sshuttle / sshuttle Goto Github PK

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

License: GNU Lesser General Public License v2.1

Python 99.26% Shell 0.14% Nix 0.59%

sshuttle's Introduction

sshuttle: where transparent proxy meets VPN meets ssh

As far as I know, sshuttle is the only program that solves the following common case:

Your client machine (or router) is Linux, FreeBSD, or MacOS.
You have access to a remote network via ssh.
You don't necessarily have admin access on the remote network.
The remote network has no VPN, or only stupid/complex VPN protocols (IPsec, PPTP, etc). Or maybe you are the admin and you just got frustrated with the awful state of VPN tools.
You don't want to create an ssh port forward for every single host/port on the remote network.
You hate openssh's port forwarding because it's randomly slow and/or stupid.
You can't use openssh's PermitTunnel feature because it's disabled by default on openssh servers; plus it does TCP-over-TCP, which has terrible performance.

Obtaining sshuttle

Ubuntu 16.04 or later:
```
apt-get install sshuttle
```
Debian stretch or later:
```
apt-get install sshuttle
```
Arch Linux:
```
pacman -S sshuttle
```
Fedora:
```
dnf install sshuttle
```
openSUSE:
```
zypper in sshuttle
```
Gentoo:
```
emerge -av net-proxy/sshuttle
```
NixOS:
```
nix-env -iA nixos.sshuttle
```
From PyPI:
```
sudo pip install sshuttle
```

Clone:

git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
sudo ./setup.py install

FreeBSD:

# ports
cd /usr/ports/net/py-sshuttle && make install clean
# pkg
pkg install py39-sshuttle

OpenBSD:
```
pkg_add sshuttle
```

macOS, via MacPorts:

sudo port selfupdate
sudo port install sshuttle

It is also possible to install into a virtualenv as a non-root user.

From PyPI:

virtualenv -p python3 /tmp/sshuttle
. /tmp/sshuttle/bin/activate
pip install sshuttle

Clone:

virtualenv -p python3 /tmp/sshuttle
. /tmp/sshuttle/bin/activate
git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
./setup.py install

Homebrew:
```
brew install sshuttle
```
Nix:
```
nix-env -iA nixpkgs.sshuttle
```

Documentation

The documentation for the stable version is available at: https://sshuttle.readthedocs.org/

The documentation for the latest development version is available at: https://sshuttle.readthedocs.org/en/latest/

Running as a service

Sshuttle can also be run as a service and configured using a config management system: https://medium.com/@mike.reider/using-sshuttle-as-a-service-bec2684a65fe

sshuttle's People

Contributors

Stargazers

Watchers

Forkers

hailbopp tdsmith justinleoye adamisrael zenhacklab pthrasher mspe87 seanzxx lkorth alexdemassy xtaran nanoant scommab douglas giosalinas reactormonk prutschman elasticdog dxq-git foxweek dushmis ii0 grimderp vieira felixonmars tberton kriechi naclander shaiay tornjv mrkschan mnakama 64bitchris technopoetic gillham maronemoraes pobizhe tookennysupreme liutzvin alanjds lybwb richih ub3rsick mattjtodd jagg-ix hb9cwp bl4ck0psn1nj4 mmokhi driskell magic282 qitv xyz12810 moscarda mmalchuk ermal technolize daniel-dong sclevine s-trace needsecurity tobey123 davidbuchanan314 datawire brianjmurrell crypt0b0y monsantoco hackaugusto joncastro kietdlam bjosserand yairgo samavasi maximilize bricewge berdario tony-romanovych mattrobenolt poupas kroozo nasageek matheussantana pilinux ragodev rs19hack petrblaho cclauss iramello robertsknutzen bhyvex nagyist maniacs-ops ns408 jeanbaptisteassouad cbrianhill coldstacks minkione wisdark senorsamuel ms-building-blocks romannamor9

sshuttle's Issues

UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 63: ordinal not in range(128)

Hello, sshuttle 0.78.0 doesn't work with one of my Debian server since I have upgraded it. I have been using this setup for many years and it sudently broked.

