Can the SSH tunnel be used to bypass the GFW?

tododo · December 19, 2016, 6:14am

yang · December 19, 2016, 12:13pm

Yes, as long as your remote ssh host is not blocked.

But if your purpose is to overcome some type of firewall, SSH Proxy might more appropriate.

tododo · December 20, 2016, 1:56am

Hi Yang, thanks a lot. I have purchased both proxy and tunnel.

The tunnel will route all my traffic to the remote VPC, but I found proxy can control what to route through the proxy.

I am thinking to use the proxy to control what traffic goes via my tunnel? Can you guide me how to set this up? What username and password I should use to connect proxy to tunnel? Is it my local Mac’s credential or the remote VPC’s?

Thanks,

yang · December 20, 2016, 2:30am

SSH Proxy has the ability to connect to remote ssh host without cooperating with SSH Tunnel.

You can follow this guide to create proxy in SSH Proxy. And after your proxy connected, use the proxy by setting system networking preferences.

tododo · December 20, 2016, 6:16am

Done. Thanks. it’s not possible to implement the same on iPhone, right?

yang · December 20, 2016, 7:34am

No, it’s not possible, at least on iOS 10 and earlier versions.

Apps that run in the background will be killed by iOS automatically after very short period (5 minutes or less).

tododo · December 22, 2016, 1:46am

Hi,

I found that some time the filtering of whitelist is not working. If I enable it, then the sites on the whitelist is not accessible. For example, I put *.google.com.hk http://google.com.hk/ in the whitelist, and I enabled using the option to only allow using proxy when sites on the whitelist.

It’s very interesting that I found it only won’t work when I setup system wide proxy rather than setting individual application to use proxy. I just wanted to confirm with you if this is a normal behavior or there is something that I mis-configured?

Also, it seems to have certain cache? I disabled the system wide proxy, and try using Chrome’s plugin to connect using proxy, and it did take some while until the configuration works.

yang · December 22, 2016, 12:57pm

Besides SOCKS, SSH Proxy also supports both HTTP and HTTPS proxies.

Did you tried enabling Web Proxy (HTTP) and Secure Web Proxy (HTTPS)? Since some applications only respect HTTP, HTTPS proxies.

SSH Proxy itself does not cache connections, but Chrome or its plugins may do. Modern web sites are supporting TCP keep alive mechanism, the clients have the chance to retain the TCP connections to accelerate data exchanging.

tododo · December 24, 2016, 4:17am

Hi, thanks for your reply.

I just found out that it was a mis-configuration that caused my problem. The domain name should not contain *. For example, if i want to add google.com http://google.com/ to the while list, don’t use *.google.com http://google.com/, instead, just put google.com http://google.com/.

Thanks,

yang · December 24, 2016, 7:52am

It’s prone to get wrong on configuration, SSH Proxy should handle this smarter.

Will try to improve this in next release.

Thank you,