Automating SSH Proxy Connection

I wrote some time back about using the Raspberry Pi as a personal VPN tunnel and an SSH Weby Proxy. Using the VPN connection is easy; just enable the VPN from System Preferences > Network. Easier still, if you've checked the option for "Show VPN status in the menu bar", just click and connect. However, using the SSH proxy is a little more involved, requiring several steps to establish the SSH connection and reconfigure your network to tunnel traffic across it.

To streamline this process (for the wife), I created an Automator application that reduces the entire process to a few clicks and provides useful status information.

These steps are for OS X. I'm sure you can achieve the same results in Windows or Linux with different tools.

There are a couple of initial steps that need to be completed to make it possible to automate. These only need to be setup once (before using the application). After that it's click and go.

First we'll need to create a new network "Location" that uses the SSH tunnel as a proxy. Select System Preferences > Network.

  • At the top where it says Location: Automatic, click the drop-down and select Edit Locations...
  • Click the + to add a new location.
  • Give the new location a name. I used : Normal Connection over SSH via Raspberry Pi. You can use whatever you like, but you'll need it later for the Automator script.
  • Click [Done]
  • Make sure your Wi-Fi connection is selected and click [Advanced...]
  • Click the Proxies tab
  • Enable SOCKS Proxy
  • For the proxy server information use localhost as the servername and 8080 for the port.
  • For "Bypass proxy settings..." enter *.local, 169.254/16 (ensuring the proxy will not be used for internal LAN connections).

Next we'll need to edit the /etc/ssh_config file to add an SSH host. My entry looks like this:

Host webproxy
  HostName {my DynDNS hostname}
  User {my SSH username}
  DynamicForward 8080
  Compression yes


Again, the name can be whatever you want, but you'll need to use it again later in the Automator application.

Finally, we build the Automator application.

Start Apple Automator and create a new Application. Drag actions from the Library to the Workflow window. My application uses the following series of actions:

Ask for Confirmation > Run AppleScript > Pause > Run AppleScript > Run AppleScript.

The Ask for Confirmation steps confirms that the user wants to start the SSH proxy. Add some meaningful text to the action.

The first Run AppleScript action changes the network to use our new "Location". It's important that this match exactly with the name of the new Location you created earlier.

This will interrupt the Wi-Fi connection, so the next action is to Pause and wait for the connection to re-establish. I started with a 15 seconds pause but have found that 6 is consistently successful for me.

Our next Run AppleScript action opens a Terminal window and initiates the SSH connection via a script. This is where the name of the host from your ssh_config file that you edited above comes in.

The entire text of the AppleScript is here (sorry it's an image, I couldn't convince the blog software to not ruin the code formatting):

Our final Run AppleScript action gives the confirmation dialog and waits for the user to end the session. When the user clicks [OK], the network settings are reverted to use the default location (bypassing the proxy) and the SSH tunnel session is killed.


Save your application and give it a groovy icon.

The next time you're using public WiFi and can't use your VPN, double-click the automator application and go.

Happy (and secure) Surfing!