Last week, I took a Megabus from New York to Boston. It’s a four-hour trip and Megabus advertises free wifi, so I expected to be able to get in some serious undisturbed working time.
Imagine my disappointment when I opened my laptop, connected to wifi, tried to ssh into a server I’m working on, and then watched helplessly as ssh timed out again and again without connecting.
I’m not exactly sure what Megabus is doing, but my guess is that they block all non-web traffic (probably primarily to avoid torrents hogging bandwidth), and they do that by just blocking all network traffic on ports other than 80 and 443 (the traditional http port), or by filtering certain communications protocols like SSH. Once I got to Boston, I tried to use another guest wifi network that was also randomly blocking ports I needed to connect to other servers, so I decided to put a stop to this nonsense once and for all.
The solution? Create a (mostly free) micro server on Amazon’s EC2 cloud and use it as a “poor man’s VPN” by routing all traffic from your laptop through the server and from there out onto the internet. The worked marvelously on the Boston guest wifi, and as I’m writing this it’s letting me connect to EC2 servers via SSH on a Southwest flight.
This is easier than it sounds to set up, provided you have directions. So…here you go!
1) Launch an EC2 micro server instance running Linux. This is straight forward but a bit complicated if you haven’t done it before, so if you need help Google something like “quickstart set up EC2 server linux” and you should find a good guide.
2) Ssh into your server (“ssh ubuntu@your-host-name”)
3) Open up /etc/ssh/sshd_config (“sudo nano /etc/ssh/sshd_config”)
4) Find the line “Port 22”, and under it add the line “Port 80” (the normal web port) and “Port 443” (the https port) – this tells the server to listen for incoming ssh connections on Port 80 and 443 as well, which will almost always be unblocked on guest wifi because they’re needed for web traffic.
6) Go into the sshuttle folder, and type “./sshuttle -r username@sshserver:80 0.0.0.0/0 –L 127.0.0.1:443 -vv
That’s all there is to it!
Now all of your TCP traffic will be securely routed to your server through port 443 via ssh, and then forwarded on to the internet by your EC2 server.
This has two benefits:
1) No more pesky port / protocol blocking on the guest wifi
2) All your data transmitted over the open wifi network is encrypted, so you can’t be snooped on with wireshark.
Now you can do whatever you want and Megabus (and now confirmed on Southwest Airlines) can’t say a darn thing about it. Unless they, you know, change their security policies.
If you like this guide, follow me on twitter (@rogueleaderr) for more like it soon.
WARNING: this only encrypts TCP traffic, not other kinds like DNS (unless you use an extra flag in sshuttle) or UDP etc. So some kinds of traffic may still be snoop-able. Also, you are not anonymous since your traffic can still be traced back to your EC2 server, which has your name on the billing records. So not that you would anyway, but don’t go committing any cybercrime.
Edit: I’m shocked by how much traffic this post got. I’ll freely admit that I’m a networking n00b and that although this approach worked for me it’s probably not ideal. Many commenters on the Hacker News thread had great suggestions for alternative approaches. Check out the comments at http://news.ycombinator.com/item?id=4410195 for more options on how to get around network restrictions.
- mostlyjudson likes this
- possibletsdsd likes this
- klaatu reblogged this from rogueleaderr
- online-careers likes this
- beebedennis reblogged this from rogueleaderr and added:
- ourmrsreynolds likes this
- kurt-penberg reblogged this from rogueleaderr
- kurt-penberg likes this
- gregorynicholas likes this
- steph reblogged this from rogueleaderr
- mcchots likes this
- lukezxz reblogged this from rogueleaderr
- thevandalyst likes this
- thevandalyst reblogged this from rogueleaderr
- tcn33 likes this
- tcn33 reblogged this from rogueleaderr
- drpizza reblogged this from rogueleaderr
- silviu likes this
- mostsavagedetective reblogged this from rogueleaderr
- vigerpersinger likes this
- internetryan likes this
- wiitns likes this
- fusedreality likes this
- jaisons likes this
- billyto likes this
- wolfiestyle likes this
- awesome-random-blogs likes this
- igirishhh likes this
- igirishhh reblogged this from rogueleaderr
- wertyuikjhgfd likes this
- ollierelph likes this
- sobayoi reblogged this from rogueleaderr
- nolanroberson reblogged this from rogueleaderr
- nolanroberson likes this
- wilcovd reblogged this from rogueleaderr
- kalany likes this
- peteforde likes this
- asherehsa reblogged this from rogueleaderr
- haru23 reblogged this from rogueleaderr
- giles reblogged this from rogueleaderr
- frankyurban likes this
- chili-gin-gins likes this
- marcelt likes this
- clsnyder reblogged this from rogueleaderr
- lionheartedone reblogged this from rogueleaderr
- brian-ward likes this
- evandrix reblogged this from rogueleaderr
- evandrix likes this
- jeremystein likes this