I’ve been using SSH tunnels for years but that’s a very involved client-side process (needing to whip up a terminal to establish the tunnel, then to whip up gnome-control-center's Network settings, go to the proxy pane, switch to "Manual" proxy mode, and then undo/redo all that when bringing down/up the connection)

For my usecase (network security while travelling) SSH tunnels are the way to go, they require pretty much zero set-up and SSH is ubiquitous on servers, so anyone can set this infrastructure up much much more easily than a VPN.

I dug a bit in bugzilla regarding SSH support in NM, and I found bug #706314 which led me to https://github.com/danfruehauf/NetworkManager-ssh which kinda disguises SSH as a "VPN" connection (the issue I then faced is that it made no sense to me as a user: https://github.com/danfruehauf/NetworkManager-ssh/issues/66)

So whether it is done as a "SOCKS proxy" or as a "VPN", one fact remains: gnome-control-center does not expose a UI for the user to set a security policy on this front. Essentially I'd like to be able to tell GNOME/NM to "enforce" my SSH tunnel (unless I manually temporarily turn off the tunnel from the top-right corner menu for example) before letting apps (other than captive portal handling like bug #769692) -- such as Evolution, the browser, Telepathy/xchat/etc. -- establish connections. So I'd like the ability to set it to be used either:
- "for specific known networks"
- "all networks except X, Y, Z" (ex: "everything is untrusted except at home and the office".