My friend gave me an ability to use SSH tunnel for sakes of privacy and stuff. Currently I’m using PuTTy to establish the connection. Besides IP and port, I entered auto-login user field in connection’s settings, selected private key “.ppk” file (I’ve also got a passphrase for it, which I enter every time) and selected SOCKS5 dynamic forwarded port D8888.
AFAIK, it’s a basic and most common setup for SSH tunnels. My primary browser is Chrome and I have a Firefox, which was configured to use 127.0.0.1 proxy at 8888 port. Everything works fine besides the fact it’s determined as a proxy anyway, but it’s not the case of this thread.
The first question is how should I transfer all of these settings to my RB951G-2HnD for the purpose of establishing a tunnel from it?
And the second thing, is it possible to transfer a proxy to it, so I can use it not from just one browser on a specific computer, but from all network devices with mikrotik IP as a proxy?
I’ve studied SSH and SSH-client wiki articles, but there’s only common information, not this specific situation. Thanks in advance for the answers.
It’s probably impossible. There’s support for port forwarding in RouterOS ssh server (only static ports it seems, not SOCKS). But I can’t find anything related to port forwarding in RouterOS ssh client.
Try asking your friend if he could set up proper VPN server for you.
SSH tunnel is a limited VPN-like solution intended to connect between end systems.
You setup an SSH session from your system to another system, and forward a port between them.
This is not something commonly done on a router. On routers, other types of VPN are normally used,
and MikroTik supports a couple of different ones. These normally forward an entire protocol or address,
not just a single port like SSH tunnel. You need that, because the router sits in the middle between your
system and the destination, so it has to receive the traffic first, and you have to set a route in your system
to do that.
Thanks a lot for reply! I appreciate your help and explanations.
So, the only way is to setup a VPN tunnel and I assume there’re tons of guides about it on the internet.
But how to separate the VPN traffic from the ordinary one? For example, as I wrote before, I want to use tunnelled traffic on demand. I can imagine it working only with a proxy server on Mikrotik with routed traffic to a tunnel and a browser with proxy-enabled settings. Am I right?
If you want easy switching, different settings for different programs, etc… I would probably recreate something similar to what original ssh solution does. So connect to VPN and then use standalone SOCKS proxy at the same server.
You could go with just SOCKS proxy, but there might be problems with access rules (in case you don’t have own static address), authentication (which is not supported by many programs) and no real privacy when you take what’s going on the wire (SOCKS has no encryption).
Wrap it in OpenVPN and it will be nice and secure. If you’re new to this, it will take more than ten minutes, but it’s not excessively hard. Two extra services might also feel a little too much when ssh already can do the same thing, but what can you do…
You can ask MikroTik if they wanted to extend ssh client, but I wouldn’t count on it.