I recently started working for a European company. I live in the US, so they shipped me a work laptop, but it took almost a month after my start date to arrive. As a temporary solution, I was given RDP access to a virtual machine inside the corporate intranet, but with only two cores and a transatlantic ping, it immediately proved inadequate for software development.

Meanwhile at home I have screaming a 32-core Threadripper with 64GB of memory, and I greatly prefer to develop on it. Now work has a VPN client, but IT policy prohibits connecting personal devices. Instead, I used the following procedure to set up the topology pictured above.

After following this procedure, I can access the company’s TFS (Team Foundation Server), pull and push code with git, participate in pull requests, pull company NuGet packages, and reach team wiki pages, all from my personal machine.

Warning: The procedure described below may or may not violate your company’s IT policies. We’re creating what your company may view as an enterprise backdoor. Please verify with the appropriate people in your company before trying it.


This guide shows how to access work intranet resources e.g. TFS and wiki pages, from a home computer without a VPN.

SSH Server

On your home machine, setup an SSH server, optionally with public key auth. Here’s some help for Windows 10:




SSH Tunnel

Using Remote Desktop, on the remote virtual machine, create a SOCKS5 reverse SSH tunnel:

ssh -R 6666 -i id_rsa johndoe@my-dns-name.com -p 2323

johndoe@localhost C:\Users\JohnDoe>


ssh -R 6666 -i id_rsa johndoe@ -p 2323

ssh -R 6666 johndoe@ -p 2323


On your home machine, test the SOCK5 connection.

Verify your real IP address:

C:\›curl ifconfig.io

Verify your tunneled IP address:

C:\›curl --socks5 localhost:6666 ifconfig.io // This is the Virtual Machine’s IP address.

Configure Apps


  1. Download DNS2SOCKS. This app pipes all DNS queries through the SOCK5 proxy.


  1. Run DNS2SOCKS

Note, in the command below, points to my home router.

You could use e.g. Google DNS at

        DNS2SOCKS.exe /la:socks.log  
        DNS2SOCKS V2.1 (free software, use parameter /? to display help)  
        SOCKS server port 6666  
        DNS server port 53  
        listening on port 53  
        cache enabled  
        authentication disabled  
        EDNS client subnet disabled
  1. Set your network adapter to use as the DNS server.

Open Network Connections:


Right click on the adapter, e.g. Ethernet or Wi-Fi.

Click Properties

Select “Internet Protocol Version 4 (TCP/IPv4)”

Click Properties

Under “Use the following DNS server addresses:”, enter

Optionally set an alternate server e.g.

Click OK to close the “Internet Protocol Version 4 TCP/IPv4 Properties” dialog.

Click OK to close the adapter properties dialog.

  1. Test that you can resolve hosts at the company, e.g. TFS.

         C:\>nslookup tfs.example.com  
         Server:  localhost  
         Non-authoritative answer:  


Since all not apps support SOCKS5, e.g. Visual Studio Teams Explorer, while others have buggy support (such as git), we need forward HTTP/HTTPs traffic through SOCKS5.

Install Privoxy: https://www.privoxy.org/

Start Privoxy

Configure Privoxy

Open config.txt (Edit -> Open Main Configuration)

Add the line:

forward-socks5 / .

Restart Privoxy

Configure apps to use

Use, not localhost, since localhost may resolve to the SOCKS5 server.


  1. On your home machine, setup git to use the HTTP proxy.

             // All repos  
             C:\>git config --global http.proxy  
             C:\>git config --global https.proxy  
             // Or just this repo  
             cd C:\Users\JohnDoe\repo  
             C:\>Users\JohnDoe\repo>git config http.proxy  
             C:\>Users\JohnDoe\repo>git config https.proxy

Unset with

                git config --global --unset https.proxy  
                git config --global --unset http.proxy

It may be helpful to store your credentials. You should get a GUI dialog prompt.

            cd repo  
            git config --global credential.helper store  
            git pull  
            Username for 'https://tfs.example.com': user@example.com  
            Password for 'https://user@example.com@tfs.example.com':

To change these values later, open the Start Menu and search for “Credential Manager”


  1. Install the SOCKS proxy extension by Hotplate Labs.


  1. Set the extension to use the SOCK5 proxy port, e.g. 6666.

Right click on the extension icon and click Options.

Type the port into the text box that appears.

Try to load some intranet pages.


Check your IP address



Visual Studio 2019 (for e.g. Team Explorer)

  1. Open the file C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\devenv.exe.config

  2. Add the following under “<system.net>”

         <defaultProxy useDefaultCredentials="true" enabled="true">  
             <proxy proxyaddress="" />  


                    <ipv6 enabled="true"/>  


                <defaultProxy useDefaultCredentials="true" enabled="true">  
                    <proxy proxyaddress="" />  
                    <ipv6 enabled="true"/>  
  1. Restart Visual Studio.

  2. In Team Explorer, connect to the server e.g. at the URL https://tfs.example.com/tfs/


  1. Open e.g. C:\Users\JohnDoe\AppData\Roaming\NuGet\nuget.config
  2. Add the configuration below
 <!-- stuff --> 
    <add key="http_proxy" value="" /> 
  <!-- stuff -->





Please feel free to start a discussion on GitHub.

Main page