Comment by hylaride
10 hours ago
Learning how SSH port forwarding is great as a pseudo-vpn for everything from GUI-client database access to (in physical infra) access to web-admin tools for appliances.
The socks proxy support can also deal with bad web filtering and privacy issues on public wifi networks (though nowadays if you're ssh'ing to a cloud IP, you'll get lots of "bot" restrictions).
Yeah, I get use out of the SOCKS proxy mode in combination with a "split VPN" at work.
I need VPN to get into some internal resources via SSH, but there are lots of external/public/AWS resources I also need to access, and the full VPN adds too much overhead and fragility for those.
Using the available split VPN, I can point a browser instance at a localhost SOCKS proxy port to relay over SSH + VPN for other web resources I need to access internally.
Unfortunately, Firefox proxy config rules are sort of backwards for my needs. I want to say "only use proxy for these 3 domains" whereas it wants to use the proxy by default and only allow me to bypass specific domains.
In the past, I've used plugins to do just what you ask. FoxyProxy Standard did the trick (it looks like there's now at least another more standard "VPN" version, too). It looks like Firefox does have support for Native PAC files that'll also do the trick: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Pro...
> The socks proxy support ...
I just love SOCKS proxy in SSH tunnels: at some point I had a dedicated server (on a fixed IP) with countless machines (usually headless Pis dropped at a family member's place and/or SME office) automatically setting up, 24/7, reverse tunnels to that dedicated server.
Then I could, from anywhere, both access their LANs (to fix stuff) and have a browser, running locally, pretending to be in this or that country.
Basically because I had all those reverse tunnels always there, I could always decide how to use them (just SSH in or SOCKS in etc.).