Skip to content

Using OpenSSH tunnels instead of proxy or VPN

Jump to bottom Edit New page
Fabio Luis Girardi edited this page Jun 9, 2023 · 8 revisions

  1. Pre-requisites:

    a. VPS Server (better if it is hosted on another country) ;

    b. Admin rights on your OS;

    c. Port TCP/443 free on your system, without any webserver or another kind of service listening on this port;

    d. SSH access on your VPS thought private/public key, instead of password method;

    e. WINDOWS ONLY: need install SSH Server Client.

    Recomended:

    Linux and autossh to make a persistent Tunnel Service;

  2. Steps:

2.1. Check if port TCP/443 is really closed. For that, open a terminal or a prompt command and type

    netstat -a -n

if this port is closed, you SHOULD NOT see this line (translate it to your OS language)

    tcp        0      0 127.0.0.1:443           0.0.0.0:*               LISTEN

if you see this line on the netstat output, port TCP/443 is being used by another program. Stop the application or service that are using this port and check this again.

2.2. On terminal or a prompt command yet, using ssh client, login on your VPS with (this step will test requisites a,c and d)

    ssh  -L 443:api.telegram.org:443 your_vps_username@your_vps_hostname_or_IP

if requisites A, C and D (and E for windows users) are meeting, you will be able to test on this step if you have port 443 free and if your private/public key authentication is working (no password should be asked)

if it worked, open another terminal or prompt command and type

    netstat -a -n

if step 1 was successfully completed, you MUST see the following line on the output of netstat command

    tcp        0      0 127.0.0.1:443           0.0.0.0:*               LISTEN

2.3. On Linux (or other Unix) edit the file /etc/hosts. On Windows edit the file C:\Windows\System32\drivers\etc\hosts. Add the following line on the end of this file

   127.0.0.1   api.telegram.org

this will redirect the hostname api.telegram.org to your PC, and will require B requirement.

2.4. Run your bot. It will be a little slow, due tunnel and your bot connection being passing by an extra computer (VPS). To check if it worked successfully, type again on a terminal or prompt

    netstat -a -n

if bot is working through your SSH tunnel, you will see on the netstat output three lines like that:

    tcp        0      0 127.0.0.1:443           0.0.0.0:*               LISTEN          // https://api.telegram.org:443 tunnel
    tcp        0      0 127.0.0.1:<a number>    127.0.0.1:443           ESTABLISHED     // your bot socket
    tcp        0      0 127.0.0.1:443           127.0.0.1:<same number> ESTABLISHED     // the socket being tunneled to https://api.telegram.org:443 through SSH tunnel

2.5. Steps bellow is only for Linux and Unix users: to make this tunnel persistent, use crontab and autossh make it available soon as OS starts.

2.6. On terminal, type

    crontab -e

2.7. On the text editor that will open, add this line to the end of file

    @reboot      /usr/bin/autossh -M 0 -L 443:api.telegram.org:443 your_vps_username@your_vps_hostname_or_IP -f -N -C

Save and exit the text editor

2.8 Reboot your OS or on a terminal just type

    /usr/bin/autossh -M 0 -L 443:api.telegram.org:443 your_vps_username@your_vps_hostname_or_IP -f -N -C
Add a custom footer
Add a custom sidebar
Clone this wiki locally