Aapeli Vuorinen

Quick tip: Getting around IP-based geo-blocking using SSH tunnelling

Some American organisations have this really frustrating tendency to block access to their services if they think you’re outside the US based on your IP-address.

To get around this, you can rent a VM/server from any cloud hosting provider for a few minutes, and use SSH tunnelling to get around it.

This post is here mostly so I remember how to do it in 5 minutes instead of spending 30 minutes reminding myself of how it works.

Step 1: rent a box

You hopefully know how to do that, I just spun up an AWS EC2 instance in Virginia.

Step 2: add the domain you’re trying to access into /etc/hosts

Add a line like this into your /etc/hosts:

127.0.0.1 geo-blocked-domain.com

This causes requests to geo-blocked-domain.com to hit your local host.

This is needed for two reasons: most HTTP services these days use the Host header to decide which of several websites hosted on one server you’re trying to access. The other reason is that your browser won’t want to connect to a HTTPS endpoint unless the domain matches the certificate.

Step 3: SSH into your rented box and forward a port

ssh -i ~/.ssh/priv_key.pem -L localhost:5443:geo-blocked-domain.com:443 ubuntu@10.243.21.247

This will connect to the server at 10.243.21.247 (change this to your rented box’s IP-address), creating an SSH port-forward from port 5443 on your machine to port 443 on geo-blocked-domain.com on the remote machine.

Step 4: profit

Now you can connect to https://geo-blocked-domain.com:5443 and if there’s no extra tricks applied, this should load the page you were trying to access before.

So go ahead and pay your registration or toll bills, or whatever else mundane you had to do. Does it really have to be this hard?