Ubuntu 11.04 SSH2 Tunnel (Protecting Standalone Applications)

SSH Tunnel Manager

First of all we install the gstm package (SSH tunnel manager for GNOME) through Ubuntu Software Center. This will be the software that we will use to setup the SSH2 tunnel.

Once installed we execute it and click the Add button to create a new SSH tunnel configuration. We name it i.e. TUVPN SSH2 Tunnel:

SSH Tunnel Manager


Tunnel Properties

Now we need to input the Tunnel Properties.

In the Login area, we enter our TUVPN VPN Username.

In Host, the server that we want to establish the SSH2 Tunnel with, in this example erfurt.tuvpn.com.

And finally in Port we enter 61.

 

Tunnel Properties


Tunnel Properties

Without leaving the Tunnel Properties window, we now setup the Port Redirection, the true differentiator of a SSH2 Tunnel from a Typical VPN.

We click on the Add button and as redirection Type we choose Dynamic and as Port 7070.

This will basically configure our computer to listen on port 7070 locally and send any connection to this local port to our remote server (in this case Erfurt) through the encrypted SSH2 tunnel:



Tunnel Properties


Tunnel Properties

And we are done with Tunnel Properties window. It should look like this and we can click OK:

Tunnel Properties


SSH Tunnel Manager

And we can already Start our SSH2 Tunnel! We will have to input our TUVPN VPN password:

SSH Tunnel Manager


SSH Tunnel Manager

If all goes fine the TUVPN SSH2 Tunnel will change to green:

SSH Tunnel Manager


Connection Settings

And now nothing happens! As explained in this previous post about the differences between VPNs, SSH2 Tunnels and Proxies, all our applications will continue to access Internet through our normal Internet connection unless we configure them to use our newly created SSH2 Tunnel.

Don't worry, it is very easy! We just need to make sure that the application that we want to use through the SSH2 Tunnel support the use of SOCKS Proxies. Many do, we will publish a list soon.

As an example here we will configure Firefox to use our just established SSH2 Tunnel to the Erfurt server.

In Firefox, we just need to go to Edit -> Prefereces. Click on the Advanced tab, then Network subtab and configure the Connection Settings like this:

 

Connection Settings


Confirmation of successful connection

As we can see, we configure Firefox to use as SOCKS Host our own computer (localhost) on port 7070. So now, when we browse Internet with Firefox, our data will go through the SSH2 Tunnel to Erfurt server and reach Internet from there. Let's check it on http://whatismyipaddress.com/:

Confirmation of successful connection

 

But hey, what happens if my SSH2 Tunnel goes down? Will any Firefox data reach Internet through my normal Internet connection?

No way! SSH2 Tunnels guarantee by design that if the SSH2 Tunnel goes down, no data from the applications that you have configured to use the tunnel will ever reach Internet until the tunnel is up.

This, along the fact that only applications that you configure will actually use the tunnel, are very interesting features of SSH2 Tunnels and those that take them apart from other VPN technologies and give them an extreme flexibility of use.

< Back to Tutorials