Tuesday, January 29, 2008

How to tunnel through to internal UMBC web services using SSH and your GL account (to access gnizr!)

This blog post is mostly applicable to Mac users running Leopard (which the vpn.umbc.edu Juniper VPN appliance is not compatable with), but it will also work for anyone with an SSH client who doesn't like UMBC's current VPN implementation.

Prof. Chen sent out a link to some unsupported instructions from OIT on how to possibly get it working (if you are lucky) here: https://spaces.umbc.edu/display/CIG/Web-based+VPN+on+Mac+OS+X+Leopard but after looking over the instructions, they sound like a messy kludge that could possibly break other software on your computer (you are essentially moving around Apple-provided libraries and Applications, causing possibly unexpected behavior).

Here's the basic series of steps for setting up an SSH tunnel for your web traffic through UMBC's GL servers:

1. Open up a terminal to a shell prompt (Terminal.app or an XTerm/rxvt work fine).
2. Run the command "ssh -D 8888 username@linux1.gl.umbc.edu" where username is your UMBC GL username.
2a. If you see the message: "The authenticity of host 'linux1.gl.umbc.edu (130.85.24.91)' can't be established." enter "yes" to accept the host key.
3. Enter your GL password. You should then be presented with a Linux shell prompt. If for some reason the server does not respond, you can try linux2 or linux3 as alternate servers.
4. Open up your web browser, and find the section for configuring web proxies. Leave all fields blank except the one for SOCKS proxy (select v4 if available). For the proxy IP, enter "127.0.0.1" and for the port enter "8888". Apply settings.
5. At this point, all of your outgoing web traffic will be tunneled through the UMBC GL server, which will give you access to any resources inside the campus firewall that restrict outside visitors.
6. Once you are finished browsing internal UMBC sites, disable the proxy in your web settings and exit your SSH connection by typing "exit" in the shell prompt.

Once you are connected and configured, you should be able to go to http://www.getip.com/ and it should show that your traffic is beign tunneled through linux1.gl.umbc.edu.

Feel free to comment if you have any questions or need more specific information. Hope this helps out someone!

2 comments:

Sarah Stanger said...

Thanks! That worked for me.

Alice Carback said...

Thank you, Paul. Works fine for me as well.