SSH Tunnels

This guide will show you how to create an SSH tunnel. Unlike using OpenVPN which encrypts all network traffic at the driver level for that device, creating SSH tunnels enables you to route traffic for selected applications only.

For example: You could open a tunnel only for browsing or an application, letting the rest of your traffic go through your ISP directly, unencrypted. This has a number of benefits, namely:

  • Preventing a lot of problems for casual usage, such as using an imap application such as Thunderbird or using Personal websites like Paypal.
  • Allowing you to encrypt traffic on multiple devices simultaneously (OpenVPN only allows one device at a time)
  • Enabling setup of software such as Plex


It might be a good idea to create a new SSH session specifically for the tunnel. Once you have a session you wish to create a tunnel for, navigate to the Tunnels section. Look for Connection, expand the SSH options and select Tunnels.

Select Dynamic and enter a port number in the field Source port. The picture below uses 12345, but you can select any open port on your machine.

Kitty screenshot showing the tunnel options
Select Dynamic, enter your details and then click Add.

Once configured you can go back to Session and select Save.

macOS and Linux

It's much easier to create SSH tunnels on macOS and Linux because you don't need to download or configure any additional software. All you need to do is access a terminal window the SSH basics guide has more on this) and run the following command, replacing port with a number between 10001 and 32001 that isn't already in use and username with your username:

ssh -D port -l username

Using the created tunnel with applications

The tunnel will be operational once you have either opened the tunnel session and logged in to your slot via KiTTY or signed in via the command in the macOS and Linux section. You'll need to keep the tunnel open throughout - if you close the terminal window you'll close the tunnel

To use the tunnel you'll need to configure software to use it. This is done, in brief, by adding the tunnel's details in the software's proxy settings. The following sections look at specific software.


Open your proxy settings by copying and pasting about:preferences#advanced in the address bar and clicking on Network. Then, click on Settings... to configure how Firefox connects to the Internet.

Select the Manual proxy configuration: button and make the following changes:

The port number you opened the tunnel with
A screenshot of the advanced connection settings of Firefox
In the settings above, replace 12345 with the tunnel port number you have selected.

Windows OS

Many programs will resort to Windows' proxy settings, so the following mini-guide applies to the following browsers:

  • Chrome
  • Internet Explorer

It may also affect other software like Steam. If you change the settings below and later (i.e. after Tunnel use) get weird connection errors, please double-check your proxy settings.

To access these settings quickly, press the Windows key to bring up the Start menu then type proxy. A search should automatically begin when you start typing, and eventually display Configure proxy server. Press enter to open the options, then do the following:

  • Press LAN settings
  • Tick/check Use a proxy server for your LAN
  • Press Advanced
  • In the Socks address field enter
  • In the Socks port field enter the port number you opened the tunnel with
A screenshot of the Windows operating system proxy settings
In the settings above, replace 12345 with the tunnel port number you have selected.