Linux

You might be looking for the "ssh socks proxy" option (-D?).

Wireguard might be what you want. You connect to your remote machine ( assume it is at home). You can setup what traffic goes over wireguard (some or all). On your home machine you can run port forward command and masquerading command once connected on home machine so that you have full lan access too. It is described in the wireguard setup docs.

You can but it kind of sucks and you would only normally do it on a very temporary hacky basis. Otherwise use OpenVPN or Wireguard or whatever. If you want to do it with ssh, see the VPN instructions on the man page. But I mean it's janky.

Wire guard + some nft tables or ip tables rules is a much better solution.

Ssh on itself can do the port forward part but for the routing you still need the above mentioned rules. In addition, ssh will not autoreconnect if anything happens and you need to add autossh or some other solution to keep it rolling.

I'm not sure if you can do it without authenticating on the remote. Have you seen sshuttle? Maybe you can run that on the remote to connect to the local machine. If the issue is that the remote "can't see" the local machine to ssh into it then you could try something like reverse tunnel the ssh port to the remote, and then use sshuttle to connect to the local port that is forwarding traffic.

• ssh to remote, forwarding some remote port to your local ssh port (-R)
• ssh from remote through the exposed port, starting socks proxy in the process (-D)
• use socks proxy explicitly or find some tool that can route the traffic into it

Similar approach can be used to establish VPN tunnel with no encryption (ssh already provides that), routing everything but your ssh connection through it.

• ssh to remote, reverse forwarding your VPN-over-tcp server’s listening port
• establish vpn connection on remote, route everything but your ssh connection through the newly established interface

It will be wasteful, but it will work.

Sshutle? It essentially makes traffic go through ssh from anywhere to anywhere. If you ssh into your machine, use sshuttle towards your local machine, I think you should be good

So in summary you have your device A and services running on B, you connect to a vpn service using A, and you want the services running on B to use the same vpn connection?

I encountered this problem with torrenting and private trackers.

I solved it the other way around, by having the remote connect to the vpn and routing traffic from my device through that remote.

• get a mullvad subscription because they do wireguard
• create wireguard-outbound container on server and connect to mullvad
• create wireguard-inbound container on server and attach it to the network stack of wireguard-outbound
• attach any other containers on the server you want using the vpn to the network stack of wireguard-outbound
• install wireguard on your various devices instead of connecting to mullvad directly just connect to your wireguard-inbound container

For bonus points you can create a squid (proxy service) container and attach that to wireguard-outbound, then create a firefox profile that connects to that proxy. That way your device isn't routing all traffic through the vpn, only the traffic from that firefox profile.

I've had this set up for several years now and for the most part it works very well. Occasionally I have to restart the containers but for the most part it's great.

Try googling something like "how to make a VPN server"

Wut. C'mon.

If I'm reading this right, you just need to learn about routing. SSH has nothing to do with this. This is basic networking at best.