Macos – How to route *some* traffic over an SSH SOCKS proxy on OS X


I have a SSH SOCKS connection running for VPN purposes, and this works beautifully. By using either FoxyProxy for Firefox, or a .pac file for OS X's Automatic Proxy Configuration option, web traffic is easily redirected to run over the tunnel.

However, I have issues with a proprietary app that needs to connect with a TCP server on the VPN-ed network but that itself does not support a SOCKS proxy configuration. It'll honour the OS X network proxy configuration, but only if I set the SOCKS Proxy option to route all traffic over the SOCKS tunnel.

Want I am looking for is to route specific IP addresses over the SSH tunnel only, so given a netmask I want all traffic for those IP addresses to be tunneled over the SOCKS SSH connection, and everything else to connect directly.

Note that the SSH tunnel is the only VPN-like connection I can make, and I do not have rights to install or run additional software on the SSH server end-point, so I cannot establish an OpenSSH VPN or other alternative (real) VPN setup.

The SSH tunnel itself is initiated on a Linux Debian server in my home network, but it's the traffic from Mac OS X (10.6) that needs to be routed. A solution that routes all traffic from the Mac to the Linux server to then be selectively routed to either my gateway or the SSH SOCKS tunnel is not ideal but if that's the only solution is something I could live with.

Best Answer

Quoting from the author's website:

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS.

I'm not yet sure how to make only certain applications traverse the vpn yet besides that it fits your needs just right. You can specify the route in the start parameter so only certain destinations are tunneled.

You don't need to touch your application in any way so disable any socks setting that you might have.

Related Question