But instead of taking over my full machine's IP stack like a VPN. Although I think I use the syntax ssh -f -Nn -D $LOCAL:$LPORT -p $RPORT only does this securely tunnel my DNS requests and online banking and DNS requests securely past my ISP's prying eyes (once you direct your browser to use it). I really love the power and convenience of running SOCKS5 via ssh to my own server out in the data center (as the poster pointed out). Secondly, SSH keeps logs of who has logged in when, and potentially the commands executed. If you were using a VPN that wouldn't provide credentials to login as a remote user. They can now access your SSH server as a user. Say your device(s) get compromised, and someone finds your SSH login. The benefit to setting up your own VPN server, is that you don't have to provide full login account credentials to users (or yourself). If you're going to be running your own server, then what I mentioned above isn't going to be relevant. If your SSH proxy goes down for maintenance, the proxy is offline, as opposed a VPN service which commonly has multiple redundant servers.ĮDIT: I see your question was about running your own server (SSH or VPN). Which SSH versions will you allow? Which ciphers? Then you have to worry about the security of the SSH tunnel. VPNs often offer multiple locations, allowing users to pick where their traffic will appear to originate.Ĭonnecting to SSH server and running a socks proxy can be easy, but then that still requires you to completely lock down the server, maintain it's patches, monitor for intrusions, or any other failures which require manual intervention. VPNs commonly have a feature where multiple users traffic will appear from a single public IP address, this makes it difficult to track a user using a VPN, since the traffic coming from a single IP could be one of any number of customers. This means that you can still get your email, and use one browser for business stuff (eg Chrome) and another browser for viewing cat pictures (eg Firefox).īoth tools can be useful, just depends on what you want to do. you can tunnel just your email and setup a socks proxy. possibly blocked by works proxy/firewall.Īlternatively, if you have SSH access to your works network. Well, all those cat memes you are browsing are routed through your work's network. Now lets say that you want to want browse reddit but you still want to keep your VPN connected so you dont miss any important emails. you will get a tunnel, but is sometimes the wrong tool for the job.įor example, lets say you are working remotely and want to VPN into your work network from home. Whereas VPN is like tunneling with dynamite. I would strongly disagree, and say instead that SSH is a more surgical method of tunneling specific traffic for people who understand what they are doing. Some people say that SSH is a poor mans VPN. SSH does NOT use TLS/SSL, rather, it employs its own protocol see RFC 4253 OpenVPN runs a custom security protocol based on SSL and TLS rather than support IKE, IPsec, L2TP or PPTP. VPNs also tend to have more support for UDP (torrents / streaming software / gaming) Again, you should be able to google what is my ip and have it display the remote servers IP address. This means that you can use this to tunnel all of your software to make it appear if everything is running from your remote server (even programs that dont have native support for proxying). VPN extends a private network across a public network by setting up a virtual network card and configuring it with an ip and gateway of the private network. Find the key called "_remote_dns" and set it to true.Type in about:config in the Firefox address bar.You can ( should) also set Your Browser to use the DNS through that proxy, so even your DNS lookups are secure: This means that all websites you visit will see you as having a browser open on that remote server. Once both the SSH connection and your browser are setup correctly, you should be able to google what is my ip and have it display the remote servers IP address. cept SSH now takes care of running the socks proxy for you (cause its a boss). This is similar to local port forwarding to a server with squid. Specifically, and reconfigured when you stop using the proxy server. Programs to request any Internet connection through a proxy server.Įach program that uses the proxy server needs to be configured SOCKS is a little-known but widely-implemented protocol for It can, however, do so so much more! For your uses, you are specifically looking at dynamic port forwarding:ĭynamic port forwarding turns your SSH client into a SOCKS proxy It was originally designed as a encrypted successor to telnet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |