How do I route a spare network interface through an SSH tunnel?
I just bought a Raspberry Pi and I am wanting to route an ad hoc wireless network interface fully through an SSH tunnel that was created using another wireless interface. I want to do this so that I can have a secured and private connection to the internet at places with public WiFi. I know this would be easier to do all on one computer, but I would like to have it on the RPi too since I use it for other network related things when I am using the internet, and then just simply connect to the ad hoc network from my laptop/phone. This will really help me with my iPhone because it does not support an SSH tunnel locally. How should I go about doing this? Thanks in advance for all of your help.
linux networking ip routing ssh-tunneling
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I just bought a Raspberry Pi and I am wanting to route an ad hoc wireless network interface fully through an SSH tunnel that was created using another wireless interface. I want to do this so that I can have a secured and private connection to the internet at places with public WiFi. I know this would be easier to do all on one computer, but I would like to have it on the RPi too since I use it for other network related things when I am using the internet, and then just simply connect to the ad hoc network from my laptop/phone. This will really help me with my iPhone because it does not support an SSH tunnel locally. How should I go about doing this? Thanks in advance for all of your help.
linux networking ip routing ssh-tunneling
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
ssh has a tunneling feature built into it,ssh -w .... I've personally never used it though, but it's supposed to use a TUN device, in which case you can just create routing rules to route traffic through the tunnel. (requires server-side support as well)
– Patrick
Aug 23 '12 at 3:13
can you rephrase perhaps?
– Stéphane Chazelas
Aug 31 '12 at 20:17
add a comment |
I just bought a Raspberry Pi and I am wanting to route an ad hoc wireless network interface fully through an SSH tunnel that was created using another wireless interface. I want to do this so that I can have a secured and private connection to the internet at places with public WiFi. I know this would be easier to do all on one computer, but I would like to have it on the RPi too since I use it for other network related things when I am using the internet, and then just simply connect to the ad hoc network from my laptop/phone. This will really help me with my iPhone because it does not support an SSH tunnel locally. How should I go about doing this? Thanks in advance for all of your help.
linux networking ip routing ssh-tunneling
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
I just bought a Raspberry Pi and I am wanting to route an ad hoc wireless network interface fully through an SSH tunnel that was created using another wireless interface. I want to do this so that I can have a secured and private connection to the internet at places with public WiFi. I know this would be easier to do all on one computer, but I would like to have it on the RPi too since I use it for other network related things when I am using the internet, and then just simply connect to the ad hoc network from my laptop/phone. This will really help me with my iPhone because it does not support an SSH tunnel locally. How should I go about doing this? Thanks in advance for all of your help.
linux networking ip routing ssh-tunneling
linux networking ip routing ssh-tunneling
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
edited Aug 22 '12 at 23:58
Gilles
536k12810821600
536k12810821600
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
asked Aug 22 '12 at 23:55
Clay FreemanClay Freeman
1192
1192
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
ssh has a tunneling feature built into it,ssh -w .... I've personally never used it though, but it's supposed to use a TUN device, in which case you can just create routing rules to route traffic through the tunnel. (requires server-side support as well)
– Patrick
Aug 23 '12 at 3:13
can you rephrase perhaps?
– Stéphane Chazelas
Aug 31 '12 at 20:17
add a comment |
ssh has a tunneling feature built into it,ssh -w .... I've personally never used it though, but it's supposed to use a TUN device, in which case you can just create routing rules to route traffic through the tunnel. (requires server-side support as well)
– Patrick
Aug 23 '12 at 3:13
can you rephrase perhaps?
– Stéphane Chazelas
Aug 31 '12 at 20:17
ssh has a tunneling feature built into it,
ssh -w .... I've personally never used it though, but it's supposed to use a TUN device, in which case you can just create routing rules to route traffic through the tunnel. (requires server-side support as well)– Patrick
Aug 23 '12 at 3:13
ssh has a tunneling feature built into it,
ssh -w .... I've personally never used it though, but it's supposed to use a TUN device, in which case you can just create routing rules to route traffic through the tunnel. (requires server-side support as well)– Patrick
Aug 23 '12 at 3:13
can you rephrase perhaps?
– Stéphane Chazelas
Aug 31 '12 at 20:17
can you rephrase perhaps?
– Stéphane Chazelas
Aug 31 '12 at 20:17
add a comment |
2 Answers
2
active
oldest
votes
What he's saying is that SSH "now" (the past several years) supports a poor-man's VPN. That being said, may I strongly recommend a different solution? Either way, the learning curve is relatively steep, but if you want secured communications with a solid community, oodles of documentation, and clients that run on just about everything (Windows, Linux, Mac, iPhone, Android... you get the idea), you should check out OpenVPN. See http://openvpn.net/index.php/open-source/documentation/howto.html for lots of good getting-started info, and feel free to subscribe to the (very helpful) mailing list. Unsurprisingly, there's also an OpenVPN-on-Raspberry-Pi tutorial: http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial .
Lastly, one quick plug: OpenVPN is also crazy robust; unlike, say, my company's Cisco IPSec implementation (or SSH), OpenVPN is very good at seamlessly re-establishing a connection, which is handy for things like phones that wander in and out of connectivity.