I'm getting a UnicodeDecodeError similar to the one reported in issue #87 but with a different error message.

On the server side, I have a Debian Wheezy 7.1, openssh-server 6.6p1-4~bpo70+1 and Python 2.7.3-6+deb7u2.
On the client side, I'm running Archlinux with sshuttle 0.78.0, openssh 7.2p2-1, Python 3.5.1-2 (default python) but Python2 2.7.11-3 is also installed.

When launching sshuttle I'm getting:

sshuttle --dns -vvv -r dedibox 0/0
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.1
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: True
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Binding DNS: 12300
DNS listening on ('127.0.0.1', 12300).
DNS listening with <socket.socket fd=8, family=AddressFamily.AF_INET, type=SocketKind.SOCK_DGRAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.5.1
c : connecting to server...
c : executing: ['ssh', 'dedibox', '--', 'exec /bin/sh -c \'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'"\'"\'import sys, os; verbosity=3; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(958), "assembler.py", "exec"))\'"\'"\'\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling u'sshuttle' (7 bytes)
server: assembling u'sshuttle.cmdline_options' (27 bytes)
server: assembling u'sshuttle.helpers' (949 bytes)
server: assembling u'sshuttle.ssnet' (5540 bytes)
server: assembling u'sshuttle.hostwatch' (2361 bytes)
server: assembling u'sshuttle.server' (3091 bytes)
Starting server with Python version 2.7.3
 s: latency control setting = True
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "assembler.py", line 37, in <module>
  File "sshuttle.server", line 236, in main
  File "sshuttle.server", line 87, in list_routes
  File "sshuttle.server", line 69, in _list_routes
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 63: ordinal not in range(128)
c : fatal: server died with error code 1

Please note that when running the shuttle command a couple of times it ends up with a different message:

 sshuttle --dns -vvv -r dedibox 0/0
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.1
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: True
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Binding DNS: 12300
DNS listening on ('127.0.0.1', 12300).
DNS listening with <socket.socket fd=8, family=AddressFamily.AF_INET, type=SocketKind.SOCK_DGRAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.5.1
c : connecting to server...
c : executing: ['ssh', 'dedibox', '--', 'exec /bin/sh -c \'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'"\'"\'import sys, os; verbosity=3; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(958), "assembler.py", "exec"))\'"\'"\'\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling u'sshuttle' (7 bytes)
server: assembling u'sshuttle.cmdline_options' (27 bytes)
server: assembling u'sshuttle.helpers' (949 bytes)
server: assembling u'sshuttle.ssnet' (5540 bytes)
server: assembling u'sshuttle.hostwatch' (2361 bytes)
server: assembling u'sshuttle.server' (3091 bytes)
Starting server with Python version 2.7.3
 s: latency control setting = True
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "assembler.py", line 37, in <module>
  File "sshuttle.server", line 236, in main
  File "sshuttle.server", line 87, in list_routes
  File "sshuttle.server", line 69, in _list_routes
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 63: ordinal not in range(128)
c : fatal: expected server init string b'SSHUTTLE0001'; got b''

Sshuttle not working over OpenVPN Tunnel

My scenario: I'm running OSX El Capitan, and sometimes work remotely and need to connect to my company's OpenVPN server in order to hook into ACLs and firewalls set up by our customers - this connection is set up to route all traffic over the VPN. I also need to use sshuttle to connect to remote networks behind bastion hosts in our customers' infrastructure.

When using sshuttle and OpenVPN individually, everything works as intended, however when using sshuttle after connecting to an OpenVPN tunnel, the firewall proxy rules don't take effect.

I'm aware that this could be due to OpenVPN or sshuttle, however colleagues running Linux can connect with no problem, so I suspect this is due to sshuttle using pf rather than iptables on Mac.

