For some time I’ve used SSH tunnels as a means to pretend that I’m somewhere else to avoid geography filters, or to otherwise sneak past content filters. This is fine for regular HTTP(S) traffic from a browser, where it is easy to define a proxy server, but doesn’t work so well for other applications – for example the desktop version of TweetDeck seems to completely ignore proxy settings.

I went in search of a network adaptor that would hook up to an SSH tunnel, and what I found was OpenVPN [1]. I set this up on a small cloud server, a process that I can only describe as trivial – the quick start guide is great. This was quite a contrast to my experience of trying to set up L2TP on Ubuntu a few weeks earlier.

By default the OpenVPN daemon listens on port 443, which is the same port that I normally use for SSH tunnels (as most content filters block the regular port 22 for SSH) [2]. The admin interface runs (over HTTPS) on port 943, though I took the precaution of turning off binding to a public IP [3].

Client installation was also straightforward, a simple download and install followed by putting the IP, username and password into the startup dialogue box.

For those that can’t be bothered with running their own cloud server or VPS there’s a service version called Private Tunnel, which charges by bandwidth consumed rather than any other metric like month, machine or whatever.  I’ve not used it myself, and the Ts&Cs aren’t as benign as I’d like, but it may well be the easy/cheap option.

My only complaint is that there’s no iOS support, and this isn’t the sort of thing that can be done with an app – it would need to be baked in to a future version of iOS, and sadly I can’t see why Apple would be in any hurry to do that [4].

[1] As the Wikipedia article explains, OpenVPN doesn’t actually use SSH, but it’s certainly close enough, and achieves what I was looking for.
[2] I have once run into trouble with a very clever filter realising that I was using SSH rather than SSL/TLS, though in that particular case it was happy for me to run SSH over port 22, so no harm done.
[3] If I want to do any admin then it’s straightforward enough to SSH into the box and then run a web connection through a tunnel to the localhost loopback.
[4] There does appear to be some support for jailbroken iOS devices, but that isn’t an option for me if I want my Good for Enterprise client to keep passing its compliance checks. It looks like for the time being I’ll have to stick with using iSSH for an SSH tunnel to one of my VPSs running Squid.