After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 781355 - [privacy] [security] Allow enforcing SSH tunnels/proxies (and/or VPNs) on network connections
[privacy] [security] Allow enforcing SSH tunnels/proxies (and/or VPNs) on net...
Status: RESOLVED OBSOLETE
Product: gnome-control-center
Classification: Core
Component: Network
3.20.x
Other Linux
: Normal enhancement
: ---
Assigned To: Control-Center Maintainers
Control-Center Maintainers
safety
Depends on: 769692
Blocks:
 
 
Reported: 2017-04-15 22:19 UTC by Jean-François Fortin Tam
Modified: 2021-06-09 16:00 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Jean-François Fortin Tam 2017-04-15 22:19:24 UTC
I’ve been using SSH tunnels for years but that’s a very involved client-side process (needing to whip up a terminal to establish the tunnel, then to whip up gnome-control-center's Network settings, go to the proxy pane, switch to "Manual" proxy mode, and then undo/redo all that when bringing down/up the connection)

For my usecase (network security while travelling) SSH tunnels are the way to go, they require pretty much zero set-up and SSH is ubiquitous on servers, so anyone can set this infrastructure up much much more easily than a VPN.

I dug a bit in bugzilla regarding SSH support in NM, and I found bug #706314 which led me to https://github.com/danfruehauf/NetworkManager-ssh which kinda disguises SSH as a "VPN" connection (the issue I then faced is that it made no sense to me as a user: https://github.com/danfruehauf/NetworkManager-ssh/issues/66)

So whether it is done as a "SOCKS proxy" or as a "VPN", one fact remains: gnome-control-center does not expose a UI for the user to set a security policy on this front. Essentially I'd like to be able to tell GNOME/NM to "enforce" my SSH tunnel (unless I manually temporarily turn off the tunnel from the top-right corner menu for example) before letting apps (other than captive portal handling like bug #769692) -- such as Evolution, the browser, Telepathy/xchat/etc. -- establish connections. So I'd like the ability to set it to be used either:
- "for specific known networks"
- "all networks except X, Y, Z" (ex: "everything is untrusted except at home and the office".
Comment 1 Bastien Nocera 2017-04-18 09:06:42 UTC
Do you prefer this to be a duplicate of bug 656215 (VPN) or bug 640475 (per-connection proxy)?
Comment 2 André Klapper 2021-06-09 16:00:18 UTC
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new enhancement request ticket at
  https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/

Thank you for your understanding and your help.