Socks5 / SSH / VPN tunneling considerations


Objective: use Firefox, on Whonix Workstation, to connect to a website through a VPS (with root access).


  1. Use Firefox’s configurations for a socks5 proxy. Setup an SSH tunnel to the VPS using

ssh -D port username@server

  1. Same socks5 configuration on Firefox, but set up a socks server on the VPS using shadowsocks-libev

  2. Use openvpn on the client, set up openvpn server on the VPS.

I assume SSH and VPN are better than the socks5 server due to the encryption, and VPN is preferable to SSH due to better handling of UDP (mentioned in https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_SSH).

However, if the main purpose is to make the connection look as “normal” (“common”, perhaps be a better word) as possible from the point of view of the site we connect to, which of those settings may be preferable?


At this time - most realistically - using VPN - since it is the only option where we have setup of a fail closed mechanism fully documented.