How to Set Up a "Poor Man VPN" Using SSH and Bitvise

Introduction

Setting up a VPN on your server can be complex and expensive. However, a simpler and cost-effective solution exists using SSH tunneling, also known as a "Poor Man's VPN." This setup is perfect for secure browsing or accessing restricted networks. Here’s how to configure it on MacOS/Linux and Windows.

Configuring SSH Tunneling on MacOS and Linux

Step 1: Install Proxychains4

First, install Proxychains4, which allows you to route your traffic through proxy servers. You’ll need gcc and make installed on your machine to compile Proxychains4.

./configure --prefix=/usr --sysconfdir=/etc
make
[optional] sudo make install
[optional] sudo make install-config # Installs proxychains.conf

Step 2: Modify Proxychains Configuration

Edit the Proxychains configuration file to use a SOCKS5 proxy:

# Edit /etc/proxychains.conf
# Comment out the default SOCKS4 proxy
# Add the following line for SOCKS5
socks5 127.0.0.1 1080

Step 3: Create SSH Tunnel

Establish an SSH tunnel that will act as your SOCKS server:

ssh -f -N -D 1080 admin@server1.example.com

Step 4: Verify the Proxy

Check if the proxy is working correctly:

curl -I twitter.com

Step 5: Script for Connection Management

Use a bash script to easily connect and disconnect from your SSH tunnel:

#!/bin/sh
# This script toggles the SSH tunnel and SOCKS proxy on and off
NET_SERVICE="Wi-Fi"
PORT=1080
SERVER=admin@server1.example.com
PID=$(pgrep -f ${PORT})
if [ "$EUID" -ne 0 ]
  then echo "Please run as root!"
  exit
fi
if pgrep -f ${PORT} >/dev/null
then
  echo "Disconnecting..."
  kill -9 $PID
else
  echo "Connecting..."
  ssh -D ${PORT} -f -C -q -N ${SERVER}
  networksetup -setsocksfirewallproxy ${NET_SERVICE} 127.0.0.1 ${PORT}
  networksetup -setsocksfirewallproxystate ${NET_SERVICE} on
  echo "Connected to server. SOCKS proxy is active."
fi

Configuring SSH Tunneling on Windows

Step 1: Install Bitvise and Proxifier

For Windows users, install Bitvise and Proxifier to manage your SSH tunnel and route applications through it.

Download and install Bitvise SSH Client.
Download and install Proxifier.

Step 2: Configure Bitvise and Proxifier

Follow the setup guides provided in the images to configure Bitvise for the SSH connection and Proxifier to manage your application traffic through the SSH tunnel.

Configuration Steps

By following these steps, you can effectively create a secure, private network connection using SSH tunneling, providing a budget-friendly alternative to traditional VPN services.

Comprehensive Guide: Installing, Configuring, and Managing ArangoDB Backups on AWS Configuring Firebase Cloud Messaging (FCM) for Vue.js Applications

Frequently Asked Questions

What is a Poor Man's VPN and how does it work?

A Poor Man's VPN is an SSH tunnel that acts as a SOCKS proxy, routing your internet traffic through a remote server. It works by establishing an encrypted SSH connection with dynamic port forwarding (-D flag), which creates a SOCKS5 proxy on your local machine. This is simpler and more cost-effective than traditional VPN solutions while providing secure browsing and access to restricted networks.

What is the difference between SSH tunneling on MacOS/Linux and Windows?

On MacOS and Linux, you can set up SSH tunneling directly using the built-in SSH client and tools like Proxychains4 to route traffic. On Windows, you need third-party tools like Bitvise SSH Client to create the SSH tunnel and Proxifier to route application traffic through the tunnel. Both methods achieve the same result but use different tools.

How do I verify that my SSH tunnel is working correctly?

You can verify your SSH tunnel by using 'curl -I twitter.com' on MacOS/Linux to check if requests are going through the proxy. You can also check your IP address using services like whatismyip.com to see if it matches your server's IP instead of your local IP. If the IP has changed to your server's location, the tunnel is working correctly.

Can I automatically connect and disconnect the SSH tunnel?

Yes, the guide provides a bash script that toggles the SSH tunnel on and off automatically. The script checks if the tunnel is running, kills it if active, or starts a new connection if inactive. It also configures your system's SOCKS proxy settings automatically using networksetup on MacOS. You need to run the script as root for it to work properly.

What port should I use for the SOCKS proxy?

The guide uses port 1080 for the SOCKS5 proxy, which is a common default port. You can use any available port above 1024 if you prefer. Make sure to update the port number in both your SSH command (ssh -D PORT), your Proxychains configuration (/etc/proxychains.conf), and any proxy settings in applications like Proxifier.