Notices


Reply
Thread Tools
Posts: 12 | Thanked: 15 times | Joined on Jan 2010
#1
sshutle is a transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin access. Works with Linux and MacOS, now including 10.6.
Pretty neat for the N900 considering how inconvenient it is to change socks or proxy settings.

Project homepage: https://github.com/apenwarr/sshuttle

NEWS: Version 0.50a adds support for DNS proxying (new --dns switch). So now both TCP packets and DNS requests are sent over the tunnel

Requirements:
  • Titan's Power kernel as it includes all the required iptable modules. For info I run Titan 2.6.28.10power46.
  • Python
  • Git - Optional, only required for downloading the project.
  • Remote SSH server (no admin rights required)
  1. Download sshuttle using git
    Path for git core files is not set correctly. You need to add it to your path. See thread here http://talk.maemo.org/showthread.php...git+index-pack

    Code:
    # export PATH=$PATH:/usr/libexec/git-core
    Then
    Code:
    # cd /home/user
    # git clone git://github.com/apenwarr/sshuttle
    In my intial tutorial I mentioned a patch to firewall.py that was required to make sshuttle run on N900. This is no longer required.
    sshuttle can now auto-detect that the "-m ttl" stuff doesn't work, and try again without it in that case.

  2. You can now start sshuttle
    First you need to be root.
    Code:
    # root
    # ./sshuttle -r user@sshserver 0.0.0.0/0 -vv --dns
  3. Use it
    You can now use all the applications dealing with TCP protocol (web browser, command line...). With the new --dns switch DNS requests are also sent through the SSH tunnel.

There is also a new switch on 0.50a for addressing latency issues.

--no-latency-control: disable the "check_fullness" feature that
prevents a bandwidth-intensive sshuttle channel, like a huge rsync,
from killing the latency of other channels. If your network is very
fast but has high latency, the latency control prevented you from
using all your bandwidth, and sometimes you just don't care about
latency.

TIPS1: RSA keys and alternate ports
For that you either need to use sshagent or a /root/.ssh/config file. Here is how to do it with a SSH config file:

Code:
Host myremoteSSH
    User alphazo
    Hostname remotessh.dyndns.org
    Port 443
    IdentityFile ~/.ssh/id_remoteSSH_rsa
And you could simply use it with:

Code:
# ./sshuttle -r myremoteSSH 0.0.0.0/0 -vv
TIPS2: Python3 enabled SSH servers
Latest version of sshuttle now autodetects installed Python versions and adjust its settings to select the Python interpreter (i.e. ArchLinux).

Last edited by alphazo; 2011-02-09 at 09:11.
 

The Following 9 Users Say Thank You to alphazo For This Useful Post:
Posts: 1,141 | Thanked: 781 times | Joined on Dec 2009 @ Magical Unicorn Land
#2
It works great, thanks. I searched the repositories a long time ago and didn't see it... I should have searched here on TMO.
 

The Following User Says Thank You to stlpaul For This Useful Post:
Posts: 346 | Thanked: 271 times | Joined on Jan 2010
#3
I works great, I wish I found this thread earlier, I will try to experiment something useful with it (maybe using Qt mobile hotspot + this to bypass mobile operator restrictions ?)

Last edited by Megaltariak; 2012-04-03 at 23:26.
 
Posts: 346 | Thanked: 271 times | Joined on Jan 2010
#4
Just tested Qt Mobile Hotspot + sshuttle: it doesn't work for now.

Qt Mobile Hotspot messes iptables rules by flushing everything when you start it or stop it (not needed I think)
Entering manually the rules that sshuttle create, let the N900 use the tunnel again but other devices can't access anything.

I don't know anything about iptables for now but I will try to find how we can make this working and eventually make scripts to manage it more easily.
 
Posts: 7 | Thanked: 1 time | Joined on Apr 2017 @ Pune
#5
I will try something useful with it (maybe using Qt mobile hotspot + this to bypass mobile operator restrictions ?
 
Posts: 2 | Thanked: 0 times | Joined on Sep 2017 @ India
#6
It works great, thanks. I searched the repositories a long time ago and didn't see it.
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 10:33.