Tunneling with PuTTY

etc... 2013. 8. 19. 15:00

Disclaimer: This article is intended for informational/educational purposes only. I do not advocate or condone illegal/unethical behavior, and assume no responsibility or liability for any consequences resulting from the use of the information below.

Tunneling is the process of encapsulating one kind of network traffic (the payload) inside of another kind of network traffic (the container). The resulting traffic would look just like the container traffic to an outside observer.

A common type of network tunnel is the SSH tunnel, which can be used to transfer network traffic through untrusted zones in a secure way. With an SSH tunnel, each packet of the payload traffic is wrapped inside an encrypted SSH packet.

SSH tunnel usage examples

Secure your Internet traffic at the coffee shop

Let's say you would like to transfer your personal email or Internet browsing traffic through an untrusted zone like a public WiFi network. You could create an encrypted SSH tunnel from your computer to a trusted network to ensure your traffic stays secure.

(See poorly-drawn whiteboard diagram above)

Circumvent firewalls and web filters

Firewalls and web filters block access to websites and other Internet services, usually for the purpose of squelching content and services deemed inappropriate by the individuals, organizations, or governments controlling them. The problem is, these systems also prevent access to useful and important content and services. This can result in anything from minor annoyances like being blocked from Wikipediaat school or work, to a government censoring political events.

Creating an SSH tunnel with PuTTY

Here's a guide on how to create an SSH tunnel with PuTTY. This guide makes the following assumptions:

  • You have a Windows machine and administrative access
  • You have SSH access to a trusted server
  • The network you are tunnelling through allows SSH traffic

Install PuTTY on your computer

Download and install PuTTY from its download page.

Test the connection to your SSH server

Run PuTTY and make sure you can connect to your SSH server from the network you're trying to tunnel through.

Set up PuTTY as a local proxy

Once you're sure you can connect to your SSH server normally, you can set PuTTY to act like a local SOCKS proxy, and tunnel all of your system's traffic to your SSH server.

  1. Under connection, expand SSH, and click on Tunnels
  2. Enter a local source port to run the proxy on, e.g., 8888, and choose Dynamic for the Destination
  3. Click add

Note: It's probably a good idea to save this configuration as a session so you don't have to configure it each time.

Configure Windows to connect through the proxy

Next, we'll need to configure Windows to connect through the local proxy you just created.

  1. Open Internet Options from the Control Panel
  2. Click on the Connections tab, and then the LAN settings button
  3. Check the box Use a proxy server for your LAN and enter localhost for the Address and the port number you chose in the last step, e.g., 8888 in the Port field
  4. Click OK and OK again

Note: Alternatively, you could set up individual programs to use the proxy instead of your whole system.

Log in and connect

That's it! Just log into your SSH server like normal, and the tunnel should open up. Now you're browsing with portals tunnels.