public:ssh-usage

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:ssh-usage [2018-07-18 09:28] – [Create SOCKS tunnel] Reinoud Bokhorstpublic:ssh-usage [2018-07-18 11:46] (current) – [Simple VPN using dynamic port forwarding] Reinoud Bokhorst
Line 206: Line 206:
 ===== Simple VPN using dynamic port forwarding ===== ===== Simple VPN using dynamic port forwarding =====
  
-Instead of forwarding a single port you can also use dynamic port forwarding. This will turn your SSH client into a local [[https://en.wikipedia.org/wiki/SOCKS|SOCKS]] proxy server. This is quite powerful as all client programs that are then configured to use the SOCKS proxy will send their network traffic over the SSH connection to the remote network. When SOCKS5 is used, also DNS lookups can be sent through your tunnel, basically turning your SSH connection into a poor man's VPN connection.+Instead of forwarding a single port you can also use dynamic port forwarding. This will turn your SSH client into a local [[https://en.wikipedia.org/wiki/SOCKS|SOCKS]] proxy server. This is quite powerful as all client programs that are then configured to use the SOCKS proxywill have access to services in the remote network over the encrypted ssh connection. When SOCKS5 is used, also DNS lookups can be sent through your tunnel, basically turning your SSH connection into a poor man's VPN connection.
  
-The most useful application is to use a SOCKS proxy to access internal web services. Below a description on how to do that.+The most useful application is to use a SOCKS proxy to access LOFAR web services that are behind the firewall (when you are not connected to the LAN)Two steps are needed: 
 +  - Create a SOCKS proxy to the LOFAR portal 
 +  - Configure your browser (or OS) to use the proxy 
 +Below a description on how to do that.
  
-==== Create SOCKS tunnel ====+==== Create SOCKS proxy ====
  
 __With SSH__ __With SSH__
  
-The SOCKS tunnel is created by enabling the dynamic port forwarding feature when connecting to the LOFAR portal:+The SOCKS proxy is created by enabling the dynamic port forwarding feature when connecting to the LOFAR portal:
  
 <file> <file>
Line 222: Line 225:
 Port 1080 is the default SOCKS port but you can also choose another non-privileged one (e.g. 9999). Some client programs however may expect that port 1080 is used. Port 1080 is the default SOCKS port but you can also choose another non-privileged one (e.g. 9999). Some client programs however may expect that port 1080 is used.
  
-Alternatively you may add the '-C' flag to enable compression. This will speed up your connection in most cases except when dealing with a lot of binary data.+Additionally you may add the '-C' flag to enable compression. This will speed up your connection in most cases except when dealing with a lot of binary data.
  
-__With Putty__+__With PuTTY__
  
-Create a new session in the Putty configuration screen to portal.lofar.eu on port 22 as you would normally do (e.g. adding your ssh key for authentication). Then go to Connections->SSH->Tunnels and enable 'Auto' and 'Dynamic' radio buttons. Fill in 1080 as the source port and click on 'Add'. It should now look like this:+Create a new session in the Putty configuration dialog to portal.lofar.eu on port 22 as you would normally do (e.g. adding your ssh key for authentication). 
 + 
 +Then go to Connections->SSH->Tunnels and enable the 'Auto' and 'Dynamic' radio buttons. Fill in 1080 as the source port and click on 'Add'. It should now look like this:
  
 {{:public:putty-port-added.png?400|}} {{:public:putty-port-added.png?400|}}
Line 243: Line 248:
   - Go to Preferences   - Go to Preferences
   - Look for an item called 'Network proxy'. You may also type 'proxy' in the search field to find it for you.   - Look for an item called 'Network proxy'. You may also type 'proxy' in the search field to find it for you.
-  - Click on Settings and fill in the details as below:\\  {{:public:ff_proxy_settings.png?400|}} \\ \\ Make sure that DNS is forwarded using SOCKS5 by checking the checkbox.+  - Click on Settings, choose "Manual proxy configuration" and fill in the details as below (socks host and port, SOCKSv5, proxy DNS):\\  {{:public:ff_proxy_2.png?400|}} \\ \\ Make sure that DNS is forwarded using SOCKS5 by checking the checkbox
 +  - Now try to access an internal web service, you should be able to use the internal domain name of the service (xxx.control.lofar)
  
 +\\ 
  
 __Chrome__ __Chrome__
 +
 +Newer versions of chrome use the system-wide network configuration for its proxy settings. This is an alternative to only configuring the web browser to use the proxy. However, if you want to limit the proxy only for web browsing you can start Chrome adding the flag --proxy-server, e.g. on Linux Mint: 
 +
 +<file>
 +google-chrome-stable --proxy-server="socks5://localhost:1080"
 +</file>
 +
 +
 +
  
  
  
  
  • Last modified: 2018-07-18 09:28
  • by Reinoud Bokhorst