LaunchAgent for continually connecting to SOCKS via autossh

gov.va.socks.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
 <key>Label</key>
 <string>gov.va.socks</string>
 <key>KeepAlive</key>
 <dict>
  <key>NetworkState</key>
  <true/>
 </dict>
 <key>RunAtLoad</key>
 <true/>
 <key>ProgramArguments</key>
 <array>
     <string>/opt/homebrew/bin/autossh</string>
     <string>-v</string>
     <string>-M</string>
     <string>20001</string>
     <string>-D</string>
     <string>2001</string>
     <string>socks</string>
     <string>-N</string>
 </array>
 <key>StandardOutPath</key>
 <string>/Users/ericboehs/Logs/autossh/autossh.stdout</string>
 <key>StandardErrorPath</key>
 <string>/Users/ericboehs/Logs/autossh/autossh.stderr</string>
 <key>User</key>
 <string>ericboehs</string>
 <key>ThrottleInterval</key>
 <integer>30</integer>
</dict>
</plist>

Place this in ~/Library/LaunchAgents, update the paths from /Users/ericboehs to something that actually exists, and then run:

launchctl load -w ~/Library/LaunchAgents/gov.va.socks.plist

You'll want to make sure autossh is installed (brew install autossh) and if you're not on a M1 mac, you'll need to change line 16 to /usr/local/bin/autossh.

You'll also need to configure your socks host in ~/.ssh/config. But hopefully you've already done that.

Should the user add the plist pac url to their network proxy?

That's what I prefer. But you could also use the omegaproxy extension in Chrome/Firefox. The autosshd solution presented here doesn't presuppose how you'll be connecting to the proxy, just getting the proxy running.