During the last decades, the Internet openness principle has become something often ignored and violated. Suppose you travel a lot and want to access the resources located in one region while you are physically in another one. In that case, it is not a surprise anymore to find the resource is inaccessible. The reasons can be different. But one of the popular is that "we suffered from attacks from region X, so we decided to block the access for all the people/IPs from the region X," or even worse, "we decided to allow access only for people of our region based on IP."
I think VPN services became quite popular not only due to security reasons but also as a way to solve the described problem: provide access to a resource regardless of client IP-based limitations. There are a lot of VPN service providers across the globe. Surprisingly, the usage of VPN services can be less secure than it seems at first glance. Okay, you can buy a droplet in DigitalOcean and probably install OpenVPN or WireGuard. But at least it takes time for the initial configuration. If the need for such access is quite infrequent, all these efforts are not worth the time investment.
There is some chance that you, like me, already have a virtual or physical server with SSH in the region to which you want access. For example, sitting in Sofia, Bulgaria, I want to check some websites hosted in Germany. Meanwhile, I have a DigitalOcean droplet located in Frankfurt, Germany, with SSH access. The SSH client is already in place on my machine. So, the only thing I need to do is establish the SSH tunnel and use a properly configured web browser for accessing these German websites.
The following command helps to establish the tunnel on 12345 port:
ssh -D 12345 my-droplet-in-frankfurt.com
The only difference between typical SSH command is the “-D” flag that instructs the SSH client to listen to the local 12345 port and forwards the traffic from our local machine to the remote server. So, we will access the desired websites "on behalf" of the remote machine.
My primary browser is Google Chrome. For alternative web browsing through SSH tunnel, I'm using Mozilla Firefox. To setup a proxy, one should go to Settings -> Network Settings and fill in the appropriate fields highlighted in the screenshot below:
SSH tunnel looks like a typical SSH session. So you can quit it as soon as you finish your web browsing of restricted websites. You also don't need to change your Firefox configuration every time you need to access different websites. Just establish the SSH tunnel to the new location, open Firefox, and start browsing.
SSH tunnel is an often overlooked alternative to the full-featured VPN services. But for a single person, occasional usage, the SSH tunnel can be a simpler and more convenient way of accessing restricted websites.