sshuttle

A couple of my friends have been playing about with getting VPNs running. I have tried to do similar in the past but never got it to work very well. However, while skiving at work, I came across sshuttle which is sort of a transparent proxy, ssh tunnel and VPN all rolled into one nice package.

The neat thing about sshuttle is it doesn't require much setup. All it requests of your endpoint is ssh access as a regular user and the ability to run python. Locally you need python and root or sudo privileges as it manipulates your iptables rules to get the job done.

The really neat thing is you can get it to capture your DNS requests so that an eavesdropper can't tell what addresses you are looking up.

sshuttle --dns -r username@sshserver 0/0

is the command to use once you install it. You can add -v flags to make it more verbose but it is already quite verbose as it is.

The one drawback I have found is that it doesn't use my ssh keys very easily. As it runs as root, the root user has no access to my ssh keys and wants the password to login to the remote machine. You can pass it the ssh invocation to use your keyring but if you have that password protected like I have (a good idea), it requests the password for that. Thus, you still have to type in a password no matter what you do.

Its a small drawback, especially seeing as it protects your traffic from eavesdroppers right up to your remote machine. Very handy for hostile (publicly accessible) networks.