Connectivity while traveling is a pain. I’m trying to put all the various tricks and tips for connectivity in one place so I can easily reference them while on the road. These instructions are for Linux, because what I’m usually bringing on trips is a little Chromebook with Ubuntu or GalliumOS.
If you can SSH, then there is an easy way to get a SOCKS server with the
ssh -D 3128 firstname.lastname@example.org
and then just use the browser settings to go through the SOCKS proxy, or you can use an extension to switch settings – I use FoxyProxy since I’m usually juggling a bunch of different proxies.
You’ll want to make sure that your DNS is forwarded over the proxy. You can go to dnsleaktest.com and see if the nameservers found are the ones for your remote servers and not for your current location.
about:configin address bar
network.proxy.socks_remote_dnsand set it to true
As of 2017, Chrome should be forwarding DNS requests over SOCKS.
You can reach the web normally, but can’t SSH into your box because port 22 is blocked.
Use 443 for SSH instead of 22.
/etc/ssh/sshd_config, just add the port:
## What ports, IPs and protocols we listen for Port 22 Port 443
sudo service ssh restart.
ssh -p 443 email@example.com
Sometimes you have a SOCKS proxy and nothing else, but you want SSH over it. You can use something like this:
ssh -o ProxyCommand='nc -X 5 -x socks.server:port %h %p' ssh.server
i.e., if your SOCKS proxy is at 192.168.0.100 port 3128, then:
ssh -o ProxyCommand='nc -X 5 -x 192.168.0.100:3128 %h %p' firstname.lastname@example.org
This uses netcat to pipe everything from SSH through SOCKS.
sshuttle is a neat little utility that forwards everything over an SSH connection. Something like:
sshuttle --dns -r email@example.com:port 0/0
will redirect everything over the SSH connection. So, given an SSH connection, you have essentially a full VPN.
You can ping, but that’s it – the rest of the web is blocked by the portal. So, just run your traffic with ICMP packets.
On the server, you’ll have ptunnel running.
sudo ptunnel -x password
sudo ptunnel -p yoursite.com -lp 8888 -da destinationhost -dp 22 -x password
-p is the server name,
-lp is the local port number that is
-da is the destination (usually localhost, but can be a
different server), and
-dp is the destination port (almost always
22, for SSH).
After it is set up you can ssh into destination host with:
ssh -p 8888 you@localhost
Some places block ICMP but do not block UDP, so you can pass a
-udp option on both sides (server and client) to use UDP
instead… or run two instances, one doing ICMP and one for UDP.
Ping doesn’t work, but you get IPs back for domains
Set up iodine on the server – more details are
here. Note that for real-world
situations I’ve had much more luck using the
-c option when running
Run iodine on the client with
sudo iodine -P password
tun.yourdomain.com. Now, use the server tunnel IP to access your box,
ssh you@tunnel-ip to SSH to the box. Use SSH to set up SOCKS or
sshuttle to redirect all traffic over the link.
Sometimes, all you have is a non-tethered phone running a SOCKS server.
Build and install rickyzhang82/tethering.
Set up a local ad hoc network. This can allegedly be done from the
Connections menu, but I have never gotten that to work, and in case
you run into the same problems, you can use
sudo service network-manager stop sudo ifconfig wlp1s0 169.254.128.1 netmask 255.255.255.0 # or: sudo ip addr add 169.254.128.1/255.255.255.0 dev wlp1s0 sudo hostapd hostapd.conf
interface=wlp1s0 hw_mode=g channel=1 ieee80211d=1 country_code=US ieee80211n=1 ieee80211ac=1 wmm_enabled=1 ssid=tether auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP wpa_passphrase=password
At this point you may not have a default route; do a
sudo route to
check. If not, add a default route with a
sudo route add default dev
Connect the iPhone to the ad hoc network. Assign an IP to it in your subnet.
Create a local port that connects to your SSH server.
ssh -L2222:localhost:22 -o ProxyCommand='nc -X 5 -x ip.of.socks.phone:3128 %h %p' ip.of.your.server
Note that IPs (not domain names) must be used, because at this point you don’t have access to DNS.
Now sshuttle over:
sshuttle --dns -r you@localhost:2222 0/0
… and it should all work.
ptunnel, one for UDP and one for standard ICMP
Comments are moderated whenever I remember that I have a blog.
There are no comments on this article.