When trying to open a tunnel using ssh -w between a local(Macos) and a remote (Linux server), it fails due to the fact that Macos doesn't support the classic tun interfaces that ssh can use which results in the error below:

root@macos ~ $ ssh -w any:any root@linux-server

Tunnel device open failed.
Could not request tunnel forwarding.

but Macos does support "Utun" interfaces and are used in numerous vpn clients like wireguard and fortigate, can these be used with ssh? how can i use the utun APIs in Macos with ssh to make it work? **UPDATE** output of sudo ssh -vvvw any:any root@server:

OpenSSH_9.9p2, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname 1.1.1.1 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/var/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/var/root/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 1.1.1.1 [1.1.1.1] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /var/root/.ssh/id_rsa type -1
debug1: identity file /var/root/.ssh/id_rsa-cert type -1
debug1: identity file /var/root/.ssh/id_ecdsa type -1
debug1: identity file /var/root/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/root/.ssh/id_ecdsa_sk type -1
debug1: identity file /var/root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /var/root/.ssh/id_ed25519 type -1
debug1: identity file /var/root/.ssh/id_ed25519-cert type -1
debug1: identity file /var/root/.ssh/id_ed25519_sk type -1
debug1: identity file /var/root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /var/root/.ssh/id_xmss type -1
debug1: identity file /var/root/.ssh/id_xmss-cert type -1
debug1: identity file /var/root/.ssh/id_dsa type -1
debug1: identity file /var/root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6p1 Ubuntu-3ubuntu13.12
debug1: compat_banner: match: OpenSSH_9.6p1 Ubuntu-3ubuntu13.12 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 1.1.1.1:22 as 'root'
debug3: record_hostkey: found key type ED25519 in file /var/root/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file /var/root/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file /var/root/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from 1.1.1.1
debug1: load_hostkeys: fopen /var/root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:somekey
debug3: record_hostkey: found key type ED25519 in file /var/root/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file /var/root/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file /var/root/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from 1.1.1.1
debug1: load_hostkeys: fopen /var/root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '1.1.1.1' is known and matches the ED25519 host key.
debug1: Found key in /var/root/.ssh/known_hosts:1
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug3: send packet: type 7
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug2: KEX algorithms: sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: kex_input_ext_info: extension server-sig-algs
debug1: kex_ext_info_client_parse: server-sig-algs=
debug3: kex_input_ext_info: extension publickey-hostbound@openssh.com
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=
debug3: kex_input_ext_info: extension ping@openssh.com
debug1: kex_ext_info_check_ver: ping@openssh.com=
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: kex_input_ext_info: extension server-sig-algs
debug1: kex_ext_info_client_parse: server-sig-algs=
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug3: ssh_get_authentication_socket_path: path '/Users/sneaky/.bitwarden-ssh-agent.sock'
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: macos ssh key ED25519 SHA256:somekeyhash agent
debug1: Will attempt key: /var/root/.ssh/id_rsa
debug1: Will attempt key: /var/root/.ssh/id_ecdsa
debug1: Will attempt key: /var/root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /var/root/.ssh/id_ed25519
debug1: Will attempt key: /var/root/.ssh/id_ed25519_sk
debug1: Will attempt key: /var/root/.ssh/id_xmss
debug1: Will attempt key: /var/root/.ssh/id_dsa
debug2: pubkey_prepare: done
debug1: Offering public key: macos ssh key ED25519 SHA256:somekeyhash agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: macos ssh key ED25519 SHA256:somekeyhash agent
debug3: sign_and_send_pubkey: using publickey-hostbound-v00@openssh.com with ED25519 SHA256:somekeyhash
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:somekeyhash
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to 1.1.1.1 ([1.1.1.1]:22) using "publickey".
debug1: Requesting tun unit 2147483647 in mode 1
debug1: sys_tun_open: /dev/tun0 open failed: No such file or directory
Tunnel device open failed.
Could not request tunnel forwarding.
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: filesystem
debug3: client_repledge: enter
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: client_input_hostkeys: received RSA key SHA256:somekeyhash
debug3: client_input_hostkeys: received ECDSA key SHA256:somekeyhash
debug3: client_input_hostkeys: received ED25519 key SHA256:somekeyhash
debug1: client_input_hostkeys: searching /var/root/.ssh/known_hosts for 1.1.1.1 / (none)
debug3: hostkeys_foreach: reading file "/var/root/.ssh/known_hosts"
debug3: hostkeys_find: found ssh-ed25519 key at /var/root/.ssh/known_hosts:1
debug3: hostkeys_find: found ssh-rsa key at /var/root/.ssh/known_hosts:2
debug3: hostkeys_find: found ecdsa-sha2-nistp256 key at /var/root/.ssh/known_hosts:3
debug1: client_input_hostkeys: searching /var/root/.ssh/known_hosts2 for 1.1.1.1 / (none)
debug1: client_input_hostkeys: hostkeys file /var/root/.ssh/known_hosts2 does not exist
debug3: client_input_hostkeys: 3 server keys: 0 new, 3 retained, 0 incomplete match. 0 to remove
debug1: client_input_hostkeys: no new or deprecated keys from server
debug3: client_repledge: enter
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env SSH_AUTH_SOCK
debug1: channel 0: setting env LC_TERMINAL_VERSION = "3.5.14"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env COLORFGBG
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env PATH
debug1: channel 0: setting env LC_TERMINAL = "iTerm2"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env COLORTERM
debug3: Ignored env TERM
debug3: Ignored env HOME
debug3: Ignored env __CF_USER_TEXT_ENCODING
debug3: Ignored env LSCOLORS
debug3: Ignored env LS_COLORS
debug3: Ignored env PS1
debug3: Ignored env MAIL
debug3: Ignored env LOGNAME
debug3: Ignored env USER
debug3: Ignored env SHELL
debug3: Ignored env SUDO_COMMAND
debug3: Ignored env SUDO_USER
debug3: Ignored env SUDO_UID
debug3: Ignored env SUDO_GID
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug3: client_repledge: enter
debug1: pledge: fork
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-60-generic x86_64)