I realize this doesn't technically answer your question, but as a long-time IT guy, sometimes it's more important to figure out what the person is trying to accomplish than take a literalist approach to a question.
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
add a comment |
You need a remote machine running ssh that you can connect to from the Pi. Enable AllowTCPForwarding on the remote machine then connect from the Pi and create a SOCKS proxy using the ssh connection. Then configure your iphone to use the Pi as a proxy and there you go.
But there's 2 problems I see, 1, you'll have to make the SOCKS proxy accessible to other hosts on the local network. So you may want to configure MAC address filtering within iptables to allow your phone but block anyone else on the public wifi from finding and using the proxy. 2, last time I checked, iOS devices don't support SOCKS proxies, however a workaround has already been posted here.
Remember though, this will encrypt the traffic from your phone to the Internet but the traffic will still be vulnerable to being sniffed by anyone on the same wireless network because the proxy is on the Pi.
On remote-host in /etc/ssh/sshd_config:
AllowTCPForwarding yes
To initiate the proxy from the Pi:
ssh -g -D 8080 user@remote-host
optionally you may want to use -v to troubleshoot the connection and -N to prevent from opening a shell once you connect.
source: man ssh & man sshd_config
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f46128%2fhow-do-i-route-a-spare-network-interface-through-an-ssh-tunnel%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
What he's saying is that SSH "now" (the past several years) supports a poor-man's VPN. That being said, may I strongly recommend a different solution? Either way, the learning curve is relatively steep, but if you want secured communications with a solid community, oodles of documentation, and clients that run on just about everything (Windows, Linux, Mac, iPhone, Android... you get the idea), you should check out OpenVPN. See http://openvpn.net/index.php/open-source/documentation/howto.html for lots of good getting-started info, and feel free to subscribe to the (very helpful) mailing list. Unsurprisingly, there's also an OpenVPN-on-Raspberry-Pi tutorial: http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial .
Lastly, one quick plug: OpenVPN is also crazy robust; unlike, say, my company's Cisco IPSec implementation (or SSH), OpenVPN is very good at seamlessly re-establishing a connection, which is handy for things like phones that wander in and out of connectivity.
I realize this doesn't technically answer your question, but as a long-time IT guy, sometimes it's more important to figure out what the person is trying to accomplish than take a literalist approach to a question.
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
add a comment |
What he's saying is that SSH "now" (the past several years) supports a poor-man's VPN. That being said, may I strongly recommend a different solution? Either way, the learning curve is relatively steep, but if you want secured communications with a solid community, oodles of documentation, and clients that run on just about everything (Windows, Linux, Mac, iPhone, Android... you get the idea), you should check out OpenVPN. See http://openvpn.net/index.php/open-source/documentation/howto.html for lots of good getting-started info, and feel free to subscribe to the (very helpful) mailing list. Unsurprisingly, there's also an OpenVPN-on-Raspberry-Pi tutorial: http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial .
Lastly, one quick plug: OpenVPN is also crazy robust; unlike, say, my company's Cisco IPSec implementation (or SSH), OpenVPN is very good at seamlessly re-establishing a connection, which is handy for things like phones that wander in and out of connectivity.
I realize this doesn't technically answer your question, but as a long-time IT guy, sometimes it's more important to figure out what the person is trying to accomplish than take a literalist approach to a question.
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
add a comment |
What he's saying is that SSH "now" (the past several years) supports a poor-man's VPN. That being said, may I strongly recommend a different solution? Either way, the learning curve is relatively steep, but if you want secured communications with a solid community, oodles of documentation, and clients that run on just about everything (Windows, Linux, Mac, iPhone, Android... you get the idea), you should check out OpenVPN. See http://openvpn.net/index.php/open-source/documentation/howto.html for lots of good getting-started info, and feel free to subscribe to the (very helpful) mailing list. Unsurprisingly, there's also an OpenVPN-on-Raspberry-Pi tutorial: http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial .
Lastly, one quick plug: OpenVPN is also crazy robust; unlike, say, my company's Cisco IPSec implementation (or SSH), OpenVPN is very good at seamlessly re-establishing a connection, which is handy for things like phones that wander in and out of connectivity.
I realize this doesn't technically answer your question, but as a long-time IT guy, sometimes it's more important to figure out what the person is trying to accomplish than take a literalist approach to a question.
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
What he's saying is that SSH "now" (the past several years) supports a poor-man's VPN. That being said, may I strongly recommend a different solution? Either way, the learning curve is relatively steep, but if you want secured communications with a solid community, oodles of documentation, and clients that run on just about everything (Windows, Linux, Mac, iPhone, Android... you get the idea), you should check out OpenVPN. See http://openvpn.net/index.php/open-source/documentation/howto.html for lots of good getting-started info, and feel free to subscribe to the (very helpful) mailing list. Unsurprisingly, there's also an OpenVPN-on-Raspberry-Pi tutorial: http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial .
Lastly, one quick plug: OpenVPN is also crazy robust; unlike, say, my company's Cisco IPSec implementation (or SSH), OpenVPN is very good at seamlessly re-establishing a connection, which is handy for things like phones that wander in and out of connectivity.
