[Tutorial] Poor-man'VPN via SSH with sshuttle
 

sshutle is a transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin access. Works with Linux and MacOS, now including 10.6.
Pretty neat for the N900 considering how inconvenient it is to change socks or proxy settings.

Project homepage: https://github.com/apenwarr/sshuttle

NEWS: Version 0.50a adds support for DNS proxying (new --dns switch). So now both TCP packets and DNS requests are sent over the tunnel

Requirements:

• Titan's Power kernel as it includes all the required iptable modules. For info I run Titan 2.6.28.10power46.
• Python
• Git - Optional, only required for downloading the project.
• Remote SSH server (no admin rights required)

1. Download sshuttle using git
   Path for git core files is not set correctly. You need to add it to your path. See thread here http://talk.maemo.org/showthread.php...git+index-pack
   
   
   Code:

   ---

   # export PATH=$PATH:/usr/libexec/git-core

   ---

   Then
   
   Code:

   ---

   # cd /home/user
# git clone git://github.com/apenwarr/sshuttle

   ---

   In my intial tutorial I mentioned a patch to firewall.py that was required to make sshuttle run on N900. This is no longer required.
   sshuttle can now auto-detect that the "-m ttl" stuff doesn't work, and try again without it in that case.
   
2. You can now start sshuttle
   First you need to be root.
   
   Code:

   ---

   # root
# ./sshuttle -r user@sshserver 0.0.0.0/0 -vv --dns

   ---

3. Use it
   You can now use all the applications dealing with TCP protocol (web browser, command line...). With the new --dns switch DNS requests are also sent through the SSH tunnel.

There is also a new switch on 0.50a for addressing latency issues.

--no-latency-control: disable the "check_fullness" feature that
prevents a bandwidth-intensive sshuttle channel, like a huge rsync,
from killing the latency of other channels. If your network is very
fast but has high latency, the latency control prevented you from
using all your bandwidth, and sometimes you just don't care about
latency.

TIPS1: RSA keys and alternate ports
For that you either need to use sshagent or a /root/.ssh/config file. Here is how to do it with a SSH config file:

And you could simply use it with:

TIPS2: Python3 enabled SSH servers
Latest version of sshuttle now autodetects installed Python versions and adjust its settings to select the Python interpreter (i.e. ArchLinux).

Re: [Tutorial] Poor-man'VPN via SSH with sshuttle
 

It works great, thanks. I searched the repositories a long time ago and didn't see it... I should have searched here on TMO. :)

Re: [Tutorial] Poor-man'VPN via SSH with sshuttle
 

I works great, I wish I found this thread earlier, I will try to experiment something useful with it (maybe using Qt mobile hotspot + this to bypass mobile operator restrictions ?)

Re: [Tutorial] Poor-man'VPN via SSH with sshuttle
 

Just tested Qt Mobile Hotspot + sshuttle: it doesn't work for now.

Qt Mobile Hotspot messes iptables rules by flushing everything when you start it or stop it (not needed I think)
Entering manually the rules that sshuttle create, let the N900 use the tunnel again but other devices can't access anything.

I don't know anything about iptables for now but I will try to find how we can make this working and eventually make scripts to manage it more easily.

Re: [Tutorial] Poor-man'VPN via SSH with sshuttle
 

I will try something useful with it (maybe using Qt mobile hotspot + this to bypass mobile operator restrictions ?

Re: [Tutorial] Poor-man'VPN via SSH with sshuttle
 

It works great, thanks. I searched the repositories a long time ago and didn't see it.