Post

Access VPN outside your work laptop via SSH tunneling

Posted
By Amal Rajan 2 min read

When working for an organization, you connect to their internal servers using a VPN. For security reasons, accessing their network with any device other than the company-specified one is usually not allowed.

On Your Mac:

Enable remote SSH on macOS, and connect both machines to a common wireless network. Alternatively, create a wireless hotspot from your Windows machine and connect your Mac to this network. Navigate to System Preferences and set a DHCP IP with a manual address. For example, if our gateway address is 192.168.137.1, you will need to specify the IP accordingly.

On Your Windows Machine: Using PuTTY or Your Preferred Terminal

Add a source port (I’ve chosen 9990, but you can use any unused port) and select ‘Dynamic’. Then click ‘Add’ to see an entry under “Forwarded Ports”. Click ‘Open’ to begin your SSH session. Save this session for future convenience.

On Your Windows Machine: Firefox Browser

I use a separate browser with its own proxy settings so that I do not need to switch settings back and forth on my main browser. Configuring a SOCKS5 proxy tunnel on your browser will allow access to VPN-bound addresses on your personal machine. There might be alternatives, but I find this method more convenient.

On Your Windows Machine: VS Code and SSH Jumping

Access your development environment via a double SSH connection sequence: Your Windows Machine -> Your Mac with VPN enabled -> VM running on a cluster. This setup is particularly beneficial when you possess a high-performance gaming rig and prefer to maintain your development workflows on it.

Install the Remote SSH extension from the marketplace.

Press Ctrl+Shift+P -> Edit your .ssh files and add these lines:

1
2
3
4
5
6
7
8
9

Host jump-host-ip-address
  HostName jump-host-ip-address
  User jump-host-username
  IdentityFile ~/.ssh/jump-host-private-key

Host remote-server-ip-address
  HostName remote-server-ip-address
  User remote-server-username
  ProxyJump jump-host-ip-address

Replace HostA and HostB with the IP addresses of your Mac and the remote server, respectively. The username should correspond to that used within each operating system.

That’s all. Now, when you connect to the remote host, you should see a prompt requesting passwords for each machine twice. To circumvent repeated password entries, consider configuring passwordless SSH on both machines.

Software Engineering
computer-networks cloud-computing
This post is licensed under CC BY 4.0 by the author.