Poor man's VPN connection
- Tony Mattke
- Security
- April 20, 2010
- 2 min read
Have you ever needed to access a site that had an IP restriction, or one inside your remote network? Recently I need to access a customers remote monitoring site, but its restricted to a small subnet of IPs. They had no VPN setup for me, so I had to come up with something new…
The answer was creating an ssh connection to their network firewall, which happened to be a custom Linux box I had access to. The setup is actually quite simple, and requires no changes to the remote host. The following command will create a local proxy for your machine to use on port 8080.
hackpro:~# ssh -q2nCTN -D 8080 user@hostnameThe only caveat to this setup is that you will need key authentication setup, it will not work with standard password authentication. The following is a list of the options used..
- -q = Quiet
- -2 = SSHv2
- -n = Do not read from stdin (This is why you need to have private key authentication set up!)
- -C = Compression
- -T = Disable pseuto-tty allocation
- -N = Do not execute a remote command or launch a shell. Uses the ssh connection for port forwarding
- -D = Allocate a socket to listen on the locally. Whenever a connection is made to this port,
the connection is forwarded over the secure channel. ( Requires root )
The only thing left to configure is your browser. Set it to use localhost:8080 as a SOCKS proxy. Quick, simple, and perfect! As usual, if you have any questions please feel free to leave a comment below.
