ssh tunnels

hurricane

New Member


Messages: 18

I use ssh tunnels to visit some websites, but it's always very slow, often only usable for several minutes, and then became too slow to visit any websites. Been using ssh tunnel on dozens of servers with various ISPs over more than a decade, never been able to make it fast and consistent, e.g. watch a one-hour long HD video on youtube.

Is this normal? Can it be improved?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,409
Messages: 29,985

It's going to depend heavily on the network where the tunnel runs on. The contents of the tunnel are depending on the stability of the tunnel itself. Running a tunnel over a dodgy network doesn't magically make the tunnel contents stable.
 

rufwoof

Active Member

Reaction score: 73
Messages: 224

Not 'normal'. I run my desktop (laptop) in London and pretty much route all my internet access/traffic via a ssh tunnel (socks) to a New York based ssh server, and browsing, playing youtubes etc. all work fine.

I set up a socks proxy
Code:
ssh -D 9999 -q -C -N <userid>@<ssh-server>
and in Seamonkey or Firefox you set the Preferences to use that socks5 proxy in the Proxy configuration section (I'm using port 9999 in the above, so proxy of localhost port 9999). For Chrome I start it with a command of
Code:
google-chrome --proxy-server="socks5://localhost:9999"
For firefox/seamonkey I tick the box that asks whether dns should also be via the socks proxy (you can check that's working by using something like dnsleaktest.com)

That's using ssh keys, so no passwords need to be entered when starting the tunnel.

For vlc its weird IMO, the setting is under Tools, Preferences and then you have to click the advanced/show all options and its under Input/Codecs and then scroll around halfway down that long list until you find Socks Server into which I enter localhost:9999
 

aragats

Daemon

Reaction score: 503
Messages: 1,223

It's not normal. I've seen similar issues when used various networks with different MTUs. You don't want to split SSH packets, you should set the MTU to the lowest value among those of other networks.
The default MTU is 1500, e.g. many DSL ISPs use 1492 or less.
 
OP
OP
H

hurricane

New Member


Messages: 18

Not 'normal'. I run my desktop (laptop) in London and pretty much route all my internet access/traffic via a ssh tunnel (socks) to a New York based ssh server, and browsing, playing youtubes etc. all work fine.

I set up a socks proxy
Code:
ssh -D 9999 -q -C -N <userid>@<ssh-server>
Thank you very much for sharing your experience with great details. I use putty, a little hard to replicate all your options. I'm now trying Windows PowerShell, I couldn't connect to the server, not sure why, didn't get any errors. Anyway, now I know ssh tunnel is capable of normal browsing, will figure out how.
 

OJ

Daemon

Reaction score: 315
Messages: 1,148

I use a tunnel to connect to my mail server. My preference is for starting the tunnel by hand, so In my .cshrc I put this alias:

Code:
alias mail ssh -f mail@123.123.123.123 -L 2000:123.123.123.123:25 -N
My mail program is then configured to use port 2000. The user for the server is "mail" in the example above. Chose thing you like for name and port.
 

rootbert

Member

Reaction score: 3
Messages: 33

maybe try to stick to cable and avoid wireless ... this was my number 1 cause for strange network behaviour over the last 15 years.

what I have noted over many years with strong encrypted network protocols (ssh, https, openvpn): quite often its a problem of wireless networks ... the quality of equipment matters. some of our clients simply could not connect to our openvpn services when we switched the encryption method, some had problems with their isp/mobile connection and some even with their cheapest home-wifi-aps. Same problem occured for some devs with our ssh-jumphosts.

And finally: I am travelling at the moment, being in Bolivia, and started a debug session with my bank (!) since the tls handshake could not complete via the bad mobile network ... solution was to setup an aes128 openvpn tunnel to my servers and connect via that (hmpf).
 
Top