I am transition from Windows to OS X: Can one configure the Safari browser with a socks to tunnel through a SSH tunnel (Putty in MS-Windows). Can a SSH tunnel be configured from the command line and command the Safari browser to direct request / responses through the tunnel? If yes, an example is appreciated.

Is there an analog on macOS for this “socksify” functionality in Linux ? So that I can use it like on Linux:

socksify mongo

I'm looking to tunnel my connection on Firefox, for example, through a VPN while keeping Chrome, or any other apps not listed, connected to my home wifi without a VPN connection. I'm aware that this was previously deemed impossible due to the frameworks provided by macOS, but earlier this year, PIA released an update allowing split-tunneling. I've tested it, and it does work for Firefox and some other apps, but not everything. I also don't particularly want to be locked in to a certain provider for this. Do any protocols like Wireguard support split tunneling on macOS these days thanks to recent changes in the system? Or, do any other providers offer this feature?

How do I delete tunnels on the localhost (lo0) interface? I have tunnels on my machine, but no active VPNs, so it seems like they shouldn’t be there. How do I delete these tunnel interfaces and routes?

I've been using SSH Tunnel manager to easily set up and stop port tunneling over SSH to various servers at my company. That saved me the pain of opening up a new terminal window which will hang out there just for the sake of having a tunnel open. This worked great (well , sort of) but SSH Tunnel Manager is a PowerPC application. With Lion, it is not supported any more. What is a good replacement?

