SOCKS VPN? - SSH

This is a discussion on SOCKS VPN? - SSH ; I have a openssh running as a socks server (ssh -D) on my Windows PC at work. The SSH server I connect to is running at home. Is there any way to use this tunnel as a full fledged VPN? ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: SOCKS VPN?

  1. SOCKS VPN?

    I have a openssh running as a socks server (ssh -D) on my Windows PC at
    work. The SSH server I connect to is running at home. Is there any way
    to use this tunnel as a full fledged VPN? I.E. be able to map a drive to
    a directory on the remote machine or open files as if they were local?

    I've already tried using the built in Windows IPSEC VPN, but I think the
    company FWis blocking some or all of the ports it needs to use.

  2. Re: SOCKS VPN?

    > I have a openssh running as a socks server (ssh -D) on my Windows PC at
    > work. The SSH server I connect to is running at home. Is there any way
    > to use this tunnel as a full fledged VPN? I.E. be able to map a drive to
    > a directory on the remote machine or open files as if they were local?


    SOCKS over SSH is the poor man's VPN. It will tunnel TCP and (in SOCKS v5)
    UDP, but not ICMP. Add a socksifying wrapper like sockscap, and you have a
    reasonable VPN.

    You can, in principle, mount remote Windows shares by tunnelling port
    139/tcp from the remote host to your local host over SSH. I tried for a
    while but never got it to work. Also, if you do that then you'll have to
    disable the file sharing server on the local host, in order to free up port
    139.

    Supposing that you do manage to mount a remote Windows share over your VPN,
    you might find that it's unacceptably slow. The reason is that every time
    you read or write a file, the whole file has to be transferred over the VPN.
    A more efficient approach is to work on your files locally, then synchronize
    them as needed to the remote server. This is what Unison does:
    http://www.cis.upenn.edu/~bcpierce/unison/. It will tunnel over ssh, and
    only copies the changed parts of files over the network so it's bandwidth
    efficient. I've been using this approach for a few years now and it works
    very well. "Work locally, synchronize globally."

    Good luck,
    Andrew.

    --
    To reply by email, change "deadspam.com" to "alumni.utexas.net"

  3. Re: SOCKS VPN?

    Andrew Schulman writes:
    >SOCKS over SSH is the poor man's VPN. It will tunnel TCP and (in SOCKS v5)
    >UDP, but not ICMP.


    While it's true that the SOCKS V5 interface supports UDP, there is no
    standard way to tunnel UDP over SSH (1 or 2). Unless both client and
    server were both to implement some extension to SSH (and I'm not aware
    of any such), it's not possible to do UDP.

  4. Re: SOCKS VPN?

    Jacob Nevins wrote:
    > While it's true that the SOCKS V5 interface supports UDP, there is no
    > standard way to tunnel UDP over SSH (1 or 2). Unless both client and
    > server were both to implement some extension to SSH (and I'm not aware
    > of any such), it's not possible to do UDP.


    You could run a conventional SSH tunnel to a real SOCKS server
    running at the far end, which could then do the UDP gatewaying.
    --
    Simon Tatham "The voices in my head are trying to ignore me.
    But if I keep talking, I can drive them insane."

  5. Re: SOCKS VPN?

    In article <8wy*Lmdgr@news.chiark.greenend.org.uk> Simon Tatham
    writes:
    >Jacob Nevins wrote:
    >> While it's true that the SOCKS V5 interface supports UDP, there is no
    >> standard way to tunnel UDP over SSH (1 or 2). Unless both client and
    >> server were both to implement some extension to SSH (and I'm not aware
    >> of any such), it's not possible to do UDP.

    >
    >You could run a conventional SSH tunnel to a real SOCKS server
    >running at the far end, which could then do the UDP gatewaying.


    No you couldn't - the SOCKS server expects to get UDP datagrams from the
    client after the UDP ASSOCIATE request, there's no TCP->UDP "gatewaying"
    in SOCKS.

    --Per Hedeland
    per@hedeland.org

+ Reply to Thread