SSH Tunnel Server setup on MikroTik

martincho8002 · June 12, 2016, 10:17pm

Hi.

I read on many places that an SSH tunnel can be used like a VPN tunnel in some ways.

I would like to set up SSH tunnel server on my MikroTik so that I can use it “like a VPN” for torrents.

I cannot use VPN and it’s a long story “why not” but I would like to use an SSH tunnel if possible. In the process of using the SSH tunnel I also want to forward the originally high ports used for torrents (49 000+ - 50 000+) to port 443 which is allowed on the network where I want to use my laptop and download torrents.

Please advise.

Thank you.

th0massin0 · June 13, 2016, 11:12am

Hi!

I read on many places that an SSH tunnel can be used like a VPN tunnel in some ways.

… yes, it’s possible

I would like to set up SSH tunnel server on my MikroTik so that I can use it “like a VPN” for torrents.

It’s not a good idea, becouse UDP traffic in SSH is a “long story”. Torrents without UDP ports is more difficult to set and will be much slower than VPN, you should read it first: https://forum.utorrent.com/topic/74065-usage-of-utorrent-in-lan-without-udp/
… and remember that this cutted TCP-only traffic will be encapsulated to SSH TCP tunnel, so that will slow your speeds second time.

SSH in ROS is enabled by default, and listening on port 22. You can change it in ip → services, but if you want to forward traffic, do in terminal:

/ip ssh set forwarding-enabled=yes

The port forwarding specific you should set in PuTTy (Connection → SSH - > Tunnels), but be aware that forwarding will map ports 1:1, so your 443 to your’s MT 443. All depends from torrent client that you want to use.

I cannot use VPN and it’s a long story “why not”

I’m not asking but better use SSTP VPN:

it’s working on 443 by default (yes, like HTTPS), so traffic encrypted in that way (probably) won’t be fingerprinted by firewall/ids
you don’t need any additional software (in WIndows), build-in VPN client should be enough.

martincho8002 · June 14, 2016, 8:15am

Thanks a lot for such an extensive answer. I guess you are capable of answering two additional ones

How can I set up an SSTP VPN on MT (may be a link to a guide) ? Can an SSTP VPN on MT run in parallel, simultaneously, with an already set up and running OpenVPN VPN?
How can I check and assess , how “heavy” the SSH Tunnel is on my router’s bandwidth and processing power?

BR

th0massin0 · June 14, 2016, 10:02am

If you will ask nicely

For me, the best results gave that config: http://forum.mikrotik.com/t/sstp-vpn-on-ros-and-windows-7-build-in-client/98932/1
, but if you will read the documentation http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP maybe you will configure in other way.
Yes, it can work parallel with OpenVPN, but on other port.

During high traffic in Winbox: System → Resources, look at CPU load. To get more detailed info, clikc Tool → Profile, and press Start.

martincho8002 · June 15, 2016, 11:15am

Thanks again. Excuse my manners.