I connect ssh like this: % ssh -L 1445:127.0.0.1:445 -L 15900:127.0.0.1:5900 -p 2216 -v myhost Excerpt from the verbose log when connecting: debug1: Local connections to LOCALHOST:1445 forwarded to remote address 127.0.0.1:445 debug1: Local forwarding listening on ::1 port 1445. debug1: channel 0: new [port listener] debug1: Local forwarding listening on 127.0.0.1 port 1445. debug1: channel 1: new [port listener] debug1: Local connections to LOCALHOST:15900 forwarded to remote address 127.0.0.1:5900 debug1: Local forwarding listening on ::1 port 15900. debug1: channel 2: new [port listener] debug1: Local forwarding listening on 127.0.0.1 port 15900. debug1: channel 3: new [port listener] debug1: channel 4: new [client-session] … debug1: Connection to port 15900 forwarding to 127.0.0.1 port 5900 requested. (no corresponding line for SMB/445) When I then try to connect VNC using this (from the command line) open vnc://127.0.0.1:15900 the connection dialogue appears but after I enter my details it just "shakes" (no error message or anything). For SMB I use a similar URL open smb://127.0.0.1:1445 Here I at least get an error message that a problem occurred and that I should contact the admin. Both VNC and SMB works when I connect directly when I am on the LAN, and I used to do this frequently some years ago. A verbose ssh log from a VNC-attempt: debug1: Connection to port 15900 forwarding to 127.0.0.1 port 5900 requested. debug1: channel 5: new [direct-tcpip] debug1: Connection to port 15900 forwarding to 127.0.0.1 port 5900 requested. debug1: channel 6: new [direct-tcpip] debug1: channel 5: free: direct-tcpip: listening port 15900 for 127.0.0.1 port 5900, connect from 127.0.0.1 port 51566 to 127.0.0.1 port 15900, nchannels 7 debug1: Connection to port 15900 forwarding to 127.0.0.1 port 5900 requested. debug1: channel 5: new [direct-tcpip] debug1: channel 6: free: direct-tcpip: listening port 15900 for 127.0.0.1 port 5900, connect from 127.0.0.1 port 51567 to 127.0.0.1 port 15900, nchannels 7 debug1: channel 5: free: direct-tcpip: listening port 15900 for 127.0.0.1 port 5900, connect from 127.0.0.1 port 51569 to 127.0.0.1 port 15900, nchannels 6 and for SMB: debug1: Connection to port 1445 forwarding to 127.0.0.1 port 445 requested. debug1: channel 5: new [direct-tcpip] debug1: channel 5: free: direct-tcpip: listening port 1445 for 127.0.0.1 port 445, connect from 127.0.0.1 port 51578 to 127.0.0.1 port 1445, nchannels 6 One odd detail is that, for VNC, I have two users on the destination machine, A and B. A is my main user and the user I am logged in as when I try to tunnel VNC over SSH and fail, **BUT** if I instead try to login as B over VNC (while A is logged in locally), the connection works. An SSH-log from such a login: debug1: Connection to port 15900 forwarding to 127.0.0.1 port 5900 requested. debug1: channel 5: new [direct-tcpip] debug1: Connection to port 15900 forwarding to 127.0.0.1 port 5900 requested. debug1: channel 6: new [direct-tcpip] debug1: channel 5: free: direct-tcpip: listening port 15900 for 127.0.0.1 port 5900, connect from 127.0.0.1 port 51642 to 127.0.0.1 port 15900, nchannels 7 debug1: Connection to port 15900 forwarding to 127.0.0.1 port 5900 requested. debug1: channel 5: new [direct-tcpip] debug1: channel 6: free: direct-tcpip: listening port 15900 for 127.0.0.1 port 5900, connect from 127.0.0.1 port 51643 to 127.0.0.1 port 15900, nchannels 7 Trying to login as B over SMB yields the same error message as A sees. I have three computers and I have the same problem with all of them. I use ssh-keys with https://www.funtoo.org/Funtoo:Keychain . If I tunnel over my LAN I get the same result. Feels like something has changed in recent versions of MacOS? An odd detail is that I, when I SSH over internet, need to ctrl-c to exit the connection. That is, after I enter exit to logout something gets stuck in the logout process. It is not until I send a ctrl-c that it finishes and I am returned to my local shell. This does not happen when I SSH on the LAN, in that case I just enter exit and the connection is stopped as expected. --- Update: Here is a log from a failed, tunneled, VNC-login according to the instructions in a comment: 2023-08-18 08:52:05.095119+0200 0xe3cc3b Default 0x0 98235 0 screensharingd: SendAuthenticationInfoMessage 2023-08-18 08:52:05.126178+0200 0xe3cc3b Default 0x0 98235 0 screensharingd: HandleViewerAuthenticationMessages 2 2023-08-18 08:52:05.126193+0200 0xe3cc3b Default 0x0 98235 0 screensharingd: SendRSAResponseSRPAuthentication 2023-08-18 08:52:05.306678+0200 0xe3cc3b Default 0x0 98235 0 screensharingd: HandleViewerAuthenticationMessages 10 2023-08-18 08:52:05.306684+0200 0xe3cc3b Default 0x0 98235 0 screensharingd: SendRSAResponseSRPAuthentication and here a successful login (not tunneled): 2023-08-18 08:47:05.720064+0200 0xe3b74b Default 0x0 97627 0 screensharingd: HandleViewerAuthenticationMessages 2 2023-08-18 08:47:05.720072+0200 0xe3b74b Default 0x0 97627 0 screensharingd: HandleViewerAuthenticationMessages 7 2023-08-18 08:47:06.058599+0200 0xe3b74b Default 0x0 97627 0 screensharingd: HandleViewerAuthenticationMessages 7 2023-08-18 08:47:06.375293+0200 0xe3b4d8 Default 0x0 97627 0 screensharingd: Authentication: SUCCEEDED :: User Name: db :: Viewer Address: 192.168.1.13 :: Type: Kerberos Can't see anything obvious that is wrong/different here?

