Does it make pfSense to wear SSH SOCKS?

Adrian Hensler scribbled:

Just looking at your postings regarding VPN and Hamachi. Hamachi is pretty neat but if it has spotty support for the Mac why not try SSH (secure shell)? I know there are Mac clients like putty ( http://putty.darwinports.com/download/ ). SSH is great for tunneling data through. You can pipe your email, Web browsing, and IM and whatever else through SSH. It’s very flexible and once you’ve played with SSH (either the command line version or a GUI like putty, it’s easy to see many uses for it).

Here’s a page describing the Mac setup briefly: http://www.mikeash.com/?page=ssh_socks.html

I’m not sure why the author chose to use the Firefox “about:” way rather than the File | Preferences way, but that’s fine. This page might be a bit better description of the whole process, and here’s yet one more. Here’s one on setting up the SSH daemon on a Mac (not sure if there’s a better way, sorry). You could also just run a tiny linux virtual machine that includes a SSH daemon in something like VMware and just forward the appropriate port (22) to that.

It involves adding a dynamic tunnel and then changing Firefox to use that new local port as a SOCKS proxy. One caveat is that DNS requests are still done locally; so browsing history isn’t completely hidden. It’s possible to direct DNS requests through the tunnel as well; but it’s significantly more complicated. Also; it’s important to note that you can direct multiple ports through the same SSH tunnel – you could forward email / instant messaging / remote desktop; all through the same single SSH port at the same time; as long as you know and have access to the remote IP and port from the remote SSH server. The sister application SCP will work in the same manner for moving files securely.

Another issue might be that some users may not have access to change the Firefox / IE settings to add a proxy. In my previous job; these settings were locked by a group policy… but they didn’t lock the registry settings where these ‘lock’ options are set; so I just disabled the lock via the registry….

Like everything else; it seems more confusing than it is. Once you’ve set up a tunnel and see how it works; you’re set for a million uses. The fact that it is multi-platform is a huge plus for me – it works the same way on my Linux boxes and my Windows boxes. You can also set it up with multiple hops to get to places you might not have thought possible.

My personal solution is a router PC based on pfsense ( https://www.pfsense.org — amazing work done on this project) and I connect to that via either SSH or the Windows built-in pptp client – pfsense runs a SSH daemon if desired and also supports IPSec and PPTP tunnels. But for quick http proxies, it’s hard to beat SSH.

Jeremy Phillippe also suggests pfSense:

I’m not sure if you’ve considered (or are aware of) m0n0wall and pfSense. m0n0wall is a FreeBSD based router package that, among other things, will let you setup a PPTP VPN endpoint, which will let you almost effortlessly connect remotely from both Windows and Mac OS X to your home network and the internet from there. pfSense is an offshoot of m0n0wall, it uses a more recent version of FreeBSD and uses OpenBSD’s Packet Filter (hence the pf part), it also supports VPNs in this manner. It’s fairly easy to setup a spare machine for this (or get a small custom built device that will run either).