GhaSShee


SSHuttle


# [sshuttle](http://github.vom/apenwarr/sshuttle)
[sshuttle](https://github.com/apenwarr/sshuttle) is a super-easy-use VPN tool, which only require ssh server.
Written with Python. Installation ~~~ Macos : brew install sshuttle ArchLinux : yaourt -S sshuttle Ubuntu : sudo apt install sshuttle ~~~ Definition ~~~ sshuttle := SOCKS proxy of Dynamic Port forwarding (by SSH) + α α := A client can use proxy without any configuration. ~~~ e.g. ************************************************************************************* * * * firewall * * | sshd:22 * * chinese client <-------> hoge@123.456.789.000 <--------> target google(8.8.8.8) * * | * * * * * ************************************************************************************* It is enough if sshd is running.
Then chinese client just can connect with typing; ~~~ # sshuttle -r hoge@123.456.123.456 0.0.0.0/0 --dns Connected. ~~~ where ~~~ 0.0.0.0/0 : all traffic (will be forwarded to, and routed via the remote SSH host.) --dns : local DNS requests be forward to the remote host as well. ~~~





If you want only to access specific subnets routed over the VPN,
Specify subnets as; ~~~ # sshuttle -r hoge@123.456.123.456 172.194.0.0/16 172.195.0.0/16 ~~~ ********************************************************************************** * * * | * * sshuttle ----------> sshd:22 * * client <-----------> hoge <------------------> target(8.8.8.8 * * | * * * **********************************************************************************





to see your traffic, use `iptables` like this; ~~~ # iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination sshuttle-12300 all -- 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination sshuttle-12300 all -- 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain sshuttle-12300 (2 references) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 8.8.8.8 TTL match TTL != 42 redir ports 12300 RETURN tcp -- 0.0.0.0/0 127.0.0.0/8 ~~~ @port:12300, python(sshuttle) is waiting ~~~ # netstat -lnp|grep 12300 tcp 0 0 127.0.0.1:12300 0.0.0.0:* LISTEN 5059/python ~~~ This means that except TTL=42, all packets goes to `192.168.20.153` through the sshuttle connection.