Tweet
HOW TO: How to run GT via proxy and SSH Tunnel + secure HTTP connection to BF
HOW TO: How to run GT via proxy and SSH Tunnel + secure HTTP connection to BF
I was looking for solution where I would be able to connect to BF from any network using "poor man's" VPN and to bypass any network restrictions like firewall or MUST to USE network proxy...
Finally I figured it out how to set up all the parts which is not a rocket science and looks it is really free/low cost solution, secure.
Using this guide will help you getting out of any network with access to any site - anonymously - even if there is a strong content filtering proxy in your network (eg. work)
What we need:
1. router with account on SSH server (like Linksys WRT 54 with DD-WRT firmware) or SSH free account from any ISP
2. MyEnTunnel 3.4.2.1 application with included plink.exe (freeware) http://nemesis2.qx.net/pages/MyEnTunnel
3. Putty http://www.chiark.greenend.org.uk/~s.../download.html
4. Proxifier - Proxifier.com
We gonna use Dynamic Port Forwarding to get things done.
Dynamic port forwarding allows to configure one local port for tunnelling data to all remote destinations. However to utilize this the client application connecting to local port should send their traffic using the SOCKS protocol (best is SOCKS 5). At the client side of the tunnel a SOCKS proxy would be created and the application (eg. browser, GT, even any other app) uses the SOCKS protocol to specify where the traffic should be sent when it leaves the other end of the ssh tunnel.
For example: using putty we gonna create a SOCKS proxy listening in for connections at local port of localhost eg 3000 and upon receiving a request would route the traffic via SSH channel created between ‘work’ and ‘home’. For this it is required to configure the application/browser to point to the SOCKS proxy at port 3000 at localhost.
How to Make a SSH Tunnel
We can use putty to create a SSH Tunnel profile (easier to maintain) or we can config SSH tunnel inside MyEnTunnel app. I prefer use putty to config connection to SSH account, config proxy access and to create Dynamic Port Forwarding (tunnelling) .
At this step you need a working SSH shell account.
Some guides:
So we are going to create putty profile (name will be used in MyEnTunnel as host name).
1. Open Putty (get the latest from http://www.chiark.greenend.org.uk/~s.../download.html )
2. Put the hostname as your SSH server name and Choose SSH, Set port number to 22.(or other port your SSH server is running at)
3. Name the session as eg. "home"
4. In connection-> proxy fill your proxy connection params (if in use). optional.
5. In the connection-> SSH > Tunnels and fill in the information as follows:
a) select Dynamic
b) Source port: 3000 (you can choose any port instead, >1024)
c) click add
6. go back to session section and click save then click open and watch the result.
If everything is ok then you should see a SSH shell prompt asking for login and password. Try to login. If succeed then we are ready to move on. If not - verify settings again. This is a must!
Your SSH profile with tunnel is created.
How to make Make MyEnTunnel use a SSH Tunnel?
Now we need to create a MyEnTunnelconfig where we will be using putty profile. This part makes using SSH Tunnel really easy - connect/disconnect/ logs.
1. Need to get MyEnTunnel app: http://nemesis2.qx.net/pages/MyEnTunnel - get Stable Release 3.4.2.1 (Non-Unicode) : http://nemesis2.qx.net/rdownload.php...myentunnel.exe
2. Install it and run.After main window will open go to settings tab
3. Fill the fields:
a) SSH Server : give a profile name - our "home" (no apos) - must be exactly the same name you used in putty name profile(so for easy task dont use spaces)
b) SSH port - as in putty
c) username and passpharse - for SSH server, retry delay 5 sec
d) Socks port: 3000
e) check boxes: verbose logging, infinite retry attempts, enable Dynamics SOCKS, enable compression
Hit save. Now we have a SSH tunnel ready to go with nice management interface.
Looks like all the options are taken from the putty profile but a proper config is to fill all those fields.
Now we can test our connection via tunnel: hit Connect and switch to status tab. As we confirmed our putty profile is working ok here should not be any problems.
Read the messages - if MyEnTunnel was able to connect...
Hide means running MyEnTunnel in tryicon mode.
If the connection was successfully established we got a working SSH tunnel to our SSH server at home/ISP.
We can use it as a SOCKS5 proxy to tunnel all the browser traffic so out network content filtering wont see what we are looking at any more.
