route browser traffic via ssh to server with vpn acccess

README.md

router setup (since server is behind router)

• forward external port (22 or something else) to server port 22.

server setup

• enable ssh

https://askubuntu.com/questions/2271/how-to-harden-an-ssh-server

• enable ufw, allow port 22
• establish vpn in tmux window

#!/bin/bash
export myvpnip
export myusername
export mypassword

echo $myusername | sudo openconnect --protocol=anyconnect $myvpnip --user=$mypassword --passwd-on-stdin

• run below to fix ssh traffic (so it is not handled via vpn), not sure if this needs to be ran multiple times / and restart network/server.

#!/bin/bash
export myserverip=192.168.Q.int
export mynetmask=192.168.Q.0/24
export mygateway=192.168.Q.1
export mydevice=wlan0

sudo ip rule add from $myserverip table 128
sudo ip route add table 128 to $mynetmask dev $mydevice
sudo ip route add table 128 default via $mygateway

client setup

• install ssh (for Windows, maybe install git which will come with ssh) and setup ssh-key (see ssh-key setup link in Reference)

• run below

ssh -D 8080 -p 22 ${router-public-ip}

• setup sock to be at 127.0.0.1:8080, see client setup link in Reference

Reference

• ssh

https://askubuntu.com/questions/2271/how-to-harden-an-ssh-server

• vpn with openconnect

https://askubuntu.com/a/687848/231735

• ip routing stuff

https://unix.stackexchange.com/questions/93810/how-to-set-up-ssh-server-with-vpn-tunnel-policy-routing-for-sshd-service

https://unix.stackexchange.com/questions/237460/ssh-into-a-server-which-is-connected-to-a-vpn-service

https://unix.stackexchange.com/questions/365285/how-to-allow-ssh-into-terminal-after-connecting-to-vpn-server-using-nordvpn-serv?rq=1

https://serverfault.com/questions/659955/allowing-ssh-on-a-server-with-an-active-openvpn-client

• client setup

https://stackabuse.com/how-to-tunnel-http-with-ssh

https://chrome.google.com/webstore/detail/socks-proxy/odiakldnmmpjabkemfboijigageaelcn?hl=en

• ssh-key setup

https://gist.github.com/stormpython/9517102