I have a new Mac set up as a home server. I can use the Finder's Go | Connect to Server... from local Macs to connect with smb://my-new-server.local, but can't connect from outside my LAN. I've tried smb://myregistereddomain.net and smb://xxx.yyy.zzz.www (my actual static IP address). I have set my router to forward TCP traffic on port 445 to the server. What am I missing? Update: have now added forwarding of port 139 but still no luck connecting. Verified that my ISP doesn't block these ports. Could this be something Apple just doesn't allow? Could a remote user somehow tunnel into my LAN and access the SMB server that way? Where are instructions on doing this?

Im Using ssh tunnel its was working before update, But after update im not able to do ssh on 2nd host.It keep asking me password. Even key is same, first jump host its working. So i don't think issue with my key.

I need to connect a new MacBook Pro to the company network and then log in once to get the account running. Unfortunately, I live very far away from the company, so it would be great if I could do it remotely. Also pressing Cmd+R or Cmd+S during boot does not work, I still get to the login screen, so this seems no solution. **My idea:** I still have the old MacBook with a working VPN connection to the company network. Is it possible to share it somehow? [ ROUTER - Wlan] -- [Wlan -- [ VPN - Tunnel ] -- OldMB -- en0 ] -- [ en0 -- NewMB ] **Question:** What would I need to configure in the old MacBook to route all eth0 packets into the tunnel? We use OpenVPN. And do I need a special cross cable to connect the two Macs? Will the routing be enough for the new MacBook to request an IP per DHCP?

I need to work remotely and connect to a company network from my Mac over the internet. How do I set this up? I've looked at different software such as OpenVPN and Tunnelblick. I'm not sure how to set up remote access. Any suggestions? Advice? Additional information: There is basically no IT department. So I would need to set up the server side solution as well if that is what is needed. More information: I basically need to use the database connection from inside the company network.

Here is my problem : At work, if I don't want to use my phone for everything I use the provided connection to the internet, that goes through a network that has strict restrictions : basically all protocols besides HTTPS are blocked. It's been a hassle and has prevented me to work efficiently several times, but despite my complaints to the administration the rules are nowhere near changing. So what I am thinking I could do : Create a HTTPS Tunnel to a personal computer at my place (Raspberry pi I just acquired) to be able to do anything I can do from my place. I am posting the question here because the computer I use between my work and my home runs on macOS. 1. Are there people here that would know if channeling all my connections through such a tunnel could be done (like using a proxy) ? 2. Do you have a better idea ? (Yes I thought about using a VPN, but that protocol is blocked too) 1.st Challenge : I don't know thing one about Tunnels 2.nd Challenge : Connecting the Raspberry Pi at my place to be securely accessible from outside my home network. Thank you already for enlightening me.

Situation is like this: 1. From my home I connect over SSH to remote router with static IP. ssh routeruser@static_router_ip 2. Than from router console over SSH, I connect to mac-mini. ssh macuser@local_macmini_ip How to open URL from remote macmini, in my local browser?

I have had X11 installed on my Mac for quite some time (as long as I have owned it I think) and have never used it. Do applications still use X11 or is out outdated at this point? Should I "learn" how to use it because I may use it in the future? The reason I ask is that I read that you can run X over SSH and I thought it might be useful to run a window manager to get some graphics from a remote machine. Then I realized I have never used X11 and launched it only to become confused. So should I use X11 and why?

I'm using the BIG-IP f5 vpn client on my MacBookPro. Most of the time it works fine. Sometimes when my VPN does not exit cleanly I can no longer connect to the VPN. No matter how many times I try to exit, disconnect, turn off my wireless network, or release the dhcp, close my laptop lid. Nothing works. I get this error message > **tunnel server already launched** The only way around this was to reboot my Mac. This has the major drawback of loosing all my open browsers, terminals, folders, applications, etc. Is there any other way around this issue? So that I can retain all the things that I have opened and am in the middle of? I try not to reboot for weeks or months at a time.