There is a nice tool FoxyProxy for Firefox, Chrome, Internet Explorer: http://getfoxyproxy.org/downloads.html
It provides very nice set of proxy features where we can use out SOCKS5 tunnel. Just set it to use proxy and choose SOCKS5 and host = localhost and port=3000 - our tunnel params. It also provides DNS via proxy....soo nice.!
For security freaks you can even make DNS queries go via SOCKS5 SSH tunnel , just set proper about:config setting as follows:
network.proxy.socks_remote_dns = true
Details here: http://www.outflux.net/blog/archives...ng-with-squid/
Now most tricky point. We all know GT is NOT supporting any proxy settings (yet). Of course VPN will make thing done but it is not the best way if you are trying to trade from eg work where you need also access to other resources. VPN is known to cut off other connectivity channels like access to other (local) sites or resources. Not all VPN's do this ugly thing and it depends on VPN server config.
So whit this solution you can selectively force any application to be redirected to our SSH secure, anonymous tunnel. Nice?
Sure it is!
Lets finish the job.
We need our last application Proxifier. Unfortunately commercial but there are some alternatives: freecap, supersocks5, sockscap.... but I found this one working best...
Set up Proxifier to use our SSH tunnel as general proxy for any application.
1. get the Proxifier software. There is an portable version. Get the license if needed.
2. start the app, create new profile, then go to profile-> proxy servers, add proxy with params:
a) address: localhost, port 3000 (here our SSH tunnel is waiting for us)
b) select SOCKS 5
c) no authentication - uncheck enabled
d) click check - it is gonna verify if our SSH tunnel is accepting connections and if www,google.com:80 (by default) is accessible via tunnel. If so we should see message test passed and "Proxy is ready to work with Proxifier!"
Confirming profile with ok and doing some more config before we gonna save the profile.
3. Key point: rules: go to profile->proxification rules and create one and only rule for put GT application.
a) click add - name the rule GT
b) browse for GT application (for Win7 x64 it is: C:\Program Files (x86)\The Geek\AGT Pro - Betfair\AGT Pro.exe
c) go to bottom part and select action as "Proxy SOCKS5 localhost", click ok.
d) verify this rule is at top and is active (checked), then hit OK
e) if you want your DNS queries going via proxy also go to profile->name resolution and check only "Resolve hostnames through proxy" - click ok. Remember - this can slow down resolving if your connection to SSH server and SSH server to the requested resource is slow.
f) now going to save the profile -> menu File ->save profile as - give your name.
DONE.
Now we are ready to test the SSH tunnel setup.
1. confirm putty is able to connect to SSH server.
2. confirm MyEnTunnel is able to connect successfully using putty profile name
3. confirm Proxifier is working and handling our GT application requests (data+DNS) via established localhost:3000 SSH tunnel proxy.
Starting GT should result with such log entries:
[01.13 00:37:01] AGT Pro.exe (8676) - resolve www.geekstoy.co.uk : proxy
[01.13 00:37:01] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 matching agt rule : using proxy localhost:3000 SOCKS5
[01.13 00:37:01] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 open through proxy localhost:3000 SOCKS5
[01.13 00:37:02] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 close, 565 bytes sent, 1842 bytes (1.79 KB) received, lifetime 00:01
[01.13 00:37:11] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 matching agt rule : using proxy localhost:3000 SOCKS5
[01.13 00:37:11] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 open through proxy localhost:3000 SOCKS5
[01.13 00:37:11] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 close, 314 bytes sent, 3600 bytes (3.51 KB) received, lifetime <1 sec
[01.13 00:37:35] AGT Pro.exe (8676) - resolve www.ageekstoy.com : proxy
[01.13 00:37:35] AGT Pro.exe (8676) - www.ageekstoy.com:80 matching agt rule : using proxy localhost:3000 SOCKS5
[01.13 00:37:35] AGT Pro.exe (8676) - www.ageekstoy.com:80 open through proxy localhost:3000 SOCKS5
[01.13 00:37:35] AGT Pro.exe (8676) - www.ageekstoy.com:80 GetSockName : 127.0.0.1:51854
[01.13 00:37:36] AGT Pro.exe (8676) - resolve www.geekstoy.com : proxy
It confirms that data is transmitted via localhost:3000 SOCKS5 proxy gateway and DNS is resolving via proxy.
Other entries should be commented as
Default rule: direct connection meaning - going out via standard connection (not proxy)
Almost there....
Now try to login to GT, bet, just verify if GT is working ok and what's important - verify what's your API status (ping).
