I use the following to not have to use the VPN software, this will create a SSH tunnel to a machine in NCSA, and then proxy traffic to specific hosts. This is probably a mac only solution.

Startup script

This script will do a few things, create a SSH tunnel, start a simple webserver for the auto proxy file, and monitor SSH and server in case on crashes.

run.sh
#!/bin/bash

# some config variables
SSHSERVER="somemachinein.ncsa.illinois.edu"
PROXYPORT=9050
WEBPORT=5678

# trap specific signals
trap cleanup INT
trap checkup CHLD

# check all child processes
function checkup() {
  if [ "$SSHPID" != "" ]; then
    if ! kill -0 ${SSHPID} &> /dev/null ; then
      echo "ssh is dead [${SSHPID}]"
      cleanup
    fi
  else
    echo "SSH is dead"
  fi
  if [ "$WEBPID" != "" ]; then
    if ! kill -0 ${WEBPID} &> /dev/null ; then
      echo "webserver is dead [${WEBPID}]"
      cleanup
    fi
  else
    echo "WEB is dead"
  fi
}

# cleanup function at the end
function cleanup() {
  trap - INT
  trap - CHLD

  # turn off proxy
  networksetup -setautoproxystate "Wi-Fi" off

  # kill webserver
  if [ "$WEBPID" != "" ]; then
    if kill -0 ${WEBPID} &> /dev/null ; then
      echo "Killing webserver [${WEBPID}]"
      kill ${WEBPID}
    fi
  fi

  # kill tunnel
  if [ "$SSHPID" != "" ]; then
    if kill -0 ${SSHPID} &> /dev/null ; then
      echo "Killing ssh [${SSHPID}]"
      kill ${SSHPID}
    fi
  fi

  exit 0
}

# kill existing tunnel and start a new one, otherwise we can't trap CHLD
OLDSSHPID=$(pgrep -f 'ssh -D ${PROXYPORT}')
if [ "$OLDSSHPID" != "" ]; then
  kill ${OLDSSHPID}
fi
ssh -D ${PROXYPORT} -f -q -C -N ${SSHSERVER}
SSHPID=$(pgrep -f "ssh -D ${PROXYPORT}")

# kill existing server and start a new one, otherwise we can't trap CHLD
OLDWEBPID=$(pgrep -f 'SimpleHTTPServer ${WEBPORT}')
if [ "$OLDWEBPID" != "" ]; then
  kill ${OLDWEBPID}
fi
python -m http.server ${WEBPORT} 2> /dev/null &
WEBPID=$(pgrep -f "http.server ${WEBPORT}")

# fix proxy
networksetup -setautoproxyurl "Wi-Fi" "http://localhost:${WEBPORT}/proxy.pac"

# show proxy setup
echo "export http_proxy=socks5://127.0.0.1:${PROXYPORT}"
echo "export https_proxy=socks5://127.0.0.1:${PROXYPORT}"

# now just wait
while [ 1 == 1 ]; do
  sleep 1
  checkup
done

Auto Proxy File

This file is a list of all URL's that go over the SSH tunnel

proxy.pac
function FindProxyForURL(url, host) {
  if (shExpMatch(host, "nebula.ncsa.illinois.edu") ||
      shExpMatch(host, "netdot.ncsa.illinois.edu") ||
      shExpMatch(host, "bhr.ncsa.illinois.edu") ||
      shExpMatch(host, "bhr.security.ncsa.illinois.edu") ||
      shExpMatch(host, "events.ncsa.illinois.edu") ||
      shExpMatch(host, "events.ncsa.uiuc.edu") ||
      shExpMatch(host, "ba.engr.illinois.edu")) {
    return "SOCKS localhost:9050";
  }

  return "DIRECT";
}
  • No labels