1mo ago

ssh reverse tunnel

Is it possible to use a reverse ssh tunnel to force all network connection on the remote host through the local host.

Essentially:

local -> ssh -> remote remote web request -> ssh tunnel -> local -> internet

I want the remote to make connections through the locals VPN without having to authenticate on the remote as well

Hopefully this makes sense

17 comments

So in summary you have your device A and services running on B, you connect to a vpn service using A, and you want the services running on B to use the same vpn connection?
I encountered this problem with torrenting and private trackers.
I solved it the other way around, by having the remote connect to the vpn and routing traffic from my device through that remote.
get a mullvad subscription because they do wireguard
create wireguard-outbound container on server and connect to mullvad
create wireguard-inbound container on server and attach it to the network stack of wireguard-outbound
attach any other containers on the server you want using the vpn to the network stack of wireguard-outbound
install wireguard on your various devices instead of connecting to mullvad directly just connect to your wireguard-inbound container
For bonus points you can create a squid (proxy service) container and attach that to wireguard-outbound, then create a firefox profile that connects to that proxy. That way your device isn't routing all traffic through the vpn, only the traffic from that firefox profile.
I've had this set up for several years now and for the most part it works very well. Occasionally I have to restart the containers but for the most part it's great.
- I see that containers get lot of love, but really setting up wireguard is writing a text config file, why would you need containers for that?
  
  Well, you don't need containers for wireguard the same way you don't need containers for anything.
  I personally prefer docker containers for everything that can be containerised because it provides a consistent abstraction layer. As in, I always know how to find configurations and paths and manage network infrastructure for anything that resides in a container.
  In the case I outlined above with the wireguard containers, I'm more confident I'm not going to upset any other services on my server, and I understand the configuration.
  Maybe it's a bit like using ufw to manage iptables rules, unnecessary but helpful.
  Of course, I freely admit that my way is not necessarily the best way and if someone wants to run wireguard on the host then great.
  
  Thanks for the clarification, it make sense indeed, specially if you don't come from a long term Unix background.
  Today Linux world feels more and more unnecessarily complicated somehow. I am getting old.
  
  One use for wireguard in a container is that if you're using other containers on the same host you can use container magic to route the traffic of specific containers through the wireguard tunnel, while other containers bypass the tunnel.

17 comments