How to set up a VPN
A DIY guide to securing web access with SSH
By Steven Andrés | PC World | Published: 15:35, 04 June 2010
Local Listeners and Remote Endpoints
Here's where things get a bit confusing, so read carefully. You need to configure a port on your local computer (a "listener") that will take any packets you throw at it and stuff it into an SSH encrypted session. At the other end of the tunnel, the traffic will dump out on your SSH server. In the following sections, I'll show you how to configure your Web browser to proxy your traffic through this local listener. Even though conceptually it seems that you would want to point the Web browser to the remote server, you will technically be pointing it at "localhost," which is a special name for your local computer.
You'll need to tell your SSH client to connect to the SSH server and open a tunnel that begins on your laptop (localhost) on port 8888 and terminates at the SSH server, where the data will then be forwarded to the final destination website.
Create Your SSH Tunnel
The process is straightforward on OS X and can be represented in one command:
$ ssh -ND 8888 firstname.lastname@example.org
The 'N' option tells the SSH client that you do not want an interactive session (a command prompt), because you just want to set up a tunnel. The 'D 8888' option tells the SSH client to set up a "dynamic" port-forwarding tunnel on port 8888. The tunnel is dynamic because the destination website will change depending on where you are surfing; other port-forwarding tunnels have static rules, but for web browsing you want the dynamic version. After issuing the command, you will be prompted for a password and then... nothing will happen. Actually, if the command works, the port will be open, but you will not receive any confirmation within Terminal. OS X folks can proceed to the next section.
For Windows, start PuTTY again, scroll down the 'Category' listing on the left to 'Connection', and expand the 'SSH' category to select Tunnels. Select the Dynamic radio button, enter 8888 for 'Source port', and then click Add.
Now click the Open button. After you enter your password, your tunnel should be created. No confirmation message will display within the command prompt.