I found out about sshuttle from a random tweet that happened to catch my eye.
Here’s the skinny (from the readme):
- Your client machine (or router) is Linux, FreeBSD, or MacOS.
- You have access to a remote network via ssh.
- You don’t necessarily have admin access on the remote network.
- The remote network has no VPN, or only stupid/complex VPN
protocols (IPsec, PPTP, etc). Or maybe you are the
admin and you just got frustrated with the awful state of
VPN tools. - You don’t want to create an ssh port forward for every
single host/port on the remote network. - You hate openssh’s port forwarding because it’s randomly
slow and/or stupid. - You can’t use openssh’s PermitTunnel feature because
it’s disabled by default on openssh servers; plus it does
TCP-over-TCP, which has terrible performance.
Here’s how I set it up on my Mac
Install homebrew:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
Install sshuttle (as a regular user):
brew install sshuttle
Test the connection to a server you have:
sudo sshuttle -r <user>@host.tld -x host.tld 0/0 -vv
I also made sure that my target server could be connected-to via certificate for my local root user – but you can use a password if you prefer.
Check your IP address:
curl https://ipv4.cf
Once you make sure the connection works, Ctrl-C to end the session.
Then setup an alias in your shell’s .profile
(for me, it’s .bash_profile
):
alias vpn='sudo sshuttle -r <user>@domain.tld -x domain.tld 0/0'
Other things you can do
According to the full docs, there are a lot more things you can do with sshuttle – including running it on your router, thereby VPN’ing your whole LAN through an endpoint! You can also run it in server mode.
This is a super useful little utility!
from antipaucity https://antipaucity.com/2020/03/23/sshuttle-a-simple-transparent-proxy-vpn-over-ssh/
via IFTTT