https://blog.gwlab.page/vpn-over-ssh-the-socks-proxy-8a8d7bdc7028 Sign in GWLab * Physics * Computer * Archive VPN over SSH? The SOCKS Proxy Cory Chu Cory Chu Follow Mar 29 * 4 min read Some resources on the internet might be only accessible from clients with particular IP addresses. For example, suppose you want to download a paper published in a journal purchased by your university. In that case, you have to connect to the journal's website from a computer with an IP address that belongs to your university. If you are working at home, it is well-known that you may connect to the university's VPN such that your IP address will be disguised as a campus's IP address that allows you to download the paper paid by your university. However, it is not always possible to use VPN provided by your school. For instance, some VPN requires special client software, which may not support OS like Linux. Is there any simple alternative solution to VPN? The answer is YES if you can SSH to a server running with a university's IP address, e.g., a workstation running in your laboratory. SOCKS Proxy Create The SOCKS Proxy To solve the problem, we can execute the following command, which creates a SOCKS server listing on port 12345 of your localhost. $ ssh -NTCD 12345 SSH_remote_host_IP========================== -N Do not execute a remote command -T Disable pseudo-terminal allocation -C Requests compression of all data -D Specifies a local "dynamic" application-level port forwarding. This works by allocating a socket to listen to the port on the local side, optionally Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. If you want to stop it, just press [Control]-[C] Firefox via SOCKS Proxy The next step is setting up your browser's proxy configuration. Take Firefox as an example. The setting is in the Preference > Network Setting > Settings... [1] [1] SOCKS proxy setting in Firefox After doing so, you can find the papers you need and start to download them! As a demonstration, you may search "what is my IP" on Google via the browser with proxy, i.e., open https://www.google.com/ search?q=what+is+my+ip. You should found that it displays the IP of SSH_remote_host_IP instead of the IP of your local machine. [1] [1] https://www.google.com/search?q=what+is+my+ip How SOCKS Proxy works Usually, when we use a browser to open https://www.google.com, it will create a TCP socket pair connecting a random port on your local machine to port 443(for HTTPS) on www.google.com. Then, the browser sends the HTTPS request via this socket pair. However, what we did here is creating a SOCKS Proxy. Instead of communicating with www.google.com directly, we asked the browser to send HTTPS from the random port on your local machine assigned by your browser to port 12345 on localhost, which is the SOCKS server you just created by the ssh command. The HTTPS request will be relayed from localhost:12345 through the SSH-tunnel, reaching your remote host. And then, it will be sent from a random port on SSH_remote_host_IP to port 443 on www.google.com. Other than browser Since the SOCKS proxy performs at Layer 5 of the OSI model (the session layer), you may use it with many applications that work in a Layer higher than Layer 5, such as FTP, Telnet, HTTP, SSH... SSH via SOCKS proxy For example, if you want to SSH to a Far_Away_Host via the SOCKS proxy we just created. You can do: $ ssh -o ProxyCommand='nc -x localhost:12345 %h %p' username@Far_Away_Host After login into the Far_Away_Host, you can check that you are deemed as connected from SSH_remote_host_IP instead of your local machine! username@Far_Away_Host$ who username pts/3 2021-03-29 14:08 (SSH_remote_host_IP) FTP via SOCKS proxy Another example is the SOCKS proxy setting in FileZilla, an FTP client: [1] [1] SOCKS proxy setting in FileZilla Further Reading There is a convenient tool -- sshuttle suggested by smw on Hacker News . It works as a poor man's VPN using ssh, which also doesn't require admin on the remote machine. The manual is here. It can be easily installed on, e.g., macOS and Ubuntu via: # on Ubuntu $ sudo apt install sshuttle# on macOS, installed by macports $ sudo port install sshuttle The simplest way to use it is: $ sshuttle -r username@SSH_remote_host_IP 0.0.0.0/0 , which forwards all traffics on your local machine to the remote host! Reference * How to Set up SSH SOCKS Tunnel for Private Browsing * SOCKS Proxy Primer: What Is SOCKs5 and Why Should You Use It? * Create a SOCKS proxy on a Linux server with SSH to bypass content filters * SSH over socks5 (Chinese) * Di Shi Zhang TCPXie Ding (Chinese) GWLab A blog for gravitational-waves physics, general physics, computer, and programming. Follow 16 1 * VPN * Ssh * Socks * Proxy * Computer 16 claps 16 claps 1 response Cory Chu Written by Cory Chu Follow Zhong Gao Er Shan Dao Zhi ,Bu Ke Ze Zhi | Researcher | Gravitational wave Follow GWLab GWLab Follow A blog for gravitational-waves physics, general physics, computer, and programming. Follow Cory Chu Written by Cory Chu Follow Zhong Gao Er Shan Dao Zhi ,Bu Ke Ze Zhi | Researcher | Gravitational wave GWLab GWLab Follow A blog for gravitational-waves physics, general physics, computer, and programming. More From Medium Matrix Diagonalization, Eigenvalue, Eigenvector Cory Chu in GWLab [1] [1] Google Cloud: Dynamic VPN gateways with Cloud Routers Rajeev Ghosh [0] [0] How to create and connect to Google Cloud Virtual Machine with SSH Ali Farouk [0] [0] Is Charles Proxy an internet traffic police officer? Mario Cosme in Nerd For Tech [1] [1] MBR, Linux boot, GRUB Cory Chu in GWLab [1] [1] Tutorial for Making Printed Circuit Board (PCB) Cory Chu in GWLab [1] [1] You're Still Doing Remote Work All Wrong Will Leitch in Index [1] [1] The Things That Changed When I Became Beautiful Isvari [0] [0] Learn more. Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more Make Medium yours. Follow the writers, publications, and topics that matter to you, and you'll see them on your homepage and in your inbox. Explore Share your thinking. If you have a story to tell, knowledge to share, or a perspective to offer -- welcome home. It's easy and free to post your thinking on any topic. Write on Medium About Help Legal Get the Medium app A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store