The Web Page of Kristopher Linquist

The problem I was facing is that when connected to my employer via a hardware VPN from home, all other static IPs on my home network were blocked (even those on the 'DMZ'/outside facing net).  I needed to tunnel my traffic through an outside location.

Tor

I wrote a page many years ago on setting up a proxy server at home.  This will tunnel your chosen traffic, encrypted, through your home machine.  The downside of this approach is a network administrator can likely see that you are tunneling traffic through a a single outside machine.   Tor (The Onion Router) is a network of a thousand+ servers - when you tunnel traffic through the Tor network, it is encrypted and is forced through several of these servers before it is "let off the network" and onto the public internet.   This way, a single server does not know if you are connecting directly to it or whether the traffic is coming from a different server.   Your network administrator will also see connections to several hosts - which change fairly regularly.

The process for getting Tor up and running is very similar to setting up a proxy server at home - you install the application, connect to the network, then set the applications you wish to use through the anonymous network to run through the local proxy server that comes with Tor.

Tor is now offering packages for windows which include Firefox, a firefox plugin to allow you to easily turn on/off the proxy server [torbutton], as well as Pidgin [a great multi-protocol IM client, similar to Trillian).  They also offer Mac and Linux clients.

http://www.torproject.org/download.html.en

If you've got some spare bandwidth and have the ability to tunnel traffic from your external IP address, I recommend giving back to the community by running a Tor relay server.

On my Macbook Pro, I needed to tunnel SSH through the Tor socks proxy.  The first step was to compile and install connect.c which allows ssh to be tunneled.  I first had to sign up for the Apple developer program to get my hands on the latest download of XCode which includes gcc (a C compiler).  Once that was installed, I followed the instructions here:

http://www.bartbusschots.ie/blog/?p=184

Now a conundrum:  I only wanted to tunnel SSH traffic to my specific host through Tor sometimes.   I solved this by writing (my first!) an applescript.  I should mention that this is one of the few things that would likely be easier in Windows, simply using an advanced SSH client like SecureCRT to use a Socks proxy conditionally.

First, I wrote a config file as described at the URL above, but I called it ~/.ssh/config-socks instead of just ~/.ssh/config:

Host mySSHhost.com

    ProxyCommand connect -a none -S localhost:9050 %h %p

Next, I wrote an applescript which does the following:

1. Copies "config-socks" to "config"
2. Launches Tor (Vidalia) and waits 60 seconds (it takes some time to establish the tor network connection)
3. Launches Terminal and SSHs into my SSH host
4. Once you close the SSH session, it removes the "config" file and asks if you want to close Tor (Vidalia)

This is what I've come up with:

do shell script "cp ~/.ssh/config-socks ~/.ssh/config"

tell application "Vidalia"

    activate

end tell

display alert "Waiting for tor network..." message "this script waits 60 seconds before launching ssh." giving up after 5
delay 60

tell application "Terminal"

    activate

    do script with command "ssh mySSHhost.com"

end tell

delay 1
set ssh_is_running to true

repeat until ssh_is_running is false

    try

        do shell script "ps | grep 'ssh mySSHhost.com'"

    on error

        set ssh_is_running to false

    end try

    delay 5

end repeat

do shell script "rm ~/.ssh/config"
set response_action to display dialog "ssh session ended. Quit Vidalia?" buttons {"Yes", "No"} default button "Yes" with title "linquist.net ssh over tor script" giving up after 10
if button returned of response_action is "Yes" then tell application "Vidalia" to quit