Thread: [Tutorial] Poor-man'VPN via SSH with sshuttle
View Single Post
alphazo is offline alphazo
2011-01-23 , 13:35
Posts: 12 | Thanked: 15 times | Joined on Jan 2010
#1
sshutle is a transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin access. Works with Linux and MacOS, now including 10.6.
Pretty neat for the N900 considering how inconvenient it is to change socks or proxy settings.

Project homepage: https://github.com/apenwarr/sshuttle

NEWS: Version 0.50a adds support for DNS proxying (new --dns switch). So now both TCP packets and DNS requests are sent over the tunnel

Requirements:
  • Titan's Power kernel as it includes all the required iptable modules. For info I run Titan 2.6.28.10power46.
  • Python
  • Git - Optional, only required for downloading the project.
  • Remote SSH server (no admin rights required)
  1. Download sshuttle using git
    Path for git core files is not set correctly. You need to add it to your path. See thread here http://talk.maemo.org/showthread.php...git+index-pack

    Code:
    # export PATH=$PATH:/usr/libexec/git-core
    Then
    Code:
    # cd /home/user
# git clone git://github.com/apenwarr/sshuttle
    In my intial tutorial I mentioned a patch to firewall.py that was required to make sshuttle run on N900. This is no longer required.
    sshuttle can now auto-detect that the "-m ttl" stuff doesn't work, and try again without it in that case.
  2. You can now start sshuttle
    First you need to be root.
    Code:
    # root
# ./sshuttle -r user@sshserver 0.0.0.0/0 -vv --dns
  3. Use it
    You can now use all the applications dealing with TCP protocol (web browser, command line...). With the new --dns switch DNS requests are also sent through the SSH tunnel.

There is also a new switch on 0.50a for addressing latency issues.

--no-latency-control: disable the "check_fullness" feature that
prevents a bandwidth-intensive sshuttle channel, like a huge rsync,
from killing the latency of other channels. If your network is very
fast but has high latency, the latency control prevented you from
using all your bandwidth, and sometimes you just don't care about
latency.

TIPS1: RSA keys and alternate ports
For that you either need to use sshagent or a /root/.ssh/config file. Here is how to do it with a SSH config file:

Code:
Host myremoteSSH
    User alphazo
    Hostname remotessh.dyndns.org
    Port 443
    IdentityFile ~/.ssh/id_remoteSSH_rsa
And you could simply use it with:

Code:
# ./sshuttle -r myremoteSSH 0.0.0.0/0 -vv
TIPS2: Python3 enabled SSH servers
Latest version of sshuttle now autodetects installed Python versions and adjust its settings to select the Python interpreter (i.e. ArchLinux).
Last edited by alphazo; 2011-02-09 at 09:11.
 

The Following 9 Users Say Thank You to alphazo For This Useful Post: