Hey! It’s been a little while, but don’t worry, there is exciting stuff coming soon!
In the mean time, a friend wanted a tutorial on how to run a proxy (“VPN”) using SSH over SSL. This makes a really nice setup that can go through pretty much any firewall, as the SSH and it’s proxied traffic appear as regular SSL web traffic.
To set this up, you’ll need a Linux server (Ubuntu 18.04 in my case) with port 443 open (Note: if you want to run this alongside a normal web server, you’ll want to look at sslh. It will run behind stunnel in this setup, and route traffic based on SSH or web).
Something like a DigitalOcean droplet is a cheap and effective choice.
Commands that start with a “#” mean run with sudo. Don’t type the “#” or “$”.
- Edit the following file…
and place the text…
and set the like Enabled = 0 to Enabled = 1
- Final steps on the server:
Note, you’ll also want to set “GatewayPorts” to “yes” in _ /etc/ssh/sshd_config._
Now you need to setup SSH on your *nix client (Linux or macOS).
- Edit your SSH config…
And put in the following content:
If socat is giving you problems (“E SSL_connect(): error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error”), use this ProxyCommand instead:
Replace SOME_NAME with some name to identify the server. SERVER_USERNAME is the username of an account of the server, and SERVER_IP is the server IP or domain.
The “-servername” argument is apparently needed on newer distros, just put the domain name that is registered to the certificate you used.
On macOS you’ll want to install socat using “brew install socat” (make sure Homebrew is installed).
- Try connecting to the server.
If it works, awesome! If not, try googling the issue/error.
- Download sshuttle (“brew install sshuttle” on macOS). Then…
And there you go! Your system traffic should now be routed through sshuttle.
This is a really nice way to be able to go through all sorts of firewalls, and is actually really fast (since it’s your own server). As a side note, you can also use “ssh SOME_NAME -D 5222” to start a SOCKS proxy on port 5222. This is pretty useful, since it’s faster than SSHuttle. You’ll need to set the proxy setting in, for example, FireFox’s settings page. For other apps, use proxychains.