Brool brool (n.) : a low roar; a deep murmur or humming

The Pan Galactic Guide to Connectivity

 |  connectivity coding

Connectivity while traveling is a pain. I’m trying to put all the various tricks and tips for connectivity in one place so I can easily reference them while on the road. These instructions are for Linux, because what I’m usually bringing on trips is a little Chromebook with Ubuntu or GalliumOS.


Using SOCKS over SSH

If you can SSH, then there is an easy way to get a SOCKS server with the -D option:

ssh -D 3128

and then just use the browser settings to go through the SOCKS proxy, or you can use an extension to switch settings – I use FoxyProxy since I’m usually juggling a bunch of different proxies.

You’ll want to make sure that your DNS is forwarded over the proxy. You can go to and see if the nameservers found are the ones for your remote servers and not for your current location.


  1. enter about:config in address bar
  2. look for network.proxy.socks_remote_dns and set it to true


As of 2017, Chrome should be forwarding DNS requests over SOCKS.

SSH ports are blocked

You can reach the web normally, but can’t SSH into your box because port 22 is blocked.


Use 443 for SSH instead of 22.

In /etc/ssh/sshd_config, just add the port:

## What ports, IPs and protocols we listen for
Port 22
Port 443

and then sudo service ssh restart.


ssh -p 443

Using SSH over SOCKS

Sometimes you have a SOCKS proxy and nothing else, but you want SSH over it. You can use something like this:

ssh -o ProxyCommand='nc -X 5 -x socks.server:port %h %p' ssh.server

i.e., if your SOCKS proxy is at port 3128, then:

ssh -o ProxyCommand='nc -X 5 -x %h %p'

This uses netcat to pipe everything from SSH through SOCKS.


sshuttle is a neat little utility that forwards everything over an SSH connection. Something like:

sshuttle --dns -r 0/0

will redirect everything over the SSH connection. So, given an SSH connection, you have essentially a full VPN.

See Also


You can ping, but that’s it – the rest of the web is blocked by the portal. So, just run your traffic with ICMP packets.


On the server, you’ll have ptunnel running.

sudo ptunnel -x password


sudo ptunnel -p -lp 8888 -da destinationhost -dp 22 -x password

Where -p is the server name, -lp is the local port number that is redirected, -da is the destination (usually localhost, but can be a different server), and -dp is the destination port (almost always 22, for SSH).

After it is set up you can ssh into destination host with:

ssh -p 8888 you@localhost

Some places block ICMP but do not block UDP, so you can pass a -udp option on both sides (server and client) to use UDP instead… or run two instances, one doing ICMP and one for UDP.

See also


Ping doesn’t work, but you get IPs back for domains


Set up iodine on the server – more details are here. Note that for real-world situations I’ve had much more luck using the -c option when running iodined.


Run iodine on the client with sudo iodine -P password Now, use the server tunnel IP to access your box, i.e. ssh you@tunnel-ip to SSH to the box. Use SSH to set up SOCKS or sshuttle to redirect all traffic over the link.

See also

Ad Hoc plus Sshuttle

Sometimes, all you have is a non-tethered phone running a SOCKS server.


Build and install rickyzhang82/tethering.


Set up a local ad hoc network. This can allegedly be done from the Connections menu, but I have never gotten that to work, and in case you run into the same problems, you can use hostapd.

sudo service network-manager stop
sudo ifconfig wlp1s0 netmask
# or: sudo ip addr add dev wlp1s0
sudo hostapd hostapd.conf

where hostapd.conf is



At this point you may not have a default route; do a sudo route to check. If not, add a default route with a sudo route add default dev wlp1s0.

Connect the iPhone to the ad hoc network. Assign an IP to it in your subnet.

Create a local port that connects to your SSH server.

ssh -L2222:localhost:22 -o ProxyCommand='nc -X 5 -x %h %p' ip.of.your.server

Note that IPs (not domain names) must be used, because at this point you don’t have access to DNS.

Now sshuttle over:

sshuttle --dns -r you@localhost:2222 0/0

… and it should all work.

All Preparations


Comments are moderated whenever I remember that I have a blog.

Alexandre Fenyo | 2017-03-23 21:02:58
Another case can be covered: you only have access to dig or nslookup and you want to ssh or browse the Internet. Just bootstrap a full VPN over DNS client and get Internet access only with dig (or nslookup) and a simple core Perl installation:
Add a comment