PyBlosxom |
/Admin/VPN-options/sshuttle:
sshuttle is a Simple Alternative to VPN
For anyone with (non-root) SSH access to remote servers, sshuttle[1] provides a very simple alternative to the key-juggling headache of configuring VPN. All you need is root locally (as it needs to modify iptables) and python installed on the opposite end. On the Virtual Machine I am using for some Twitter-related software development, I just turned off OpenVPN and replaced it with the following:
sshuttle --dns -vvr userid@server.com 0/0 -x 192.168.8.0/24
and behavior seems to be the same, ie. everything (including DNS) is sent through the SSH tunnel, except traffic going to the local 192.168.8.0/24 subnet. But, it seems there is no automatic restart if the connection is broken, sshuttle just errors out. Enter restartd, with this line in /etc/restartd.conf
shuttleTunnel "sshuttle" "sshuttle --dns -r userid@server.com 0/0 -x 192.168.8.0/24" " "
(Obviously I am using an SSH key here for passwordless server login....)
It is worth reading [1] to understand that this tool is meant to restore packet loss and thus TCP's automatic speed throttling to an SSH tunnel connection, thus improving overall performance.
[1] https://github.com/apenwarr/sshuttle/
posted at: 06:45 | path: /Admin/VPN-options/sshuttle | permanent link to this entry