CloudTrust

Virtual private networks – VPNs – are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization's private network.

If all you need to secure is your web browsing and for connecting to Remote Network Connection™ virtual members, there is a simple alternative, a Socks proxy tunnel. A Socks proxy is basically an SSH tunnel in which specific applications forward their traffic down the tunnel to the server, and then on the server end, the proxy forwards the traffic out to the general Internet or VPN network. Unlike a built-in VPN, a Socks proxy has to be configured on an application by application basis on the client machine, but can be set up without any specialty client agents. In Windows, Linux, Android and macOS there is built-in SSH plug-in to connect. This guide focuses on the Windows, Linux and macOS platform clients and the features – based on Microsoft, Linux and Apple official system support pages – that can be configured to CloudTrust VPN Edge, otherwise known as Remote Network Connection™ Socks Proxy Gateway. Learn more...

The OpenSSH Client is separately installable components in Windows Server 2019 and Windows 10.

Installing OpenSSH from the Settings UI on Windows Server 2019 or Windows 10

To install OpenSSH, start Settings then go to Apps > Apps and Features > Manage Optional Features.

Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select "Add a feature".

To install the OpenSSH client, locate "OpenSSH Client", then click "Install". Once the installation completes, return to Apps > Apps and Features > Manage Optional Features and you should see the OpenSSH component(s) listed.

Installing OpenSSH with PowerShell

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 Once you have installed the OpenSSH client on Windows, you can quickly test it using PowerShell.

Create a VPN tunnel to Remote Network Connection™ Socks Proxy Gateway.

Create a VPN tunnel using the SSH command

Use the following command to create an SSH tunnel using the ssh command. Replace username with a Remote Network Connection™ Socks Proxy Gateway user. ssh -C2qTnNf -D 9876 username@edge.cloudtrust.solutions This command creates a connection that routes traffic to local port 9876 to Remote Network Connection™ Socks Proxy Gateway over SSH. The options are: |Option |Description | |---|---| |D 9876|The local port that routes traffic through the tunnel.| |C|Compress all data, because web traffic is mostly text.| |2|Force SSH to try protocol version 2 only.| |q|Quiet mode.| |T|Disable pseudo-tty allocation, since you're just forwarding a port.| |n|Prevent reading of STDIN, since you're just forwarding a port.| |N|Do not execute a remote command, since you're just forwarding a port.| |f|Run in the background.|

Create a VPN tunnel using PuTTY

PuTTY is a graphical SSH client for Windows. If you aren't familiar with PuTTY, see the PuTTY documentation. Use the following steps to create an SSH tunnel using PuTTY to connect Remote Network Connection™ Socks Proxy Gateway.

1. Open PuTTY and ensure Session is selected on the left menu. If you've already saved a session, select the session name from the Saved Sessions list and select Load.
2. If you don't already have a saved session, enter your connection information:
   • Host Name (or IP address) – The SSH address for the Remote Network Connection™ Socks Proxy Gateway. For example, edge.cloudtrust.solutions.
   • Port – 22
   • Connection Type – SSH

   

3. Select Save
4. In the Category section to the left of the dialog, expand Connection, expand SSH, and then select Tunnels.
5. Provide the following information on the Options controlling SSH port forwarding form:
   • Source port – The port on the client that you wish to forward. For example, 9876.
   • Destination – The SSH address for the Remote Network Connection™ Socks Proxy Gateway. For example, edge.cloudtrust.solutions.
   • Dynamic – Enables dynamic SOCKS proxy routing.

   

6. Select Add to add the settings, and then select Open to open an SSH connection.
7. When prompted, sign in to the Remote Network Connection™ Socks Proxy Gateway.

The steps in this section use the Mozilla FireFox browser, as it provides the same proxy settings across all platforms. Mozilla FireFox browser allows you to set the proxy for just Mozilla FireFox browser instead of setting a system-wide proxy. Other modern browsers, such as Google Chrome, may require an extension such as FoxyProxy to work with the tunnel.

1. Configure the browser to use localhost and the port you used when creating the tunnel as a SOCKS v5 proxy. Here's what the Firefox settings look like. If you used a different port than 9876, change the port to the one you used:

   

   Selecting Remote DNS resolves Domain Name System (DNS) requests by using the Remote Network Connection™ Socks Proxy Gateway used by the CloudTrust datacenter. This setting resolves DNS using the head node of the Remote Network Connection™ Socks Proxy Gateway.
2. Verify that the tunnel works by visiting a site such as https://www.whatismyip.com/. The IP returned should be one used by the CloudTrust datacenter.

Warning

The SOCKS proxy support built into Windows Internet settings does not support SOCKS5, and does not work with the steps in this document. The following browsers rely on Windows proxy settings, and do not currently work with the steps in this document:

Microsoft Edge

Microsoft Internet Explorer

Google Chrome also relies on the Windows proxy settings. However, you can install extensions that support SOCKS5. We recommend FoxyProxy Standard.