How to force all packets go through ssh tunnel

PROXYssh-tunnel

We have an SSH tunnel (ssh -ND 127.0.0.1:8080 user@example.com), that works fine for browsers if point them to 127.0.0.1:8080 as socks5 proxy, but other traffic is still not going through this tunnel.

How would i make absolutely all traffic go through SSH tunnel?

Any tools, settings i need for that?

The system i am using is Debian and MacOS so better if solution is more or less general for both platforms.

Best Answer

You can create VPN using ssh. Here is the relevant section from man ssh:

SSH-BASED VIRTUAL PRIVATE NETWORKS
    ssh contains support for Virtual Private Network (VPN) tunnelling using the tun(4) 
    network pseudo-device, allowing two networks to be joined securely.  The sshd_config(5)
    configuration option PermitTunnel controls whether the server supports this,
    and at what level (layer 2 or 3 traffic).

    The following example would connect client network 10.0.50.0/24 with remote network
    10.0.99.0/24 using a point-to-point connection from 10.1.1.1 to 10.1.1.2,
    provided that the SSH server running on the gateway to the remote network,
    at 192.168.1.15, allows it.

    On the client:

           # ssh -f -w 0:1 192.168.1.15 true
           # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
           # route add 10.0.99.0/24 10.1.1.2

    On the server:

           # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
           # route add 10.0.50.0/24 10.1.1.1

At the end, you will have tunnel interface which you can use to forward your traffic.

Related Topic