Explore a poor man’s VPN with OpenSSH
If you run your own Linux server, whether it’s a Raspberry Pi at home or a VPS in the clouds somewhere, then you’ll no doubt be familiar with SSH. What may be a surprise though, is that the SSH daemon can forward local or remote traffic over the encrypted connection, so that (potentially unsecured) services running on either client or server can be securely forwarded.
Another of SSH’s lesser-known tricks is that it can run a SOCKS5 proxy in the background, so your server can be used as a proxy. If your SSH server is a machine at home, then this can be used to secure public Wi-Fi connections, so long as you trust your ISP more than public Wi-Fi. If your SSH server is remote, then this can be used if you trust the people running your server’s infrastructure more than you trust your ISP. Starting the proxy is just a matter of typing the following: $ ssh -D 8080 remote-host
Applications can be individually configured to use this proxy, or you can use
NetworkManager to use it for all traffic. For example, in Firefox open the preferences dialog and scroll down to the Network Proxy section. Click Settings, and enter localhost in the SOCKS5 box and use 8080 for the port.
The proxy will stay functional as long as the SSH session is active. We mentioned before that SOCKS doesn’t do encryption, but that doesn’t matter because SSH does.