I recovered from a small disaster today using the neko dockerised web-browser.
I set up a remote backup with Proxmox running on a HP mini and a Synology a month ago at a friend’s house 3000 km away. I thought I’d reserved all the IP addresses, but last night the Synology IP address changed, so the NFS shares to Proxmox and Jellyfin broke. That wasn’t to hard to fix remotely, but I don’t want it to happen every time the DHCP lease expires.
So now I need to log into their router and reserve the IP addresses…
I can get on the local network there by ssh-ing into one of my entities (via Tailscale), but how do I get to the web interface of the router?
Enter neko. It spins up a browser in a Docker container that can be accessed over a web address. So I created an LXC, installed docker and spun it up, then was able to use that to open the local-only web interface to the router.
neko is intended for watch parties, so multiple people can be logged in to the same browser window at a time - there’s a toggle to take control of the window for clicks and typing, but apart from that it’s all pretty straight forward. There’s a very noticeable lag, but it got the job done.
Perhaps there was an easier lighter-weight way of doing this? In the old old days there was a text browser called Lynx - so perhaps there’s some modern iteration that could have done this job?
Edit: There is an easier lighter-weight way of doing this!
Thanks to @SteveTech@programming.dev, @Dewege@feddit.org and others who mentioned ‘ssh tunneling’ - TIL I could just connect a local port (8080 in my case) to port 80 on the router (192.168.1.1:80 in my case) via the VM I have ssh access to over tailscale (thirdbreakfast@100.126.38.117) with:
ssh -L 8080:192.168.1.1:80 thirdbreakfast.126.38.117
ssh -L <local port to use>:<remote machine to access with port> <ssh address of jump machine>
When executed, that looks like I’ve just ssh’ed into that machine, but until I log out of that connection I can open up 127.0.0.1:8080 in my browser and I’m in the router’s web interface - still a tiny bit of lag, but way smoother experience with less carry on.
Amazeballs.
Perhaps there was an easier lighter-weight way of doing this?
Yeah, SSH tunneling. What I would do (and have done in the past) is something like:
ssh -L 8080:192.168.0.1:80 myserverThat will forward port 8080 on your host to port 80 on 192.168.0.1, so you can access your router’s web UI with
http://localhost:8080/in your own web browser.You can also setup full tunneling with SSH, but that requires messing around with SOCKS and I usually can’t be bothered.
I use this to help my grandma remotely! The two steps needed were to join her into my Tailscale network and set up SSH with key authentication only.
Now I am able to SSH into her computer and enable VNC (remote control) and connect to the VNC-server over an SSH-tunnel like this.
I just can’t get over the fact that I didn’t knew of ssh tunneling till today. P.S I have a 24x7 home server for last 5years
ssh -D8080 myserverand then use any of the proxy extensions (i like proxyswitchy omega I think it’s called). Also works with tsocks or anything that can use a SOCKS5 proxy, and as an added bonus, it’ll resolve DNS through the proxy as well.I’ve been using the
-L2500:localhost:25 -L14300:localhost:143trick to access my personal email without leaking anything outside of the ssh tunnel for years, and things like sslh and corkscrew allow me to get around/through draconian corporate IT policies with almost 100% success.The last trick I have is iodine which can tunnel traffic through DNS. If you can’t get a direct connection to the iodine endpoint it can be damn slow, but if you gotta get through it can be a godsend.
Thanks - this is exactly what I needed.
You beat me by some minuts :)
Perhaps there was an easier lighter-weight way of doing this?
sshuttledoes exactly that. It’s basically a VPN that uses SSH tunnelling. If you have a host in the same network as the target machine, and you can SSH into it,sshuttlecan route all TCP traffic between you and the target (or a subnet) through the host without having to bind local ports manually.sshuttle -r ssh_server <hosts/subnets...>Oh man this looks so much simpler than having to Google/man page how to ssh tunnel every 8-10 months.
This was my first thought. I’m actually using this right now to set up WireGuard at my house so I can tunnel there from a remote location on several devices that don’t have ssh accounts on the target.
Next in line is
ssh -D 9999 remotehostwhich opens a socks5 proxy on localhost:9999 that tunnels all connections through the remote host. This is especially rad with proxy.pac https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_fileAnd next in line is
ssh -L 9999:target_host:80(or whatever) which tunnels 127.0.0.1:9999 to target_host:80.
Why is the cat showing its arsehole?
Because cat people are weird as fuck.
It’s supposed to be a dot (.) character. The project’s name is n.eko.
Actually, I knew that Neko is the Japanese word for cat, but it never dawned on me it’s supposed to be a part of the naming nomenclature. It’s kind of clever marketing.
Cringe
At least they’re self-aware.
My cat did that to me the night after we adopted her. I called the rescue center to ask them about this behavior, and I was told that my cat had formally “accepted” me as her family and that the starfish-flashing is a sign of affection and acceptance.
That’s just a cat thing. Some of them are intent on displaying their poopers whenever possible, especially if it’s right in your face.
That’s not an arsehole… It’s part of the fediverse cluster !!! (The asterism ⁂).
This is also my only question.
Neat, but if you had Tailscale, why not use Tailscale?
Probably doesn’t have it set up with subnet access on to his friends network. Which tbf you wouldn’t actually want for this use case.
Yes - we’re “I’ll let you use my electricity for your computer thing” friends, not “I’m okay with seeing your printer on my home network” friends.
Well, that’s what you are doing with ssh tunnels and remote browsers. If you want separation, they can put your computer in their router’s DMZ (demilitarized zone), so it doesn’t have access to their devices. Additionally, If you use the Tailscale IPs (or host names) instead of their local IPs on his network, they won’t ever change.
This would have been great to have when we were overseas and our bank and mortgage website would not load. Had to spin up an ec2 instance in a US region to pay the bills.
I‘m using an ssh tunnel for that pupose. So if I can ssh into a remote synology, I can also create an ssh tunnel to any of the IPs of the remote network. Then I just open my regular local browser with an address https://localhost/:<local-tunnel-port>
Thanks yes - that’s exactly what I needed.
Maybe I’m missing something, but if your friend’s router had the capability to, would it not be easier to just set up a WireGuard tunnel directly on the router to VPN straight into their local network? Then you’re able to just access the UI through your browser remotely, without reliance on any server at all.
I have a TP-Link with this functionality. Not sure quite how widespread this is in 2025.
This is very confusing…
So you didn’t have access to your network…why?
Were you just away for some reason? Get a proper VPN going, or put a Tailscale endpoint on your network somewhere. Done.
No, he had access but clearly the router admin interface wasn’t set up to allow remote access. He then needed to access the router from a browser inside the LAN, and he did have the proxmox host configured correctly to access remotely.
Yes, this.
I’m not sure if it would work for your situation but you seem to be able to ssh into a server on that network? If so you can run a browser on that computer and tunnel the X session over ssh:
https://www.cyberciti.biz/tips/running-x-window-graphical-application-over-ssh-session.html
Otherwise neko seems neat, I’ve actually been looking for something for watch parties.
This is porn! Ty for sharing, was trying to set up a site2site VPN and this will most probably help enormously!