That's all folks!
I was looking for solution where I would be able to connect to BF from any network using "poor man's" VPN and to bypass any network restrictions like firewall or MUST to USE network proxy...
Finally I figured it out how to set up all the parts which is not a rocket science and looks it is really free/low cost solution, secure.
Using this guide will help you getting out of any network with access to any site - anonymously - even if there is a strong content filtering proxy in your network (eg. work)
What we need:
1. router with account on SSH server (like Linksys WRT 54 with DD-WRT firmware) or SSH free account from any ISP
2. MyEnTunnel 3.4.2.1 application with included plink.exe (freeware) http://nemesis2.qx.net/pages/MyEnTunnel
3. Putty http://www.chiark.greenend.org.uk/~s.../download.html
4. Proxifier - Proxifier.com
We gonna use Dynamic Port Forwarding to get things done.
Dynamic port forwarding allows to configure one local port for tunnelling data to all remote destinations. However to utilize this the client application connecting to local port should send their traffic using the SOCKS protocol (best is SOCKS 5). At the client side of the tunnel a SOCKS proxy would be created and the application (eg. browser, GT, even any other app) uses the SOCKS protocol to specify where the traffic should be sent when it leaves the other end of the ssh tunnel.
For example: using putty we gonna create a SOCKS proxy listening in for connections at local port of localhost eg 3000 and upon receiving a request would route the traffic via SSH channel created between ‘work’ and ‘home’. For this it is required to configure the application/browser to point to the SOCKS proxy at port 3000 at localhost.
How to Make a SSH Tunnel
We can use putty to create a SSH Tunnel profile (easier to maintain) or we can config SSH tunnel inside MyEnTunnel app. I prefer use putty to config connection to SSH account, config proxy access and to create Dynamic Port Forwarding (tunnelling) .
At this step you need a working SSH shell account.
Some guides:
So we are going to create putty profile (name will be used in MyEnTunnel as host name).
1. Open Putty (get the latest from http://www.chiark.greenend.org.uk/~s.../download.html )
2. Put the hostname as your SSH server name and Choose SSH, Set port number to 22.(or other port your SSH server is running at)
3. Name the session as eg. "home"
4. In connection-> proxy fill your proxy connection params (if in use). optional.
5. In the connection-> SSH > Tunnels and fill in the information as follows:
a) select Dynamic
b) Source port: 3000 (you can choose any port instead, >1024)
c) click add
6. go back to session section and click save then click open and watch the result.
If everything is ok then you should see a SSH shell prompt asking for login and password. Try to login. If succeed then we are ready to move on. If not - verify settings again. This is a must!
Your SSH profile with tunnel is created.
How to make Make MyEnTunnel use a SSH Tunnel?
Now we need to create a MyEnTunnelconfig where we will be using putty profile. This part makes using SSH Tunnel really easy - connect/disconnect/ logs.
1. Need to get MyEnTunnel app: http://nemesis2.qx.net/pages/MyEnTunnel - get Stable Release 3.4.2.1 (Non-Unicode) : http://nemesis2.qx.net/rdownload.php...myentunnel.exe
2. Install it and run.After main window will open go to settings tab
3. Fill the fields:
a) SSH Server : give a profile name - our "home" (no apos) - must be exactly the same name you used in putty name profile(so for easy task dont use spaces)
b) SSH port - as in putty
c) username and passpharse - for SSH server, retry delay 5 sec
d) Socks port: 3000
e) check boxes: verbose logging, infinite retry attempts, enable Dynamics SOCKS, enable compression
Hit save. Now we have a SSH tunnel ready to go with nice management interface.
Looks like all the options are taken from the putty profile but a proper config is to fill all those fields.
Now we can test our connection via tunnel: hit Connect and switch to status tab. As we confirmed our putty profile is working ok here should not be any problems.
Read the messages - if MyEnTunnel was able to connect...
Hide means running MyEnTunnel in tryicon mode.
If the connection was successfully established we got a working SSH tunnel to our SSH server at home/ISP.
We can use it as a SOCKS5 proxy to tunnel all the browser traffic so out network content filtering wont see what we are looking at any more.
There is a nice tool FoxyProxy for Firefox, Chrome, Internet Explorer: http://getfoxyproxy.org/downloads.html
It provides very nice set of proxy features where we can use out SOCKS5 tunnel. Just set it to use proxy and choose SOCKS5 and host = localhost and port=3000 - our tunnel params. It also provides DNS via proxy....soo nice.!
