If you want to have a secure browsing environment or just want to access your home network securely without exposing extra services to the internet and without the mess that comes with setting up and maintaining a VPN server, ssh tunneling is your rescuer. In this post, I’ll tell you how to setup an ssh tunnel to your home network easily. Also look for some bonus tips at the end ;)
This article assumes that you have already installed and setup a ssh server (you can probably use openssh). Also, it assumes that the ssh server is accessible from the internet (i.e. you have appropriately forwarded the port on which ssh server is running). I’d also recommend that if you do not have a static IP for your home network, then sign up for a dynamic DNS service (I use dyndns.org) so that you can access your home network easily by using a domain name (e.g. myserver.dyndns.org) from outside.
Now, here is a step by step guide on what to do on your Android Phone (I’m doing this on a Nexus one but should be same for you as well): 1. Install an app called “connectbot” from the android marketplace. It is a FREE ssh client for android.
- Open it and add the IP (or dynamic domain name as suggested above) and the port on which ssh server is running to the bottom and connect.
- Once connected, press the menu button and select the icon which says “Port Forwards”
- On this screen you can configure the ports to be used for tunneling. As you can see I already have my firefly server port configured for music streaming over itunes’ DAAP protocol. Now, you can press “menu” button and click on “Add ports” and go to step 4.
- You will see the dialog box as shown below. Here you can configure mainly two types of ports.
4a) First is for services that you want to access already running on your home network. e.g. in my case, I have a firefly media server (mt-daapd) running on a port “12345” and I want to access this just like I was on LAN over my home wi-fi. In such a case, select “type” as “Local”, source port as , say “56000” and destination as “ip:port” where ip is the your home local area IP of the machine on which the server is running (My server runs on router itself, which has IP 192.168.1.1) and the port is the actual port on which server is running (e.g. 12345 as we mentioned above). After doing this, just open the respective client app on your phone which wants to connect to this server and enter “127.0.0.1” as the ip and “56000” as the port to connect to and it will connect to server as if you were on your home network even over 3G or your office wi-fi.
4b) Secondly, you can use this tunnel to route all traffic to internet through home connection. For this, choose the type as “dynamic” and source port as, say, “ 56001”. You don’t need to select a destination port here because any traffic that comes over this tunnel will be routed back to the internet using the destination ip and port as desired, e.g., specified in a browser’s address bar.
**Bonus: **As I promised above, here is the bonus. For media streaming, you can use mt-daapd or firefly server on your home network, especially on a router like asus wl-500 or any other hackable router with custom firmware. For more info about how to set it up, you can check these posts: Latest Firefly server for your router and firefly sqlite error solution. For android side things, install the “DAAP Client” app from the market place and click on “Add server” option and follow step 4a as mentioned above. And there it is, your own music streaming service anywhere in the world, over edge/3G or any other network :)