I'm using the NetworkExtension framework to create a virtual utun interface. My application receives packets from a client and the application writes the packet into the utun interface. Since I have enabled ip forwarding using sudo sysctl -w net.inet.ip.forwarding=1 on the system, the packet is sent to the correct interface en0 and sent out through the wire. When a response is sent back, it is received on the en0 interface. However, I want to forward these packets to the utun interface so that my application can read the packets received. How can I achieve this? Example: 1. VPN Application receives packet from client. 2. Application writes packet to utun interface with source 100.64.0.77 and destination 192.168.1.95 3. OS networking stack sees that the packets destined for 192.168.x.x are to go to interface en0 4. Packet is sent out through wire to 192.168.1.95 5. 192.168.1.95 sends a response packet with destination 100.64.0.77 and source 192.168.1.95 6. The response packet is only received on the en0 interface 7. The response packet needs to be put onto the utun interface somehow so that my application can read the packet. How do I achieve this? Some useful information below:

>netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags        Netif Expire
default            192.168.1.254      UGSc           en0       
default            link#10            UCSI         utun2       
100.64.0.77        100.64.0.77        UH           utun2       
127                127.0.0.1          UCS            lo0       
127.0.0.1          127.0.0.1          UH             lo0       
169.254            link#7             UCS            en0      !
192.168.1          link#7             UCS            en0      !
192.168.1          link#10            UCSI         utun2       
192.168.1.92/32    link#7             UCS            en0      !
192.168.1.99       8c:a9:82:2e:d6:2e  UHLWI          en0    986
192.168.1.254/32   link#7             UCS            en0      !
192.168.1.254      70:f1:96:86:e6:a0  UHLWIir        en0   1196
224.0.0/4          link#7             UmCS           en0      !
224.0.0/4          link#10            UmCSI        utun2       
224.0.0.251        1:0:5e:0:0:fb      UHmLWI         en0       
255.255.255.255/32 link#7             UCS            en0      !
255.255.255.255/32 link#10            UCSI         utun2   

>ifconfig utun2
flags=8051 mtu 1500
options=6403
inet 100.64.0.77 --> 100.64.0.77 netmask 0xffffff00

Goal: from WAN, SSH-tunnel to home router (outfitted with SSH) and access **remote** LAN devices with iPad's web browser. As I understand it, a SSH-tunnel (connection) must be established first, which I imagine would require an App? The Ubuntu equivalent being: ssh -f -N admin@server1.example.com -L 8080: server1.example.com:3000 Unless the app routes all web browser (port 80?) traffic through its tunnel, then there would need to be a setting in the browser that enable a tunnel proxy? What are today's options? Solution preference is for simplicity & low-cost. Simplicity comprises avoiding jail-break.

I'm looking to do something that I think is fairly basic, but I'm not aware of whether Airport Express hardware supports this scenario. Basically, I just want to tunnel audio via IP packets / my home network, from a home theater, to a set of outdoor speakers. [For the scenario, think: being able to follow the action of a sports broadcast when I go from home-theater room, to outside my house, where my outdoor speakers are.] If a pair of Airport Expresses can be configured as a 'dedicated, point-to-point audio bridge' then it seems like it'd work. In other words - set up to just tunnel the audio input from one Express, over regular home-network IP, to the other bridge, where it re-emerges via line-out as regular audio out. Can those devices operate that way? If not - is there an inexpensive way to enable? I'm not aware of any 'bridge' device pairs that tunnel audio over IP (TCP or UDP) from a 'transmitter' to a 'receiver.' (Devices like this exist for Bluetooth... but, I need to span a large distance, and figure I should be able to leverage the my wired/WiFi home network to achieve this, and not worry about audio quality; bluetooth profiles; signal strength - etc.) Note, the goal would be to set this up once - and then not control them or manage them, using Airplay or anything else, thereafter. thoughts?

Is there any way I can import a .vpl file? This is the only way of connecting I have and for now I can only do it on Windows (with FortiClient 4.x.x) because 5 doesn't support importing .vpl anymore.

What ports does iCloud and iMessage use and is it possible to use SSH port forwarding via a proxy to use them on a network that blocks the services?