Outbound Connectivity Solution

Main Server Outbound Connectivity Solution

Scenario: Main Server is blocked from outbound internet by a campus firewall but has an internal connection to a Second Server (Gateway) via Port 22.

1. Establish the SSH Tunnel (The Bridge)

Run this on the Main Server to create a SOCKS5 proxy. This uses the Second Server as a “hop” to reach the outside world.

ssh -D 1080 -N -f user@Second_Server_Internal_IP
  • -D 1080: Opens a local SOCKS proxy on port 1080.
  • -N: Tells SSH not to execute remote commands (tunnel only).
  • -f: Puts the SSH process in the background.

2. Enable System & Application Access

To tell your shell and tools (like curl or git) to use this tunnel, export these variables. Note: Use socks5h so DNS resolution happens on the Second Server.

Temporary Session Access

export http_proxy="socks5h://localhost:1080"
export https_proxy="socks5h://localhost:1080"

Package Manager Access (apt)

If you need to install or update software, create this temporary config:

echo 'Acquire::socks::proxy "socks5h://localhost:1080";' | sudo tee /etc/apt/apt.conf.d/12proxy

3. GitHub Copilot Configuration

Copilot often requires explicit proxy settings within VS Code to function correctly through a tunnel.

  1. Connect to the Main Server via Remote-SSH.
  2. Open Settings (Ctrl + ,).
  3. Select the Remote [Main Server] tab.
  4. Configure the following:
    • Http: Proxysocks5h://localhost:1080
    • Http: Proxy Supportoverride

Method B: Force Local Execution (The Fail-safe)

If the server-side agent still fails, add this to your Local settings.json to run Copilot on your laptop’s internet instead:

"remote.extensionKind": {
    "github.copilot": ["ui"],
    "github.copilot-chat": ["ui"]
}

4. Verification

Check if the tunnel is working by running this on the Main Server:

curl --socks5-hostname localhost:1080 https://www.google.com

5. Clean Up & Reset

Follow these steps to return the server to its original state once you are finished.

  1. Unset Variables: unset http_proxy https_proxy
  2. Kill the Tunnel: pkill -f "ssh -D 1080"
  3. Remove Apt Config: sudo rm /etc/apt/apt.conf.d/12proxy
  4. Revert VS Code: Remove the socks5h://localhost:1080 string from Remote Settings.

6. Passwordless Access (SSH Key Pair)

To avoid entering a password every time you start the tunnel, set up an SSH key between the Main Server and the Second Server.

Step A: Generate the Key (On Main Server)

Run this command and press Enter for all prompts (leave passphrase empty):

ssh-keygen -t rsa -b 4096

Step B: Copy the Key to the Second Server

ssh-copy-id user@Second_Server_Internal_IP

You will be asked for the Second Server’s password one last time.

Step C: Test

Now, try to start the tunnel. It should connect instantly without asking for a password:

ssh -D 1080 -N -f user@Second_Server_Internal_IP