# hide ip, vpn or proxy?



## rblon (Mar 20, 2011)

I want to be able to web browse using a Windows machine through my FreeBSD server when I'm at another location (ie not the same internal network). Main reason is to hide my location / ip address.

It seems I can use a VPN server or a proxy server. I'm wondering if someone can give advice. And what would be a good vpn or proxy server for this purpose.


----------



## gkontos (Mar 20, 2011)

rblon said:
			
		

> I want to be able to web browse using a Windows machine through my FreeBSD server when I'm at another location (ie not the same internal network). Main reason is to hide my location / ip address.
> 
> It seems I can use a VPN server or a proxy server. I'm wondering if someone can give advice. And what would be a good vpn or proxy server for this purpose.


A VPN server would be the best solution but not the easiest. Having a proxy server open to the world is not an ideal scenario.


----------



## DutchDaemon (Mar 20, 2011)

If your external location has a fixed IP address you can instruct a proxy server only to allow that particular IP address, or turn on authentication. If you are on dynamic IP addresses, VPN is easier.


----------



## rblon (Mar 20, 2011)

I do want to use authentication. And, the external location has a fixed ip address so I would use the firewall as well to provide security.

What would be a good VPN server?


----------



## gkontos (Mar 20, 2011)

rblon said:
			
		

> I do want to use authentication. And, the external location has a fixed ip address so I would use the firewall as well to provide security.
> 
> What would be a good VPN server?


OpenVPN server is very popular.


----------



## DutchDaemon (Mar 20, 2011)

A.k.a. security/openvpn.


----------



## gordon@ (Mar 21, 2011)

I have used a similar setup before. I setup a proxy server (using apache) and bound the proxy to only listen to localhost:8118. I then used SSH to tunnel my proxy traffic. I found this to be the simplest solution as many workplaces will deny outbound VPN traffic since it is a security risk. It also used software that I already had installed on my work machine (PuTTY) and server (Apache).


----------



## SirDice (Mar 21, 2011)

gordon@ said:
			
		

> I have used a similar setup before. I setup a proxy server (using apache) and bound the proxy to only listen to localhost:8118. I then used SSH to tunnel my proxy traffic.


No need for a local proxy.

`$ ssh -D8080 [email]me@home.example.com[/email]`

Log in and set your browser to use http://localhost:8080 as a SOCKS5 proxy.


----------



## rblon (Mar 21, 2011)

Sorry for my ignorance, but could you explain a bit more how this would work?

Does this need any server running on the FreeBSD machine? 
Can I use Putty with the -D option?


----------



## SirDice (Mar 21, 2011)

rblon said:
			
		

> Does this need any server running on the FreeBSD machine?


Only the SSH daemon.


> Can I use Putty with the -D option?


Yes, look under SSH -> Tunnels. Add a Dynamic tunnel.


----------



## rblon (Mar 21, 2011)

That sounds very simple, but I am not getting it to work.

So I set up my browser to use http://localhost:8080 as a SOCKS5 proxy.

Now before establishing SSH connection, I get following error (as expected):


```
Error 130 (net::ERR_PROXY_CONNECTION_FAILED): Proxy server connection failed.
```

Now when I use Putty to start SSH connection using Dynamic port forwarding, I get the following, which is not very informative:


```
Error 324 (net::ERR_EMPTY_RESPONSE): Unknown error.
```

I am not sure about the "Tunnels" settings (see screenshot), but I have tried variations and I get the same. Any ideas what might be wrong?


----------



## SirDice (Mar 21, 2011)

Remove the two ticked settings at the top, you don't need them.


----------



## rblon (Mar 21, 2011)

I basically have my normal PuTTY session (standard settings, SSH using port 22). I go to Tunnels, type Source port "8080", select "Dynamic" (see screenshot), and press "Add". Then I press "Open", and log in.

In the browser I try to open a standard http page. I don't think any blocking on the FreeBSD machine should take place (firewall allows outbound traffic on port 80). Any analyzing I can do on the Windows machine? netstat command gives me:


```
TCP WINMACHINE:8080 localhost:2104 TIME_WAIT
TCP WINMACHINE:8080 localhost:2105 TIME_WAIT
TCP WINMACHINE:8080 localhost:2106 TIME_WAIT
....
```

after I tried connecting to a website.


----------



## rblon (Mar 21, 2011)

Ok I had an error in my proxy settings.
Now using: SOCKS Host "localhost" and Port "8080"
which was explained here: http://www.makeuseof.com/tag/how-to-tunnel-traffic-with-ssh/

So seems to be working now. It is a very nice solution!


----------

