty and enter in your server address

Socks1.jpg

Choose Connection -> SSH in the Category menu. It isn't necessary but choosing to enable compression can be beneficial.

Socks2.jpg

Choose Connection -> SSH -> Tunnels in the Category menu. Enter in a high source port (such as 50000), choose Dynamic, choose Auto, and click Add.

Socks3.jpg

Finally, click Open and login to the server.

Configure an Application to use the Proxy

Not all applications support a SOCKS proxy but common ones like Firefox do. This example will demonstrate how to configure Firefox to use the remote Internet connection.

Open Firefox and open the Option menu. Choose the Advanced tab, select the Network tab, and click Settings... Configure Manual proxy configuration:

  • SOCKS Host: 127.0.0.1
  • Port: HIGH_SOURCE_PORT

Socks4.jpg

Click OK -> OK. Firefox should now be utilizing the Internet connection on the ssh server. You can verify this by going to http://www.whatismyip.com/ and verifying that it is different than your local Internet IP.

Socks5.jpg