How do I route my internet through a SSH tunnel?

Question

Old Q How do I setup an OpenVPN server without root privileges?

Is there a way to setup an OpenVPN server without root privileges? E.g. with configuration files in my home directory? If yes, how do I set it up?

I'm trying to SSH into a system and set up an OpenVPN server over there for personal use.

EDIT

Since it's apparent that OpenVPN needs root privileges, I am changing the question to routing my internet using SSH which I can easily set up.

By "userspace", do you mean in a home folder without root permissions? Usually, "userspace" is used as the opposite of "kernel space". — Lekensteyn, May 25 '11 at 11:18
You might be interested in my answer on How do I setup OpenVPN so I can securely use the internet from an unsecured hotspot? — Lekensteyn, May 25 '11 at 11:21
@Lekensteyn, yes without root permission, I did not know user-space referred to something else. Please feel free to edit my question into something appropriate. I was thinking of that answer as well, but I don't know about setting things up without root privileges. — Oxwivi, May 25 '11 at 11:58

score 35 · Accepted Answer · edited May 28 '11 at 20:20

sshuttle is a transparent proxy server that forwards over a SSH connection and sets up a proxy by running Python scripts on the remote server. sshuttle can be run under the following conditions:

client machine or router is Linux-based, FreeBSD or Mac OS
administrative privileges on client
access to remote network via SSH
no administrator privileges on remote network
availability of Python on remote server

Install sshuttle enter image description here from the Software Center or the Terminal:

sudo apt-get install sshuttle

The basic command for running sshuttle with routing all traffic is:

sshuttle -r username@sshserver:port 0/0

Upon the execution of the command, a sudo password prompt will appear and subsequently the password to SSH account. No other details will appear except for a short message and return to shell upon failure. For more status messages, run sshuttle in verbose mode with the -v flag.

In this example all internet traffic except DNS is routed through the VPN. -r flag denotes the remote hostname and optional username and port that follows in the above example. 0/0 is short for 0.0.0.0/0 that represents the subnets to route over the VPN. The usage of 0/0 routes all the traffic except DNS requests to the remote server. DNS tunelling is possible with the usage of -H flag.

Please read the man page (man sshuttle) for the details of options and modes under which sshuttle can run. For information about the concept and more examples, refer to the project page.

redsocks are also worth considering; same features, slightly different execution — sanmai, Jan 08 '17 at 12:26

score 18 · Answer 2 · edited Apr 13 '17 at 12:24

18

You cannot setup OpenVPN without root privileges because certain operations requires it.

Prerequisites: you need to enable packet forwarding in your (iptables?) firewall
Adding devices in operation: a special virtual device has to be added using ifconfig. Otherwise, no communication is possible between the server and client

Depending on your needs, other solutions are available. For browsing through your server, you may set up a SOCKS server.

SOCKS proxy

Setting up a SOCKS proxy is not difficult: it's built-in in OpenSSH. To enable the SOCKS server, run the next command in a terminal:

ssh user@host -D1234

Replace 1234 by your preferred port. In your browser, you can enter localhost as host and 1234 as port at SOCKS4/5 server.

Below is an example in the Firefox browser:

Go to Edit -> Preferences
Open the Advanced section
Go to the Network tab
Press Settings
Select Manual proxy configuration
Enter localhost as SOCKS Host
Enter 1234 as port (the same port as specified in the SSH command)
Press OK and Close to close the preferences dialogs.

FIrefox setup example

edited Apr 13 '17 at 12:24

Community

1

answered May 25 '11 at 12:10

Lekensteyn

174,277

1

I want to route my internet through the system I want setup VPN on. – Oxwivi May 25 '11 at 12:24
Unfortunately, you cannot change the routing rules on the server without root privileges. One solution that provides at least a secure solution for browsing is by using a SOCKS proxy as described in the answer. – Lekensteyn May 25 '11 at 13:01
1

I succeeded in getting my internet routed over the SSH tunnel. Shall I edit your answer to specifically refer to that as I've edited the question? Or will you do it? – Oxwivi May 25 '11 at 13:10
@Oxwivi: I'll re-order it and added an example for Firefox. – Lekensteyn May 25 '11 at 13:13

score -1 · Answer 3 · answered May 14 '14 at 12:55

-1

If you only want to tunnel your systems TCP traffic i recommend to use a programm called tun2socks. If you also want to tunnel UDP traffic you have to install udpgw on your server.

Here is an tutorial how to install and use this programms: http://board.nwrk.biz/viewtopic.php?id=3

answered May 14 '14 at 12:55

giri

1

4

Could you update your answer and explain the most important steps of your link here? This way this answer will still be useful even if the site will be gone. – Louis Matthijssen May 14 '14 at 13:33

How do I route my internet through a SSH tunnel?

3 Answers3

SOCKS proxy

Linked

Related