[gibs0ns]

I've generally considered an SSH tunnel as a poor man's VPN. If you're going to the effort to spinup a machine, and use SSH anyway, i find it much easier to use `ssh user@server.com -D 4444` then I can set my browser's proxy settings to use localhost:4444 as a SOCKS5 proxy. For those apps that don't have native proxy support, I use proxychains to force them over a proxy connection.

Ofcourse this is only useful for a single user, and for devices that can use ssh and proxies.

[qiqitori]

Just be careful with -D, as it is relatively easy to accidentally make it possible for other computers to use your computer as a proxy too. By default, GatewayPorts in the sshd config is set to 'no', which will prevent this from happening. However, you or someone else may have set this to 'yes' at some point for some purpose. To be safe even in that case, you may want to use 'ssh -D127.0.0.1:4444' instead of just '-D4444'.

I have accidentally opened an internal network to the public this way. (Nothing bad happened.)

[forty]

I just want to mention sshuttle [1] which self describes as poor's man VPN and works well in my experience.

[1] https://github.com/sshuttle/sshuttle

[ShortStretto]

I've recently come across sshuttle and wondered if there was a Windows alternative, anyone know of one?

[Wheaties466]

proxifer works ridiculously well for me. Its not free though.

https://www.proxifier.com/

[rkeene2]

That is a SOCKS5 proxy (as you said), however SSH can pass IP packets or Ethernet frames:

https://rkeene.org/viewer/tmp/ssh-ip-tunnel.txt.htm

[anotherhue]

Doesn't this have all the usual TCP over TCP issues?

[ajsnigrutin]

yep, fragmented packets and double confirmations, but if you're using it to order pills and read some US news, it doesn't really matter.

[suifbwish]

Haha I came here to say just that. Using NAT and routing you can setup the machine initiating the client ssh connection to act as an internet gateway for the clients that have its IP set as their gateway. Did this with a raspberry pi before.

[adevx]

Easiest option in the book. The only downside I face with this is frequent captcha requests as the IP range (Hetzner/IPv6) is marked suspicious. Probably because it is flagged as a server range vs domestic.

[axegon_]

This is what I've always done should I face some blocking or whatever - spin up the lowest tier vm on gcp in whichever region suits me, do my business, kill and bury the vm.

[daxuak]

Second this. I haven't tried proxychains. iptables with redsocks[1] for redirection works pretty nice.

[1] https://github.com/darkk/redsocks

[chinathrow]

I used this method in China in 2009 and after a couple of minutes, the packets began to drop.