A modern, user-friendly SSH VPN client for Linux with a beautiful GUI. Create secure VPN tunnels through SSH connections with support for multiple protocols and authentication methods.
- Dual Protocol Support: SSH and SSH-TLS modes for maximum flexibility
- Flexible Authentication: Password or SSH Key authentication (RSA, Ed25519, ECDSA, DSS)
- Modern Animated GUI: Clean, intuitive interface with smooth animations
- System Tray Integration: Minimize to tray for quick access
- Profile Management: Save and manage multiple server configurations
- SNI Domain Spoofing: SSH-TLS mode can mimic HTTPS traffic to bypass restrictions
- Real-time Bandwidth Monitoring: Track upload/download speeds
- IPv6 Leak Protection: Automatically blocks IPv6 to prevent leaks
- UDP Traffic Support: Full UDP forwarding capability
- Custom DNS: Configure your preferred DNS servers
- Connection Statistics: Real-time connection tracking
Direct SSH connection on any port (typically 22). Best for unrestricted networks with direct SSH access.
SSH connection wrapped in TLS/SSL (typically port 443). Traffic appears as HTTPS, making it harder to detect or block. Ideal for restrictive networks that filter SSH traffic.
The installation script automatically detects your Linux distribution and installs all dependencies:
chmod +x install.sh
sudo ./install.shSupported Distributions:
- Debian/Ubuntu/Mint/Pop!_OS
- Arch/Manjaro/EndeavourOS
- Fedora/RHEL/AlmaLinux/Rocky Linux
- CentOS/Oracle Linux
- openSUSE/SLES
- Alpine Linux
After installation, launch from your application menu or run:
ssh-vpn-proRequirements:
- Python 3.6 or higher
- Python packages:
paramiko,Pillow,pystray - System packages:
openssh-client,badvpn,stunnel4,policykit-1,iproute2,iptables
Install dependencies:
Debian/Ubuntu:
sudo apt update
sudo apt install python3 python3-tk python3-pip openssh-client badvpn stunnel4 policykit-1 iproute2 iptables
pip3 install paramiko Pillow pystrayArch Linux:
sudo pacman -S python python-tk python-pip openssh badvpn stunnel
pip3 install paramiko Pillow pystrayFedora/RHEL:
sudo dnf install python3 python3-tkinter python3-pip openssh-clients badvpn stunnel polkit iproute iptables
pip3 install paramiko Pillow pystrayRun the application:
chmod +x ssh_vpn_pro.py
./ssh_vpn_pro.py- Launch SSH VPN Pro
- Go to Profiles tab
- Click + New Profile
- Configure your connection:
- Protocol: Choose SSH or SSH-TLS
- Host: Your SSH server IP or hostname
- Port: SSH port (default: 22)
- Username: Your SSH username
- Auth Method: Select Password or SSH Key
- Password/SSH Key: Enter password or select key file
- For SSH-TLS: Configure SNI Domain and TLS Port
- Click Save
- Return to Home tab
- Click CONNECT
- Enter your system password when prompted (required for network configuration)
Password Authentication:
- Simple username/password login
- Credentials saved in encrypted profile (file permissions: 600)
SSH Key Authentication:
- More secure than passwords
- Supports RSA, Ed25519, ECDSA, DSS key types
- Default location:
~/.ssh/id_rsa - Browse to select your private key file
- Create: Click + New Profile button
- Edit: Click ✎ on any saved profile
- Delete: Click ✖ on any saved profile
- Select: Click on profile card to make it active
Profiles are saved in ~/.ssh_vpn_profiles.json with secure permissions.
For optimal performance and reliability, we recommend using high-quality VPS providers:
Recommended Provider: MyHBD.net
- Fast, reliable SSH servers
- Multiple global locations
- Optimized for VPN tunneling
- Excellent uptime and support
Choose servers geographically close to your location for best speeds.
To use SSH-TLS mode, configure stunnel on your SSH server:
Install stunnel:
sudo apt install stunnel4 # Debian/Ubuntu
sudo pacman -S stunnel # Arch LinuxGenerate certificate:
sudo openssl req -new -x509 -days 3650 -nodes \
-out /etc/stunnel/stunnel.pem \
-keyout /etc/stunnel/stunnel.pemCreate config file (/etc/stunnel/stunnel.conf):
[ssh]
accept = 443
connect = 127.0.0.1:22
cert = /etc/stunnel/stunnel.pemEnable and start:
sudo systemctl enable stunnel4
sudo systemctl start stunnel4Allow firewall:
sudo ufw allow 443/tcpNow clients can connect using SSH-TLS mode on port 443!
SSH connection fails:
# Test SSH access manually
ssh username@server -p portAuthentication errors with SSH key:
- Verify key file permissions:
chmod 600 ~/.ssh/id_rsa - Ensure public key is in server's
~/.ssh/authorized_keys - Check key file path is correct
No internet after connecting:
- Try disconnecting and reconnecting
- Check logs tab for error messages
- If disconnect fails, run cleanup script:
sudo bash cleanup_vpn.shMultiple instance error:
pkill -f ssh_vpn_pro.pyIf your internet doesn't work after disconnecting, use the cleanup script:
sudo bash cleanup_vpn.shThis will restore your network configuration.
sudo ./uninstall.shThis removes application files but keeps your saved profiles in ~/.ssh_vpn_profiles.json
- Profile data stored in
~/.ssh_vpn_profiles.jsonwith 600 permissions (owner only) - SSH key authentication recommended over passwords
- All traffic encrypted through SSH tunnel
- IPv6 automatically blocked to prevent leaks
- DNS queries routed through VPN
Files:
ssh_vpn_pro.py- Main applicationvpn_core.py- Core VPN functionalityssh_socks_simple.py- SSH tunnel handlerinstall.sh- Automatic installeruninstall.sh- Uninstallercleanup_vpn.sh- Network recovery tool
Ports Used (localhost only):
- 1080: SOCKS5 proxy
- 7300-7301: UDP gateway (configurable)
Issues and pull requests are welcome!
MIT License - See LICENSE file for details
Developed by Mohammad Safarzadeh
GitHub: github.com/itsredbull
Note: This tool is for legitimate use only. Ensure you have permission to use any SSH server you connect to. Respect all applicable laws and regulations.