C²S Consulting logo
C²S Consulting | Primers | sshuttle

sshuttle

Diarmuid O'Briain, diarmuid@obriain.com
<18/02/2016>, version 1.0

Last updated: 18-02-2016 18:35

You know those times when you need to get around a blocking problem and you need a quick VPN. Well if you have SSH access to a GNU/Linux, BSD or other UNIX server then it is as simple as a single command.

Install sshuttle which is a transparent proxy-based VPN using ssh. It allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has python 2.3 or higher. To work, root access is required on the local machine, but a normal account is all that is required on the server.

Install sshuttle

  alovelace@Laptop:~$ sudo aptitude install sshuttle

Run sshuttle

Now run sshuttle to a server you have access to.

sshuttle --verbose --auto-nets --remote @ 0.0.0.0/0 

  alovelace@laptop ~ $ sudo sshuttle --verbose --auto-nets --remote alovelace@gnu.linux.svr 0.0.0.0/0 
  Starting sshuttle proxy.
  Listening on ('127.0.0.1', 12300).
  firewall manager ready.
  c : connecting to server...
  alovelace@gnu.linux.svr's password: Password
   s: latency control setting = True
   s: available routes:
   s:   176.58.111.0/24
  c : connected.
  Connected.
  firewall manager: starting transproxy.
  >> iptables -t nat -N sshuttle-12300
  >> iptables -t nat -F sshuttle-12300
  >> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
  >> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
  >> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 176.58.111.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
  >> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
  >> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
  c : Accept: 192.168.10.2:59472 -> 176.45.192.36:443.
  c : Accept: 192.168.10.2:52269 -> 35.15.77.6:443.
  c : Accept: 192.168.10.2:52270 -> 35.15.77.6:443.
  c : Accept: 192.168.10.2:52271 -> 35.15.77.6:443.
  c : Accept: 192.168.10.2:46774 -> 176.45.192.3:443.
  c : Accept: 192.168.10.2:43405 -> 176.45.192.7:443.
  c : Accept: 192.168.10.2:43406 -> 176.45.192.7:443.
  c : Accept: 192.168.10.2:43407 -> 176.45.192.7:443.
  c : Accept: 192.168.10.2:43408 -> 176.45.192.7:443.
  c : Accept: 192.168.10.2:43409 -> 176.45.192.7:443.
  c : Accept: 192.168.10.2:43410 -> 176.45.192.7:443.

Thats it, keep this shell open and you can browse etc.. through the SSH tunnel. You can abbreviate the commans somewhat as follows:

sshuttle -vNr @ 0.0.0.0/0 

  alovelace@laptop ~ $ sudo sshuttle -vNr alovelace@gnu.linux.svr 0.0.0.0/0

Copyright © 2024 C²S Consulting