Tomato SSH surf the web

Discussion in 'Tomato Firmware' started by FabachM, Aug 27, 2008.

  1. FabachM

    FabachM Network Guru Member

    Hi everybody,

    due to big www restrictions in my company network, i would like to surf the web via SSH!
    first i tried to establish a RDP connection to my home computer, which worked perfect!

    So now i would like to be able to add a proxy in the IE or Firefox (company PC) and be able to surf with the internet connection @ home via SSH!

    I tried the following:

    1. set up a Putty SSH Connection to my home router
    - Add Tunnel: D3100 (Source port: 3100 Dynamic)

    2. Open the connection
    - enter username and password --> Connection sucessfully established

    3. set up firefox:
    - proxy settings: Socks v5: localhost 3100

    4. tried --> nothing worked!

    Look here for a detailed manual a other user postes but whit DD-WRT firmware! He said it worked for him! I tried to do the same, but it didn't work for me!

    What did i do wrong?
    Is there a other solution for my problem!

    Thanks in advance
  2. ziddey

    ziddey Network Guru Member

    Whoa, that's pretty cool. I didn't know you could just specify a socks. I always used hummingbird or something else.

    That said, I just tested it with a tomato router and it works just fine.
  3. bripab007

    bripab007 Network Guru Member

    Yes, it works for me, too.
  4. FabachM

    FabachM Network Guru Member

    damn, what did i do wrong,

    anyway, i will try it again tomorrow! have you done everything as i described it or "as the link i postes says"
  5. bripab007

    bripab007 Network Guru Member

    No, I just followed the article.
  6. occamsrazor

    occamsrazor Network Guru Member

  7. humba

    humba Network Guru Member

    The OP asked for alternatives and there are: You can use OpenVPN, and configure it so that all traffic goes through your home network. Or do only web traffic using a socks proxy on tomato (see the post above). OpenVPN has the advantage to be https based.. some companies block pretty much everything but https is generally open.. even if you have to pass through a proxy.
  8. FabachM

    FabachM Network Guru Member

    thank you for your suggestions!
    i don'T know much about openvpn yet!
    do i need aa aditional server, so if yes, it won'T be suitable for me, because i don't want to run a computer while i am not at home!
  9. occamsrazor

    occamsrazor Network Guru Member

    Do you not need some type of proxy in addition like sRelay running on the home router? Or is it possible to configure OpenVPN to do this on its own?


  10. humba

    humba Network Guru Member

    OpenVPN alone will do.. however as I said, it will router all traffic through your home network.. not just http but really everything (including dns.. then again if you want to visit unsavory sites this would be exactly what you want)... except for traffic that stays in your local subnet.

    The alternative is openvpn without setting a default proxy.. in that case, you can still reach the home subnet (and whichever other subnets you have configured to be routed) but the default gateway is still the one from your office. So,if you want to have http go through your come connection, you'll need a proxy in your home network (like srelay). That means only http(s) will go through your home Internet connection and the rest will still go out via the office.
  11. occamsrazor

    occamsrazor Network Guru Member

    Thanks, that's very informative. Am I correct in saying you can route ALL traffic via the home router using a client-side configuration only? And how would you do that? I seem to remember it's something like this to add to your OpenVPN config....

    route-gateway (home router local IP)
    redirect-gateway def1

    Is that right?

    To the Original poster - Apologies for somewhat hijacking this thread, but if you do go down the OpenVPN route I guess it will be useful... And to answer your question, no you don't need another server, the OpenVPN server can be installed into the router itself. It's really very handy, once connected it's just like you were at home connected to your router with an ethernet cable, and works well after the (slightly tricky) setup.

    See here more information than you could ever, ever want to know.... :)
  12. humba

    humba Network Guru Member

    it's been a while since I did that but it looks alright. This should set your default gateway to def1.
  13. Edrikk

    Edrikk Network Guru Member

    It's fairly simple to do. Here's what I recommend (assuming that you have your keys setup/can connect to SSH already):

    1) Go to and download/install the tunnelier SSH client on the PC.

    2) Setup Tunnelier as follows:
    Login Tab:
    "Host" is the IP of your home (Router).
    Port 22 (default SSH port on router)
    username = root
    initial method + passphrase entered depending on your SSH server setup

    Services Tab:
    "Socks / HTTP Proxy Forwarding" enabled
    Listen Interface
    Listen Port Port on the PC that the Proxy server should listen on (eg 28280)
    Server Bind Interface

    C2S Forwarding:
    Set this up as you wish for other protocols... For example, if you want to connect to Remote Desktop, you would create an entry saying:
    Listen Interface
    List. Port: 5900
    Destination Host: (your home PC behind the router)
    Dest Port: 5900

    You should now connect to the router's SSH server.

    3) USING FIREFOX (this is important), do this:
    Tools --> Options --> Advanced --> Network --> Settings
    Set to "manual proxy configuration"
    Set all fields to blank address with port 0 (zero)
    Set SOCKS host to localhost and port to what you defined in Tunnelier (eg 28280).
    Set SOCKS version to SOCKS v5
    Accept your way back out of the options pop-ups.

    4) In the Mozilla URL bar type about:config
    In the Filter filed type socks_remote_dns
    Double clicking on this sets its value to "true"

    You should now be able to surf and do pretty much any activity through an SSH tunnel.
    The reason for setup "4" is that if you are browsing the Net, by not doing this your DNS lookups will happen on your side of the SSH tunnel. By setting this option, your SSH Server (Tomato's Dropbear) will perform the DNS lookups. So there will be absolutely no trace of where you went on the local server's DNS even.

    I said you should try Mozila because IE and others dont offer this functionality.... You can do a google search for "DNS Leak" and I think you'll find some hits on this...

    Hope this helps.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice