Linux

52752 readers

530 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

ssh reverse tunnel (lemmy.world)

submitted 1 day ago by [email protected] to c/[email protected]

17 comments fedilink hide all child comments

Is it possible to use a reverse ssh tunnel to force all network connection on the remote host through the local host.

Essentially:

local -> ssh -> remote remote web request -> ssh tunnel -> local -> internet

I want the remote to make connections through the locals VPN without having to authenticate on the remote as well

Hopefully this makes sense

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 day ago (4 children)

So in summary you have your device A and services running on B, you connect to a vpn service using A, and you want the services running on B to use the same vpn connection?

I encountered this problem with torrenting and private trackers.

I solved it the other way around, by having the remote connect to the vpn and routing traffic from my device through that remote.

get a mullvad subscription because they do wireguard
create wireguard-outbound container on server and connect to mullvad
create wireguard-inbound container on server and attach it to the network stack of wireguard-outbound
attach any other containers on the server you want using the vpn to the network stack of wireguard-outbound
install wireguard on your various devices instead of connecting to mullvad directly just connect to your wireguard-inbound container

For bonus points you can create a squid (proxy service) container and attach that to wireguard-outbound, then create a firefox profile that connects to that proxy. That way your device isn't routing all traffic through the vpn, only the traffic from that firefox profile.

I've had this set up for several years now and for the most part it works very well. Occasionally I have to restart the containers but for the most part it's great.

[–] [email protected] 2 points 22 hours ago (3 children)

I see that containers get lot of love, but really setting up wireguard is writing a text config file, why would you need containers for that?

[–] [email protected] 2 points 21 hours ago (1 children)

Well, you don't need containers for wireguard the same way you don't need containers for anything.

I personally prefer docker containers for everything that can be containerised because it provides a consistent abstraction layer. As in, I always know how to find configurations and paths and manage network infrastructure for anything that resides in a container.

In the case I outlined above with the wireguard containers, I'm more confident I'm not going to upset any other services on my server, and I understand the configuration.

Maybe it's a bit like using ufw to manage iptables rules, unnecessary but helpful.

Of course, I freely admit that my way is not necessarily the best way and if someone wants to run wireguard on the host then great.

[–] [email protected] 2 points 19 hours ago

Thanks for the clarification, it make sense indeed, specially if you don't come from a long term Unix background.

Today Linux world feels more and more unnecessarily complicated somehow. I am getting old.

load more comments (1 replies)