Can anyone help resolve this? Happy to provide more detail if necessary.

Exclusion flags not working

I'm trying to exclude private IPs from being forwarded over sshuttle but I can't seem to get it right. Running sshuttle with sshuttle -r server -x 10.0.0.0/8 -x 172.16.0.0/12 -x 192.168.0.0/16 0/0 however if I turn debug logging on then Connecting to 10.144.180.135:443 shows up.

This is on OS X 10.11 which obviously uses PF. I don't know PF so I'm not sure what commands to run to check that it's been setup with the correct exclusions. Let me know if there's any other information needed.

using --no-latency-control throws AssertionError

When I run sudo ./sshuttle --dns --no-latency-control -vvr user@server 0/0 I see the following error:

Starting sshuttle proxy.
UDP support requires tproxy; disabling UDP.
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
Binding DNS: 12300
DNS listening on ('127.0.0.1', 12300).
firewall manager ready method nat.
c : connecting to server...
c : executing: ['ssh', 'user@server', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; skip_imports=1; verbosity=2; exec compile(sys.stdin.read(770), "assembler.py", "exec")\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
user@server's password: 
server: assembling 'cmdline_options.py' (39 bytes)
server: assembling 'helpers.py' (786 bytes)
server: assembling 'ssubprocess.py' (13698 bytes)
server: assembling 'ssnet.py' (5466 bytes)
server: assembling 'hostwatch.py' (2241 bytes)
server: assembling 'server.py' (3029 bytes)
Traceback (most recent call last):
  File "", line 1, in 
  File "assembler.py", line 27, in 
  File "server.py", line 218, in main
AssertionError
c : fatal: server died with error code 1

When searching for this error I found a related bug report here

I can confirm that running sudo ./sshuttle --dns -vvr user@server 0/0 works fine for me.

[OSX] Firewall not being properly cleaned up on exit

It seems that on OSX 10.11.2 the rules are not being properly cleaned up when sshuttle exits. pfctl -sr still shows the sshuttle anchor. One way to reproduce this is to start sshuttle with some public ip. After sshuttle is terminated you no longer have access to that address as the firewall is still forwarding but sshuttle is no longer there.

can't use --seed-hosts without --auto-hosts

I'd like to be able to access a few specific whitelisted hosts from inside the VPN by name, but not to automatically add any other hostnames inside the VPN, since they may conflict with other hostnames in my local search domain.

I was hoping that I could use --seed-hosts without --auto-hosts/-H to accomplish this:

$ sshuttle --seed-hosts host1,host2,host3 -r user@gateway 10.0.0.0/24
error: --seed-hosts only works if you also use -H

Is there a technical reason why I can't use --seed-hosts without also using --auto-hosts?

Basically, I'd like to be able to turn off the --auto-hosts behavior after scanning for the initial list.

server not running on Python 3.5

Basically we get this error from the code in ssuttle/ssh.py:

Python 3.5.0 (default, Nov 16 2015, 18:39:12) 
[GCC 4.9.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> exec compile(sys.stdin.read(%d), "assembler.py", "exec")
  File "<stdin>", line 1
    exec compile(sys.stdin.read(%d), "assembler.py", "exec")
               ^
SyntaxError: invalid syntax

FSF address incorrect in the LICENSE file

While building packages for Fedora I noticed that the LICENSE file is outdated and so has the wrong FSF address in it.

Failed to launch without '-v'

Looks like helpers.verbose was initialized to None instead of 0 somewhere, but I failed to find it out.

