Big Red Button to Enable SSH Tunneling?
September 8, 2008 2:35 PM   Subscribe

I'm on a mac. I want to set a single configuration option somewhere to enable/disable using SSH tunneling for a bunch of different protocols/applications. Is this possible? How?

I have a mac laptop (OS X 10.5.4). I run a SSH server/DDNS client on my home router so that I can connect from the road and tunnel traffic through. Right now I run a shell script to open the tunnels and then manually reconfigure my apps to use the local endpoints. This is pretty easy for apps like IRC clients where I have the option of saying "okay, just connect to localhost:6667" when I launch the app. It's more of a pain for browsers and IM clients, where the setting is buried under several layers of Preferences. All the same, I'd like to expand my use of tunnels to protect my HTTP, IM traffic, etc.

What I'd like to do is find/write a script that opens the tunnels and updates a bunch of preferences at once, so my HTTP, DNS, IM traffic, etc are all tunneled with one action. Does anyone know of an app that does this? Is this even possible? (I imagine I'd have to restart most apps unless I can use Applescript to update the config while they're running)..

Bonus points for a solution that includes the option to "switch off" certain protocols if, say, I'm at a location with a big fat pipe and want to download something not-security-critical at full speed without running it through the tunnel (and my slower home connection).

For the record, the apps I'm curious about include Firefox/Safari, Adium, Colloquy, Mail.app.. there are others, but that's a minimum.

I suppose for the apps that accept a target server/proxy server as a command-line argument I could write shell scripts that specify the local tunnel endpoint and launch them through this script, but not all apps have this behavior and I'd prefer a cleaner solution if possible.
posted by Alterscape to Computers & Internet (9 answers total) 3 users marked this as a favorite
 
Have you considered running OpenVPN on the router via DD-WRT/OpenWRT (WRT variants).
posted by iamabot at 2:48 PM on September 8, 2008


Response by poster: Negative, and I have no experience with VPNs, but I am running DD-WRT (the non-OpenVPN version, but I could easily switch to the OpenVPN version). Would running OpenVPN solve any or all of these problems? I'm a total newbie in that space.
posted by Alterscape at 3:22 PM on September 8, 2008


You actually want to use the built in System Preferences to do this.

Setup your SSH to use dynamic port forwarding.

I do this for Firefox,Safari, and Adium. I believe Mail.app may use the systemwide socks setting as well but I have not tested it.

I add a

DynamicForward 7090

line to my .ssh/config file for the host I tunnel through and most everything works with it.

For applications that are not natively socks aware you can install tsocks from macports and use it to wrap your applications.
posted by gog at 3:42 PM on September 8, 2008 [1 favorite]


Short answer if you want to keep using SSH:

Play around with Marco Polo, it does scripted events when you change location (including auto detecting when you are on your home network vs office, etc), so you could write little applescripts to change system settings (btw, you want to be using different network locations, with socks proxy enabled, disabled, etc.). Start with a simple applescript to change the network location:

do shell script "scselect Airport" (where Airport is the name of the location)

and make a few more for mozilla, etc. then you can just add them selectively.

OpenVPN Answer:

You should be able to set that up with DD-WRT and OpenVPN, and then use TunnelBlick on your mac to initiate the connection. TunnelBlick will provide a drop down menu like your airport menu, which you can use to connect. Once you are connected, all traffic coming out of your mac will go through your dd-wrt vpn unless you specifically tell it otherwise.
posted by mrzarquon at 3:59 PM on September 8, 2008


This seems to be a good match for AlmostVPN.
posted by Mr Stickfigure at 4:10 PM on September 8, 2008


(AlmostVPN is not free, and the uninstallers and cleanup apps are failing on my machine without notification of error)
posted by mrzarquon at 4:25 PM on September 8, 2008


Also, their uninstall scripts are run only, so I can't easily inspect them to see what they are *trying* to run in order to uninstall it.

If you installed it as User Only, it should only put stuff in ~/Library/Application Support and ~/Library/Preferences
posted by mrzarquon at 4:33 PM on September 8, 2008


I think you're overthinking the plate of beans here. Configure your apps to use the local endpoints. When you don't want to use the tunnel through your home machine, simply SSH to your own machine with the same tunneling setup. Should be simple enough to set up scripts to kill your sshd then establish either the real tunnel or the dummy one.
posted by kindall at 4:48 PM on September 8, 2008


Oh, nice idea gog! I'd just assumed socks would screw up ssh's original connection.
posted by jeffburdges at 3:16 AM on September 9, 2008


« Older Can I watch Thom Yorke the depressive clown again?   |   Arach No Phobia Newer »
This thread is closed to new comments.