I found out about sshuttle from a random tweet that happened to catch my eye.
Here’s the skinny (from the readme):
- Your client machine (or router) is Linux, FreeBSD, or MacOS.
- You have access to a remote network via ssh.
- You don’t necessarily have admin access on the remote network.
- The remote network has no VPN, or only stupid/complex VPN protocols (IPsec, PPTP, etc). Or maybe you are the admin and you just got frustrated with the awful state of VPN tools.
- You don’t want to create an ssh port forward for every single host/port on the remote network.
- You hate openssh’s port forwarding because it’s randomly slow and/or stupid.
- You can’t use openssh’s PermitTunnel feature because it’s disabled by default on openssh servers; plus it does TCP-over-TCP, which has terrible performance.
Here’s how I set it up on my Mac
Install homebrew:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
Install sshuttle (as a regular user):
brew install sshuttle
Test the connection to a server you have:
sudo sshuttle -r <user>@host.tld -x host.tld 0/0 -vv
I also made sure that my target server could be connected-to via certificate for my local root user – but you can use a password if you prefer.
Check your IP address:
curl https://ipv4.cf
Once you make sure the connection works, Ctrl-C to end the session.
Then setup an alias in your shell’s .profile (for me, it’s .bash_profile):
alias vpn='sudo sshuttle -r <user>@domain.tld -x domain.tld 0/0'
Other things you can do
According to the full docs, there are a lot more things you can do with sshuttle – including running it on your router, thereby VPN’ing your whole LAN through an endpoint! You can also run it in server mode.
This is a super useful little utility!