For security freaks you can even make DNS queries go via SOCKS5 SSH tunnel , just set proper about:config setting as follows:
network.proxy.socks_remote_dns = true
Details here: http://www.outflux.net/blog/archives...ng-with-squid/
Now most tricky point. We all know GT is NOT supporting any proxy settings (yet). Of course VPN will make thing done but it is not the best way if you are trying to trade from eg work where you need also access to other resources. VPN is known to cut off other connectivity channels like access to other (local) sites or resources. Not all VPN's do this ugly thing and it depends on VPN server config.
So whit this solution you can selectively force any application to be redirected to our SSH secure, anonymous tunnel. Nice?
Sure it is!
Lets finish the job.
We need our last application Proxifier. Unfortunately commercial but there are some alternatives: freecap, supersocks5, sockscap.... but I found this one working best...
Set up Proxifier to use our SSH tunnel as general proxy for any application.
1. get the Proxifier software. There is an portable version. Get the license if needed.
2. start the app, create new profile, then go to profile-> proxy servers, add proxy with params:
a) address: localhost, port 3000 (here our SSH tunnel is waiting for us)
b) select SOCKS 5
c) no authentication - uncheck enabled
d) click check - it is gonna verify if our SSH tunnel is accepting connections and if www,google.com:80 (by default) is accessible via tunnel. If so we should see message test passed and "Proxy is ready to work with Proxifier!"
Confirming profile with ok and doing some more config before we gonna save the profile.
3. Key point: rules: go to profile->proxification rules and create one and only rule for put GT application.
a) click add - name the rule GT
b) browse for GT application (for Win7 x64 it is: C:\Program Files (x86)\The Geek\AGT Pro - Betfair\AGT Pro.exe
c) go to bottom part and select action as "Proxy SOCKS5 localhost", click ok.
d) verify this rule is at top and is active (checked), then hit OK
e) if you want your DNS queries going via proxy also go to profile->name resolution and check only "Resolve hostnames through proxy" - click ok. Remember - this can slow down resolving if your connection to SSH server and SSH server to the requested resource is slow.
f) now going to save the profile -> menu File ->save profile as - give your name.
DONE.
Now we are ready to test the SSH tunnel setup.
1. confirm putty is able to connect to SSH server.
2. confirm MyEnTunnel is able to connect successfully using putty profile name
3. confirm Proxifier is working and handling our GT application requests (data+DNS) via established localhost:3000 SSH tunnel proxy.
Starting GT should result with such log entries:
[01.13 00:37:01] AGT Pro.exe (8676) - resolve www.geekstoy.co.uk : proxy
[01.13 00:37:01] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 matching agt rule : using proxy localhost:3000 SOCKS5
[01.13 00:37:01] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 open through proxy localhost:3000 SOCKS5
[01.13 00:37:02] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 close, 565 bytes sent, 1842 bytes (1.79 KB) received, lifetime 00:01
[01.13 00:37:11] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 matching agt rule : using proxy localhost:3000 SOCKS5
[01.13 00:37:11] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 open through proxy localhost:3000 SOCKS5
[01.13 00:37:11] AGT Pro.exe (8676) - www.geekstoy.co.uk:443 close, 314 bytes sent, 3600 bytes (3.51 KB) received, lifetime <1 sec
[01.13 00:37:35] AGT Pro.exe (8676) - resolve www.ageekstoy.com : proxy
[01.13 00:37:35] AGT Pro.exe (8676) - www.ageekstoy.com:80 matching agt rule : using proxy localhost:3000 SOCKS5
[01.13 00:37:35] AGT Pro.exe (8676) - www.ageekstoy.com:80 open through proxy localhost:3000 SOCKS5
[01.13 00:37:35] AGT Pro.exe (8676) - www.ageekstoy.com:80 GetSockName : 127.0.0.1:51854
[01.13 00:37:36] AGT Pro.exe (8676) - resolve www.geekstoy.com : proxy
It confirms that data is transmitted via localhost:3000 SOCKS5 proxy gateway and DNS is resolving via proxy.
Other entries should be commented as
Default rule: direct connection meaning - going out via standard connection (not proxy)
Almost there....
Now try to login to GT, bet, just verify if GT is working ok and what's important - verify what's your API status (ping).
That's all folks!
Comment