Can the SSH tunnel be used to bypass the GFW?

proxy
improvement
whitelisting

(tododo) #1

Can the SSH tunnel be used to bypass the GFW?


(Yang.Y) #2

Yes, as long as your remote ssh host is not blocked.

But if your purpose is to overcome some type of firewall, SSH Proxy might more appropriate.


(tododo) #3

Hi Yang, thanks a lot. I have purchased both proxy and tunnel.

The tunnel will route all my traffic to the remote VPC, but I found proxy can control what to route through the proxy.

I am thinking to use the proxy to control what traffic goes via my tunnel? Can you guide me how to set this up? What username and password I should use to connect proxy to tunnel? Is it my local Mac’s credential or the remote VPC’s?

Thanks,


(Yang.Y) #4

SSH Proxy has the ability to connect to remote ssh host without cooperating with SSH Tunnel.

You can follow this guide to create proxy in SSH Proxy. And after your proxy connected, use the proxy by setting system networking preferences.


(tododo) #5

Done. Thanks. it’s not possible to implement the same on iPhone, right?


(Yang.Y) #6

No, it’s not possible, at least on iOS 10 and earlier versions.

Apps that run in the background will be killed by iOS automatically after very short period (5 minutes or less).


(tododo) #7

Hi,

I found that some time the filtering of whitelist is not working. If I enable it, then the sites on the whitelist is not accessible. For example, I put *.google.com.hk http://google.com.hk/ in the whitelist, and I enabled using the option to only allow using proxy when sites on the whitelist.

It’s very interesting that I found it only won’t work when I setup system wide proxy rather than setting individual application to use proxy. I just wanted to confirm with you if this is a normal behavior or there is something that I mis-configured?

Also, it seems to have certain cache? I disabled the system wide proxy, and try using Chrome’s plugin to connect using proxy, and it did take some while until the configuration works.


(Yang.Y) #8

Besides SOCKS, SSH Proxy also supports both HTTP and HTTPS proxies.

Did you tried enabling Web Proxy (HTTP) and Secure Web Proxy (HTTPS)? Since some applications only respect HTTP, HTTPS proxies.

SSH Proxy itself does not cache connections, but Chrome or its plugins may do. Modern web sites are supporting TCP keep alive mechanism, the clients have the chance to retain the TCP connections to accelerate data exchanging.


(tododo) #9

Hi, thanks for your reply.

I just found out that it was a mis-configuration that caused my problem. The domain name should not contain *. For example, if i want to add google.com http://google.com/ to the while list, don’t use *.google.com http://google.com/, instead, just put google.com http://google.com/.

Thanks,


(Yang.Y) #10

It’s prone to get wrong on configuration, SSH Proxy should handle this smarter.

Will try to improve this in next release.

Thank you,