Can someone please assist me with something. The specifications are:
I have a private server that I want to be able to use as a VPN server.
Must support stealth connect protocols, so I can bypass "good" firewalls.
Need to be able to do this via ssh (I have root access)
Why not just use an SSH tunnel + SOCKS proxy on an irregular port (say....443)?
I could. How do I configure that. I've looked on google, but I can't seem to find a tutorial that works for my setup.
A) Change OpenSSH to listen on port 443
B) ssh -D
#### -p 443
user@host.com
C) Configure your network connection to use a SOCKS (v4 or v5) proxy on localhost, port
####
Obviously you can use other ports, but 443 is what HTTPS typically goes over, so encrypted traffic on that port shouldn't look nearly as suspicious as elsewhere. Obviously, this means you can't use 443 for a web server in the mean time.
My web server uses 80, 443 is already open, so that works.
As for C), its SOCKS5. And is it localhost? Even if I'm non-local?
The proxy address is on localhost because that's where your ssh client is open. The ssh client will take SOCKS protocol stuff on the chosen port (####) and forward it through the sshd on the remote server.
Your webserver would need 443 if you ever plan to use SSL.
ah, so choose a different port.
What? No! Don't choose a different port unless you REALLY have a need to run an SSL website. I specifically suggested 443 because firewalls typically leave it open for outgonig traffic because it's necessary, and expect it to be carrying encrypted traffic. I'm just giving you a heads-up that down the road, if serving HTTPS is a requirement, you'll have to do something differently.
Also, just to be super clear: there are two different port numbers you need here. One is a local port for the SOCKS proxy, one is the port on your server for SSH. Keep them straight in your head.
Do exactly what elfprince said. On all the things.
allynfolksjr wrote:
Do exactly what elfprince said. On all the things.
This is probably the first time these words have been spoken by nikky. It's a historic moment.
Ok, I got some success with OpenSSH and SOCKS. Here's a script I created to set it up on OS X:
Code:
#!/bin/sh
# SSH SOCKS proxy script for Mac OS X
localport=443
remoteport=443
remoteuser="acssh"
remoteproxy="acagliano.no-ip.biz"
if [ $1 == "on" ]; then
echo "Listening on localhost:$localport. Modifying network settings.."
sudo networksetup -setsocksfirewallproxy Wi-Fi 127.0.0.1 $localport off
echo "Starting SSH session. Will run in background for 1 day."
ssh -f -p $remoteport -D $localport $remoteuser@$remoteproxy sleep 1d
fi
if [ $1 == "off" ]; then
echo "Disabling proxy in network settings."
sudo networksetup -setsocksfirewallproxystate Wi-Fi off
echo "Done!"
fi
The "networksetup" command is an OSX setting interfacing command that basically goes into Settings->Network->Advanced->Proxies, and puts the config data in where it belongs.
This script works. Typing "on" results in my ip address changing and my browser, uTorrent, and most other apps being proxied. However, Minecraft still insists on trying to connect via its default port.
Fine, I said. Opening the Minecraft launcher, and going into profile settings, advanced, VM arguments, I added the following:
Code: -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=443
Yet, Minecraft still won't use the proxy. What do I do now?
You probably shouldn't use such a low numbered port for the local stuff. Bump it up a bit (say.....4000) and try again. I also don't know what version of the SOCKS protocol is expected by the VM?
elfprince13 wrote:
allynfolksjr wrote:
Do exactly what elfprince said. On all the things.
This is probably the first time these words have been spoken by nikky. It's a historic moment.
Despite the fact that I essentially disagree with all of your social, political, and technological views, you're a pretty okay person otherwise.
elfprince13 wrote:
You probably shouldn't use such a low numbered port for the local stuff. Bump it up a bit (say.....4000) and try again. I also don't know what version of the SOCKS protocol is expected by the VM?
Is the local port number really the issue? Does Minecraft use port 443 for other stuff? And can Minecraft use a different local port, when the rest of the system is configured to use 443? of should it use the same port that is set in network preferences?
I don't know. Test it and see. Low numbered ports (<1024) often have special protections on them. Change your script so that local port is something higher and try that.
[edit]
nikky: you're so sweet
Well i just actually created a script where the host name, both ports, and user name are variables :p
I know. I saw the code you posted. Change the line for the local port to, say, 2001 (or something else high-number). Then tell me if it works.