1. smugnus macrumors newbie

    Mar 28, 2009
    I've checked the forum before posting... I've noticed some people asking this same question here and on other forums and there never seems to be an answer, so here we go, my turn to ask it now:

    The Goal:
    To be able to surf the real (unfiltered) internet, privately, on a powerbook, from a place that likes to block certain websites and protocols, with the help of an OSX Server somewhere else. Sounds simple right?

    The Scenario:
    1. G4 MDD Tower running OSX Server 10.5.6 in a location that has the real, unrestricted internet. It is also running DynDNS with no problems.
    2. G4 powerbook running OSX 10.4.11 in a location that has very restricted internet but wishes it had the real internet.

    So is the answer VPN? Which kind? Apple's built-in VPN on OSX Server? L2TP over IPSec? Does one need to also run a proxy server in addition to VPN? If using a proxy for web, will we need proxy servers for each and every other protocol which we may want to access? Or is it possible to directly "share" the internet connection of the OSX Server across VPN to the powerbook client with no added proxy software anywhere? Has anyone successfully done this?

    I've seen a few vague answers to this scenario scattered about the web, and none of them seemed very straight forward or easy, and would not result in a very private connection. Is there a simple 1-2-3 answer that doesn't involve downloading stuff, typing fancy terminal commands, spending more money, or compiling binaries and so forth?
  2. dampfdruck macrumors member

    Oct 20, 2008
    If your remote environment is so restricted, you may not be able to establish a VPN connection to your home site. If anything, OpenVPN is the best VPN solution available (simple to configure, secure, reliable).

    In casre where the local environment is very restrictive, a UMTS modem (3G) is typically the best solution.
  3. smugnus thread starter macrumors newbie

    Mar 28, 2009
    OK great.. Any other thoughts, answers to my questions?
  4. myjay610 macrumors regular

    Jan 6, 2008
    With a VPN you should be able to have the option to route all network traffic across the tunnel - so everything would go through the server at home. It should feel like you are actually within the boundary of the home network the server is at when you're connected via VPN.

    If you're really concerned with just using the VPN as a web proxy you could easily tunnel your web traffic over a ssh connection/socks proxy instead.
  5. jseely macrumors newbie

    Apr 8, 2009
    A full blown VPN is way overkill for simply getting around content filters. I do consulting for a living and run into this problem often. My solution:

    - Setup tinyproxy on a system you control. Bind it to localhost only, and note the port you use.
    - Setup SSH on the same system, noting the port. Port choice here is key, because some places won't allow port 22 out. I actually have two SSH instances on my system - one statically set up 53, and another that is configurable via a password protected https web page I access from my phone. So, if 53 isn't allowed out of a network I'm on, I'll try 20, 21, 23, 80, 443 etc, until I find something that works.
    - On your remote system, establish an SSH connection like so:

    ssh -p <port> -L <local proxy port>:localhost:<remote proxy port> user@remote_host

    This will open a port on your local system (local proxy port) and tunnel it over the ssh connection to the remote systems tinyproxy instance.

    - Now go into your browser preferences and point your proxies to host=localhost and port=local proxy port. Done! Note though, you'll have to keep the ssh session active to use the proxy.
  6. myjay610 macrumors regular

    Jan 6, 2008
    That's still overkill.

    ssh -D <localport> user@server.com -p <remote_port>

    i.e. ssh -D 9999 user@server.com -p 1709

    Then go into your proxy settings and enable SOCKS proxy to localhost:9999.

    Done, you don't have to install anything on home computer, just enable SSH and change the hosting port to something else if you need to, the port settings are in /etc/services
  7. jseely macrumors newbie

    Apr 8, 2009
    Really good tip myjay610, I didn't know that was possible!
  8. mmcxiiad macrumors 6502

    Jul 19, 2002
  9. Seismo macrumors newbie

    Apr 22, 2009
    My company blocks all outgoing traffic except for http, https and ftp. I found this out by just trying every well-known port.
    So, I set up a Linux box at home running VNC server.
    I configured my router to forward port 443 traffic to port 5901 on the Linux box.
    Now I just bring up the VNC client on my machine at work, point to hostname:65979 (VNC client-speak for port 443), and BAM! I'm on my home machine.
    So, if you're looking for a virtualized desktop situation, it doesn't get much free-er or easier than this. I can surf the web, fire up bit-torrent, all kinds of fun stuff, without sending that traffic through my company's routers.

Share This Page