Using SSH tunneling to bypass geo-blocking sites.

Introduction

Medium is one of the most popular sites for reading in VN but due to censorship, today I can’t access Medium directly anymore. Over a year, I use some tools such as Hola VPN and Tor Browser to bypass this restriction and access any geo-blocking site that I want, however VPN costs money and Tor Browser by far using many routers and encryption to let you access the internet anonymously cause pretty slow connection. That why this article came into existence as a result of creating my own free proxy server using AWS’s EC2 instance and SSH tunnel. Now, let’s get started.

Prerequisites

• AWS free tier account.
• Unix-based OS
• Google Chrome
• Basic knowledge about AWS’s EC2, SOCKS (Socket Proxy Server), SSH tunneling.

Set up AWS’s EC2 instance and SOCKS5 SSH tunnel

1. Note that the instance you will create located in the region that allow access Medium site.
   
   

   

   
   

2. Login to your AWS account and search for EC2 in the top bar.
   
   

   

   
   

3. Click to the button Launch instance
   
   

   

   
   

4. Select Amazon Linux instance (Please ensure that you have free tier eligibility ~ are available for 12 months following your AWS sign-up date, you will be charged after expired.)
   
   

   

   
   

5. Select instance type
   
   

   

   
   

6. Review and launch
   
   

   

   
   

7. Create a key pair in order to connect your instance securely.
   
   

   

   
   

8. Step 7 will bring you here. You have an instance act as remote proxy server running Linux. Let click to the connection button in order to get tutorials about how to connect EC2 instance through SSH connection.
   
   

   

   
   

9. Follow that tutorials.
   
   

   

   
   

10. Alter a bit, and your SSH tunnel setup have already done. Note that when you stop and restart EC2 instance, the public-ip4-dns will be change.

    ssh -N -D 1337 -i /path/to/*.pem ec2-user@public-ip4-dns
    

    The options used are as follows:

    • -N - Tells SSH not to execute a remote command.
    • -D 9090 - Opens a SOCKS tunnel on the specified port number.
11. For more information, pls check AWS’s official docs.

Launch Google Chrome with proxy

1. Execute the following command

    /usr/bin/google-chrome \
        --user-data-dir="$HOME/proxy-profile" \
        --proxy-server="socks5://localhost:1337"
   

2. A new Google Chrome profile is launched, let’s access https://www.medium.com and enjoy the results.

Summarize

You set up a SOCKS 5 tunnel in 2 essential steps. The first one is to build an SSH tunnel to a remote server.

Once that’s set up, you can configure your browser to connect to the local TCP port that the SSH client has exposed, which will then transport the data through the remote SSH server.

It boils down to a few key actions;

• You open an SSH connection to a remote server. As you open that connection, your SSH client will also open a local TCP port, available only to your computer. In this example, I’ll use local TCP port :1337.
• You configure your browser (Chrome/Firefox/…) to use that local proxy instead of directly going out on the internet.
• The remote SSH server accepts your SSH connection and will act as the outgoing proxy_/vpn_ for that SOCKS5 connection.

Reference

• https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/
• https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel
• https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters

Thank for reading.