sshuttle the swiss army knife for VPNs

I don't know about you, but when I hear the word (s)shuttle I think about a mean of transport doing continual to-and-fro trips. Probably, this is exactly what the guys who invented sshuttle had in mind when they named this amazing project, making a funny mash-up with the acronym SSH.

So, what is sshuttle? Basically, it is a useful piece of software for making a VPN over SSH. Pretty cool, isn't it? As it is described in the sshuttle GitHub repo, it allows users to create a:

transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Really a swiss army knife for everyday networking. Here you can find a brief overview about sshuttle, as well as a list of requirements. Basically, you just need (i) a sudo/root access (ii) a Python interpreter on your client machine. Besides, you need (iii) a Python interpreter also on the server side. An admin access on server machine is not necessary. That's it!

Why might you need it?

It's a simple solution and it is really useful in many situations. For example, if you simply want to encrypt your connection in insecure networks (e.g., public
Wi-Fi). Indeed, sshuttle forwards all your traffic to the remote server, relying on an encrypted channel between your local machine and such a server. Or maybe you might just want to reach your office network. In those cases, like in many others, sshuttle will be your best friend.

Getting sshuttle

You can install sshuttle in different ways.

macOS

$ brew install sshuttle

Debian

$ sudo apt install sshuttle

PyPI - the Python Package Index

$ sudo pip install sshuttle

Even better, you might want to install sshuttle with
pipx.

sshuttle in action

There are different options for harnessing sshuttle and you have to choose according to your personal needs.

Let's explore some typical cases. From now on, I assume the user user does exist on the remote server yourserver.

Forwarding all traffic

$ sshuttle -r user@yourserver 0.0.0.0/0

• With the option -r you specify the remote server
• You can use the shorthand 0/0 instead of 0.0.0.0/0. It tells sshuttle to route everything through the VPN.

Forwarding all traffic + DNS

$ sshuttle --dns -r user@yourserver 0/0

• Use --dns to capture local DNS requests and to forward them to the DNS server of yoursever.

Forwarding all traffic + remote hostnames

$ sshuttle --auto-hosts -r user@yourserver 0/0

• Use --auto-hosts for merging /etc/hosts entries. As long as your VPN is active, you can see new entries in your hosts file. E.g.,:

192.168.122.9 foo      # sshuttle-firewall-12300 AUTOCREATED
192.168.122.10 bar     # sshuttle-firewall-12300 AUTOCREATED

Those entries will be removed when you close the VPN.

Forwarding all traffic with exceptions

$ sshuttle -r user@yourserver 0/0 -x 1.2.3.0/24

• with the option -x you forward all traffic except a specific subnet or IP. You can pass more than one -x subnet option. Eventually, you can also load the exceptions from a file.

There are many more interesting options and cases. Here there is the complete reference of the stable version of sshuttle.

Have a nice VPNing, harnessing this awesome library!

^..^