Couple of scenarios:

  • You are connected to a publicly available WiFi network that you do not trust, but you have a trusted server somewhere where you can connect to
  • You are connected to a network that has limited access (or no access at all as it happened in my case), but you can connect to another host that can

So, what are your options?

Obviously you can set up a VPN server on the remote machine and connect to it, but it can be a bit fiddly.

An alternative is to set up a virtual private network over an ssh connection.

The instructions below explain how to do this:

On a server (any linux node that has access to the internet):

# enable remote root, port forwarding and tunnelling
# vi /etc/ssh/sshd_config
# service sshd restart

On a client (server that has no internet access, or is connected to an insecure network):

# open an ssh tunnel to the server, this will create tun interface
# ssh -f -w any <server ip> true

# assign an ip to it (
# ifconfig tun0 netmask

On the server:

# assign an ip (
# ifconfig tun0 netmask

# enable packet forwarding
# echo 1 > /proc/sys/net/ipv4/ip_forward

# enable masquerading
# iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

On the client ( is the default gateway on the network you are currently connected to):

# replace default route (that has no access to the internet) with the new remote tunnel ip (that has access)
#  ip route add via
#  ip route del default via dev eth0
#  ip route add default via

# now you should have access to the internet
# ping

comments powered by Disqus


11 December 2012