$ sshuttle -r myhost 0/0
Traceback (most recent call last):
  File "/usr/bin/sshuttle", line 9, in <module>
    load_entry_point('sshuttle==0.73', 'console_scripts', 'sshuttle')()
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 565, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2704, in load_entry_point
    return ep.load()
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2377, in load
    return self.resolve()
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2383, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python3.5/site-packages/sshuttle/__main__.py", line 212, in <module>
    opt.syslog, opt.daemon, opt.pidfile)
  File "/usr/lib/python3.5/site-packages/sshuttle/client.py", line 502, in main
    debug1('Starting sshuttle proxy.\n')
  File "/usr/lib/python3.5/site-packages/sshuttle/helpers.py", line 21, in debug1
    if verbose >= 1:
TypeError: unorderable types: NoneType() >= int()

0.73 crashing most of the time

I thought I was only impacted by bug #31 but I'm now seeing a constant crash when using 0.73.20151209-1 (ArchLinux) while 0.72 works flawlessly.

Here is the log for 0.72. The tunnel opens but when I go somewhere, like ipleak.net it instantly crashes:

# sshuttle --dns -v -r mybox 0/0
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.0
firewall manager: ready method name nat.
UDP enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
DNS listening on ('127.0.0.1', 12300).
Starting client with Python version 3.5.0
c : connecting to server...
Starting server with Python version 2.7.3
 s: latency control setting = True
 s: available routes:
 s:   2/192.168.1.100/32
 s:   2/10.8.0.2/32
 s:   2/192.168.1.104/32
 s:   2/62.210.75.0/24
 s:   2/10.8.0.0/24
c : Connected.
firewall manager: setting up.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 192.168.0.254/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : DNS request from ('192.168.0.204', 53455) to None: 33 bytes
c : DNS request from ('192.168.0.204', 6296) to None: 43 bytes
c : DNS request from ('192.168.0.204', 65112) to None: 32 bytes
c : DNS request from ('192.168.0.204', 27410) to None: 69 bytes
c : DNS request from ('192.168.0.204', 37825) to None: 69 bytes
c : DNS request from ('192.168.0.204', 55368) to None: 69 bytes
c : DNS request from ('192.168.0.204', 6388) to None: 69 bytes
c : DNS request from ('192.168.0.204', 9549) to None: 69 bytes
c : DNS request from ('192.168.0.204', 26288) to None: 69 bytes
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "assembler.py", line 34, in <module>
  File "sshuttle.server", line 338, in main
KeyError: 6
c : DNS request from ('192.168.0.204', 50164) to None: 69 bytes
c : DNS request from ('192.168.0.204', 2029) to None: 69 bytes
c : DNS request from ('192.168.0.204', 50038) to None: 69 bytes
c : DNS request from ('192.168.0.204', 27739) to None: 69 bytes
c : DNS request from ('192.168.0.204', 56420) to None: 69 bytes
c : DNS request from ('192.168.0.204', 49509) to None: 69 bytes
firewall manager: undoing changes.
>> iptables -t nat -D OUTPUT -j sshuttle-12300
>> iptables -t nat -D PREROUTING -j sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -X sshuttle-12300
c : fatal: other end: ConnectionResetError(104, 'Connection reset by peer')

Now if install 0.72 and go over the exact same steps it simply works:

