Circumventing firewalls with HTTPS traffic

Firewalls that only allow standard ports (such as HTTP, HTTPS) can be easily circumvented by proxying all traffic trough port 443, using an external machine.

Here’s a minimal setup to obtain so with proxytunnel:

Apache2, running on the external machine:

[...]
        ProxyRequests On
        AllowConnect 22
        <Proxy *>
                Order deny,allow
                Deny from all
        </Proxy>
        <Proxy 127.0.0.1>
                Order deny,allow
                Allow from all
        </Proxy>
[...]

Local SSH configuration:

Host vps_proxy
  ProxyCommand proxytunnel -q -E -p VPS_IP:443 -d 127.0.0.1:22 -z
  DynamicForward 1080
  ServerAliveInterval 60
  Port 443

Set up local SOCKS5 proxy:

ssh -D 1337 -q -N -f -C vps_proxy

tsocks (to run any command through an SSH tunnel) configuration:

/etc/tsocks.conf

[...]
server = localhost
server_type = 5
server_port = 1337

E.g. to use ssh:

tsocks ssh my_other_machine_initially_unavailable