RE: https://mastodon.thenewoil.org/@thenewoil/115971195227745876

@CosmicCactus @jonah I'd like to see any sort of regulation try to document exactly what a VPN actually is

Ban all VPNs? OK, but what about private VPNs businesses use for remote workers, or site to site VPNs for inter-office connectivity?

OK, ban "public VPNs"? well, OK, but someone could set up a basic wireguard tunnel to any server they have and that would be private.

OK ban any VPN that isn't on a list of approved VPN software? Ha, good luck with that.

It's an absolute mess of a regulation that would be impossible to enforce. And I have my popcorn ready.

@PedroLeal_ @rastilin @Greylinux @jonah
"What you in for?"
"Trying to bypass age verification on a website advertising alcohol by using socks proxies via dynamic ssh tunnels to various VPS spotted around europe and the rest of the world. I got caught because I couldn't adequately explain it isn't a VPN. You?"

@Greylinux @jonah there's probably a nunber of guides out there, but I've just learned things over the years... It's actually how I used to test remote client's internet connections.

Anyway, what you'd do is have a basic, cheap, VPS from any provider and country you desire and set it up for SSH access, and I think it's "AllowTcpForwarding yes" that needs to be set in sshd_config.
Then you'd connect to it with your client machine with the -D $port parameter, i.e. ssh -D 3080 $server
Then in your web browser, you'd set up the proxy settings under SOCKS to your loopback address and the port specified i.e. SOCKS: 127.0.0.1 3080.
And that's it, any traffic from that browser will go through your loopback, to the SSH server, then off to the internet. I believe there's an option of sending DNS requests that way too in the web browser. You do need to leave the SSH session open, for obvious reasons.
Of course, only the traffic from the web browser will use this route, so you'd need to set it up in different applications' proxy config if you want them to use it too.

Obviously, care should be taken to secure the ssh endpoint as much as possible, either through blocklistd, fail2ban, etc. or just allowing connections via a specific IP address

@rastilin @Greylinux @jonah ah, sarcasm, if only I thought of using that...

But yes, you're absolutely right, any government would have absolutely no idea about the difference between a VPN and routing specifix traffic via an alternative path than it would normally go.
And I'll see them in court.

@Greylinux @jonah technically... Yes. Although it is a bit more technical to set up than a VPN server.
It should work for a Jellyfin server as is, but sometimes I find doing a more specific remote tunnel is better for this (and a lot better if the client does not have proxy settings)

@jonah doesn't say anything about SOCKS proxying over a dynamic SSH tunnel though