This post is for the long tail since only a few will find it helpful, but for those it may just be the dramatic productivity booster they were looking for.
Imagine a scenario where you have a dedicated machine on you local network and only that machine has a VPN client installed, which allows access to important protected resources, like a web and/or a git server.
Of course you could just use that machine to do all the work related to those protected resources. However, that machine might not be the most suitable; maybe it has a crappy butterfly MacBook keyboard or running loads of imposed services slowing it way down, whatever it might be … Still it’s the machine, to create a VPN connection .. so let’s use it for just that.
Let’s open the VPN-client on that machine (let’s call it the butterfly), enter the credentials and let it connect to the VPN server. Make sure that the machine never goes to sleep and finally find its IP address on your local network (e.g. 192.168.200.42, just to have an example to work with.) The important thing here is that the butterfly has a working VPN connection going .. Moreover, in System Preferences/Sharing, these selection may be helpful:
No need to worry about that thing with the butterfly keyboard any longer. Let’s move on to the machine you really like to work on, on which every now and then you need to connect to the aforementioned VPN, so let’s use the butterfly as a go-between.
go-be·tween| ˈɡō bəˌtwēn | noun an intermediary or negotiator
open a terminal and enter:
ssh -D 8080 -N email@example.com
Obviously, the IP of your butterfly will be different and your user name on the butterfly won’t be wpaulus 😉
Before the ssh tunnel will be opened, you will need to enter the password of your user-account on your butterfly.
Let’s leave that terminal open for a while …
A better and much more convenient approach is to use key authentication and therefore not have to enter a password every time you want to start the proxy. E.g.
#!/bin/sh echo "starting local sock5 server as a proxy" ssh -D 8080 -N firstname.lastname@example.org -i ~/.ssh/wpaulus_rsa &
Browsing the protected Web
If you need to connect to a protected Web site, then this shortcut will open Google Chrome. (You don’t use Chrome as you default browser, but still have it installed, don’t you?) It will not just open it Chrome, it will also route all the traffic through the butterfly.
Open another terminal and enter:
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --proxy-server="socks5://127.0.0.1:8080" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost"
Again, putting this into a script may make sense:
echo “launching Chrome, setting the local sock5 server as a proxy”
“/Applications/Google Chrome.app/Contents/MacOS/Google Chrome” –proxy-server=”socks5://127.0.0.1:8080″ –host-resolver-rules=”MAP * 0.0.0.0 , EXCLUDE localhost”
Here’s the big one: GIT
Let’s imagine a git server (e.g. github.COMPANY.com) not only protected by the VPN, but also using the socks5 protocol for access. I.e., you have a private key stored in your ~/.ssh/ directory and use that key to access the protected git server.
The easiest way to navigate this is to enter an entry for the protected git server in your ~/.ssh/config
Maybe something like this may do the trick:
Host github.COMPANY.com HostName github.COMPANY.com User git IdentityFile ~/.ssh/my_company_git_id_rsa ProxyCommand /usr/bin/nc -X 5 -x 127.0.0.1:8080 %h %p
This assumes that the the protected git server is accessible from the butterfly with this name github.COMPANY.com.
Moreover, the key you access the protected git server is stored here: ~/.ssh/my_company_git_id_rsa
There might be one more obstacle, the name “github.COMPANY.com” may not be resolved by a public DNS like Google’s 18.104.22.168 meaning, you will have to figure out the IP address of github.COMPANY.com, maybe by using
on the butterfly and enter it manually into your /etc/hosts file.
Git GUI clients
SourceTree, my preferred git GUI client, works with these small adjusts just fine and equally well on the public GitHub and on the protected git server.
That’s all .. 🙂