Last Updated: February 25, 2016
·
15.38K
· diogoandre

Proxy with DigitalOcean

I am the kind of guy that follow the rules, most of the time. Sometimes you must break the rules, and others just work around them. What follows is my recipe to work around my company's proxy server and gain sweet uncensored access to the internet.

This recipe is meant to be cooked on a mac, but will probably also taste good if baked on the average common linux box.

Ingredients

Assumptions

We will assume that your proxy is not blocking SSH connections. There are workarounds if that is the case.

Cooking

The first thing you should do is get you DigitalOcean VPS. Install a Ubuntu LTS version, create a non-root (not even sudo powers is needed) user with a password:

adduser mynewuser

And that's everything you have to do on the server. Save the new user and password for later.

Install Corkscrew following the README. It is just about downloading the package, building it and making a couple of tweaks to your ssh config file (~/.ssh/config). This is how mine looks:

Host myproxy.proxy
ProxyCommand /usr/local/bin/corkscrew 172.17.1.1 8080 %h %p ~/.ssh/cred

You will notice that I'm using some custom domains as hosts, so here's my /etc/hotsts:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
172.16.1.1  myproxy.proxy
172.16.1.1  myproxy.free

I'll get to why I use two hostnames to the same server later.

Now it is time to add the SSH and it's little known(?) feature to our mix. We will use the -D option availbe in the osx SSH client, and it works by "allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel"(ssh man page). This means that we can have SSH open a local port, and tell it to forward anything sent to this port to the remote server. The remote server will do his part and forward that traffic to the actual destination, and send the response back through the SSH tunnel. Here is the actual command:

ssh -D 8080 -C hoot@mybox.proxy

The command above will open port 8080 on your local host, and now we just have to set our computer to send network traffic to this proxy. The commands below will do the trick, or you can go to your System Preferences and click your way to it.

networksetup -setsocksfirewallproxy Wi-Fi localhost 8080
networksetup -setsocksfirewallproxystate Wi-Fi on

That's it! You should have a working remote proxy now. You can verify by check your IP address (try whatismyip.com) and confirm if the IP displayed is the same one allocated to your DigitalOcean VPS.

This might not be the most efficient (or secure) way to have a remote proxy, but it works really well, is cheap and quick to setup!

As a bonus, here is a little shell script I use to connect to my remote proxy:

#!/bin/sh

if [ "$1" = "inception" ]
then
  ssh -D 8080 -C hoot@myproxy.proxy
else
  ssh -D 8080 -C hoot@myproxy.free
fi

I use the inception mode when I'm behind my corporate proxy, and the free mode when I'm directly connected to the internet, but need to go thru the remote proxy for some reason.

Enjoy!

2 Responses
Add your response

Corkscreew why do i need this ?

over 1 year ago ·

Hi,

"Corkscrew is a tool for tunneling SSH through HTTP proxies."

I use it when I'm inside my company's network and the only way to reach the internet is through their proxy.

So, by using corkscrew with the script above, you'l l basically be running a proxy server through another proxy server. Proxy inception. Makes sense?

over 1 year ago ·