There are several parts of our git infrastructure which are only accessible within the CERN network.
The following advice should help you set up a browser to be able to access these protected pages remotely.
Mac or Linux
Add the following to your .ssh/config file
host lxtunnel lxtunnel.cern.ch
Hostname lxtunnel.cern.ch
PubkeyAuthentication no
ForwardX11 yes
ControlPath ~/.ssh/controlmasters/%r@%h:%p
ControlMaster auto
ControlPersist 10m
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Protocol 2
ServerAliveInterval 60
ServerAliveCountMax 2
DynamicForward 8090
The key here is the Control* parts above and the DynamicForward port.
You also need to be sure that ~/.ssh/controlmasters/ exists, or create any other directory and just change the path to match what you have in your .ssh/config.
For windows:
Setting up the tunnels with putty as per this link.
Only go up to step 5: and use port 8090 for lxtunnel.cern.ch.
For Linux/Mac OS/Windows:
In your browser, install the “Proxy SwitchyOmega” extension. It is available for the following browsers:
Once installed, create a new profile in the extension/addon, with SOCKS5 protocol, to localhost server and the port used in DynamicForward in .ssh/config. i.e: 8090
It is advised to have an auto switch profile as well, that uses the previous profile whenever *.cern.ch is typed into the browser.
Activate the profile.
Thats it.
You start by doing ssh lxtunnel in the morning, then any page you open in your browser that is at CERN will always work as if you are at CERN.
Just remember that if your tunnel is NOT open, all links NOT in your bypass list in will fail But you can then just click on direct on the browser extension icon in your browser and it goes away.