Can an SSH remote resolve network requests through an SSH client connecting to it - allowing a client to share a VPN with the remote?

Question

I have a remote machine running Linux that I SSH into and use for development purposes (compiling, language server, running, etc).

My local computer is essentially a thin client. I use remote development tools to blend the environments and I forward the required ports manually with -L.

Some services require an active VPN connection to access and I haven't configured the VPN connection on my remote.

Is there a way to have my remote machine resolve network requests through my local machine's network - there by sharing the VPN with it when I connect via SSH?

Answer 1

In general, no.

You can forward individual services using -R (the opposite of -L), so that the remote tools connect to e.g. "localhost:12345" and it's forwarded through the local client.

OpenSSH has an "IP tunnel" extension under -w which can be used in either direction, e.g. you configure a default route via tun0 on the server so all packets go through the client – but this requires OpenSSH on both sides (no PuTTY or other clients); it more-or-less requires root access on both sides (for tun configuration); it requires 'tun' support on both sides (which rules out ssh.exe on Windows); and the routing configuration is global (applies to everything running on the remote – not just that one session) so you have to be extremely careful to route packets in a way that won't result in the tunnel trying to go through itself infinitely (and making the server unreachable). So I wouldn't really recommend this approach.

Answer 2

You can reverse-forward TCP ports with -R (same as you did -L, but in reverse direction). This way, remote connecting to the localhost (or whatever address is used in the -R argument, if setting listen address is enabled in the SSH server) will access some defined resource through the tunnel and will be seen on the accessed resource as coming from your local.

You can also set up true VPN over SSH tunnel with -w. This requires the ability to configure tun interfaces both locally and remotely, adding addresses and possibly routes.