Things on this page are fragmentary and immature notes/thoughts of the author. Please read with your own judgement!
-
sudopermission is required to run sshuttle. -
It's valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
-
It is common in enterprise environments that a SSH tunnel to a production server needs to go through a bastion server. There is no way to configure this in sshuttle directly, however, this is doable in the configuration file of SSH. For more discussions, please refer to [Question]: SSH proxy and Configure SSH to Use a Proxy Server .
Installation
wajig install iptables
pip3 install sshuttle
Configuration
{
"HopServerA": [
"12.182.293.180/32",
"129.33.78.18/32",
"129.13.280.0/24",
"sftp.somehost.com"
],
"HopServerB": [
"11.38.26.0/24"
]
}
Reverse Traffic Forwarding
[question] "server" on the local system, "client" on the remote system?
sshuttle in Docker
how to let docker container work with sshuttle?
Installing iptables in docker container based on alpinelinux
Error running sshuttle in Docker container
--cap-add=NET_ADMIN --cap-add=NET_RAW
docker run -d \
--hostname jupyterhub-ds \
--log-opt max-size=50m \
--memory=$(($(head -n 1 /proc/meminfo | awk '{print $2}') * 4 / 5))k \
--cpus=$((`nproc` - 1)) \
--cap-add=NET_ADMIN \
--cap-add=NET_RAW \
-p 3000:8000 \
-e DOCKER_USER=`id -un` \
-e DOCKER_USER_ID=`id -u` \
-e DOCKER_PASSWORD=`id -un` \
-e DOCKER_GROUP_ID=`id -g` \
-e DOCKER_ADMIN_USER=`id -un` \
-v `pwd`:/workdir \
-v `dirname $HOME`:/home_host \
dclong/jupyterhub-ds /scripts/sys/init.sh
References
sshuttle: A Poor man’s VPN Over SSH
How to use SSH as a VPN with sshuttle