I realize this doesn't technically answer your question, but as a long-time IT guy, sometimes it's more important to figure out what the person is trying to accomplish than take a literalist approach to a question.
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
answered Feb 5 '14 at 7:34
ravenpiravenpi
1661
1661
add a comment |
add a comment |
You need a remote machine running ssh that you can connect to from the Pi. Enable AllowTCPForwarding on the remote machine then connect from the Pi and create a SOCKS proxy using the ssh connection. Then configure your iphone to use the Pi as a proxy and there you go.
But there's 2 problems I see, 1, you'll have to make the SOCKS proxy accessible to other hosts on the local network. So you may want to configure MAC address filtering within iptables to allow your phone but block anyone else on the public wifi from finding and using the proxy. 2, last time I checked, iOS devices don't support SOCKS proxies, however a workaround has already been posted here.
Remember though, this will encrypt the traffic from your phone to the Internet but the traffic will still be vulnerable to being sniffed by anyone on the same wireless network because the proxy is on the Pi.
On remote-host in /etc/ssh/sshd_config:
AllowTCPForwarding yes
To initiate the proxy from the Pi:
ssh -g -D 8080 user@remote-host
optionally you may want to use -v to troubleshoot the connection and -N to prevent from opening a shell once you connect.
source: man ssh & man sshd_config
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
add a comment |
You need a remote machine running ssh that you can connect to from the Pi. Enable AllowTCPForwarding on the remote machine then connect from the Pi and create a SOCKS proxy using the ssh connection. Then configure your iphone to use the Pi as a proxy and there you go.
But there's 2 problems I see, 1, you'll have to make the SOCKS proxy accessible to other hosts on the local network. So you may want to configure MAC address filtering within iptables to allow your phone but block anyone else on the public wifi from finding and using the proxy. 2, last time I checked, iOS devices don't support SOCKS proxies, however a workaround has already been posted here.
Remember though, this will encrypt the traffic from your phone to the Internet but the traffic will still be vulnerable to being sniffed by anyone on the same wireless network because the proxy is on the Pi.
On remote-host in /etc/ssh/sshd_config:
AllowTCPForwarding yes
To initiate the proxy from the Pi:
ssh -g -D 8080 user@remote-host
optionally you may want to use -v to troubleshoot the connection and -N to prevent from opening a shell once you connect.
source: man ssh & man sshd_config
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
add a comment |
You need a remote machine running ssh that you can connect to from the Pi. Enable AllowTCPForwarding on the remote machine then connect from the Pi and create a SOCKS proxy using the ssh connection. Then configure your iphone to use the Pi as a proxy and there you go.
But there's 2 problems I see, 1, you'll have to make the SOCKS proxy accessible to other hosts on the local network. So you may want to configure MAC address filtering within iptables to allow your phone but block anyone else on the public wifi from finding and using the proxy. 2, last time I checked, iOS devices don't support SOCKS proxies, however a workaround has already been posted here.
Remember though, this will encrypt the traffic from your phone to the Internet but the traffic will still be vulnerable to being sniffed by anyone on the same wireless network because the proxy is on the Pi.
On remote-host in /etc/ssh/sshd_config:
AllowTCPForwarding yes
To initiate the proxy from the Pi:
ssh -g -D 8080 user@remote-host
optionally you may want to use -v to troubleshoot the connection and -N to prevent from opening a shell once you connect.
source: man ssh & man sshd_config
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
You need a remote machine running ssh that you can connect to from the Pi. Enable AllowTCPForwarding on the remote machine then connect from the Pi and create a SOCKS proxy using the ssh connection. Then configure your iphone to use the Pi as a proxy and there you go.
But there's 2 problems I see, 1, you'll have to make the SOCKS proxy accessible to other hosts on the local network. So you may want to configure MAC address filtering within iptables to allow your phone but block anyone else on the public wifi from finding and using the proxy. 2, last time I checked, iOS devices don't support SOCKS proxies, however a workaround has already been posted here.
Remember though, this will encrypt the traffic from your phone to the Internet but the traffic will still be vulnerable to being sniffed by anyone on the same wireless network because the proxy is on the Pi.
On remote-host in /etc/ssh/sshd_config:
AllowTCPForwarding yes
To initiate the proxy from the Pi:
ssh -g -D 8080 user@remote-host
optionally you may want to use -v to troubleshoot the connection and -N to prevent from opening a shell once you connect.
source: man ssh & man sshd_config
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
edited Apr 17 '14 at 4:52
Anthon
60.8k17103166
60.8k17103166
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
answered Apr 17 '14 at 3:37
CreekCreek
3,74611229
3,74611229
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f46128%2fhow-do-i-route-a-spare-network-interface-through-an-ssh-tunnel%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
ssh has a tunneling feature built into it,
ssh -w .... I've personally never used it though, but it's supposed to use a TUN device, in which case you can just create routing rules to route traffic through the tunnel. (requires server-side support as well)– Patrick
Aug 23 '12 at 3:13
can you rephrase perhaps?
– Stéphane Chazelas
Aug 31 '12 at 20:17