# sshuttle --dns -v -r mybox 0/0
Starting sshuttle proxy.
UDP support requires tproxy; disabling UDP.
TCP redirector listening on ('127.0.0.1', 12300).
DNS listening on ('127.0.0.1', 12300).
firewall manager ready method nat.
c : connecting to server...
 s: latency control setting = True
 s: available routes:
 s:   2/192.168.1.100/32
 s:   2/10.8.0.2/32
 s:   2/192.168.1.104/32
 s:   2/62.210.75.0/24
 s:   2/10.8.0.0/24
c : connected.
Connected.
firewall manager: starting transproxy.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 192.168.0.254/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : DNS request from ('192.168.0.204', 2671) to None: 33 bytes
c : DNS request from ('192.168.0.204', 17970) to None: 43 bytes
c : DNS request from ('192.168.0.204', 53672) to None: 32 bytes
c : DNS request from ('192.168.0.204', 24721) to None: 69 bytes
c : DNS request from ('192.168.0.204', 48649) to None: 69 bytes
c : DNS request from ('192.168.0.204', 29105) to None: 69 bytes
c : DNS request from ('192.168.0.204', 55131) to None: 69 bytes
c : DNS request from ('192.168.0.204', 19418) to None: 69 bytes
c : DNS request from ('192.168.0.204', 32944) to None: 69 bytes
c : DNS request from ('192.168.0.204', 46585) to None: 69 bytes
c : DNS request from ('192.168.0.204', 64757) to None: 69 bytes
c : DNS request from ('192.168.0.204', 29299) to None: 69 bytes
c : DNS request from ('192.168.0.204', 36575) to None: 69 bytes
c : DNS request from ('192.168.0.204', 54017) to None: 69 bytes
c : DNS request from ('192.168.0.204', 18932) to None: 69 bytes
c : DNS request from ('192.168.0.204', 22942) to None: 69 bytes
c : DNS request from ('192.168.0.204', 57166) to None: 69 bytes
c : DNS request from ('192.168.0.204', 4303) to None: 69 bytes
c : DNS request from ('192.168.0.204', 40961) to None: 69 bytes
c : DNS request from ('192.168.0.204', 31485) to None: 69 bytes
c : DNS request from ('192.168.0.204', 33141) to None: 69 bytes
c : DNS request from ('192.168.0.204', 8547) to None: 69 bytes
c : DNS request from ('192.168.0.204', 56833) to None: 69 bytes
c : DNS request from ('192.168.0.204', 65380) to None: 69 bytes
c : DNS request from ('192.168.0.204', 34231) to None: 69 bytes
c : DNS request from ('192.168.0.204', 54681) to None: 69 bytes
c : DNS request from ('192.168.0.204', 41931) to None: 69 bytes
c : DNS request from ('192.168.0.204', 52028) to None: 69 bytes
c : DNS request from ('192.168.0.204', 24173) to None: 69 bytes
c : DNS request from ('192.168.0.204', 60337) to None: 69 bytes
c : DNS request from ('192.168.0.204', 15730) to None: 69 bytes
c : DNS request from ('192.168.0.204', 45951) to None: 69 bytes
c : DNS request from ('192.168.0.204', 39589) to None: 69 bytes
c : DNS request from ('192.168.0.204', 64496) to None: 37 bytes
c : DNS request from ('192.168.0.204', 56684) to None: 39 bytes
c : Accept TCP: 192.168.0.204:41826 -> 192.168.0.254:53.

Clarify canonical sshuttle fork to improve search results

I was delighted to find this active repo continuing sshuttle development. Unfortunately, it took a long time before I discovered it. Search engine results mostly point to the original apenwarr/sshuttle repo.

If the other forks (original apenwarr/sshuttle, brianmay/sshuttle, et al) are amenable, it might be useful to commit an update to all repo's READMEs pointing to sshuttle/sshuttle as the canonical repo.

Accessing facebook.com in browser gets `This webpage is not available`

When I visit www.facebook.com in my Chrome with sshuttle is on, the browser respond me that This webpage is not available.

However, the www.twitter.com is opened correctly. I don't know why.

By the way, when I execute curl www.facebook.com or curl www.google.com in my terminal, curl: (56) Recv failure: Connection reset by peer is dumped.

The way that I run sshuttle is sshuttle --dns -vvr [email protected] 0/0.

I think it is still due to the IPV6 address of my remote sever...

if I access ipv4.google.com, everything is fine.

Incompatibility with fish shell.

When using the fish shell on the remote host, sshuttle doesn't work without adding '--python python' to the commandline. This is due to the '||' in pycmd in ssh.py.
The error is:

Unsupported use of '||'. In fish, please use 'COMMAND; or COMMAND'.
fish: P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c 'import sys; verbosity=0; stdin=getattr(sys.stdin,"buffer",sys.stdin); exec(compile(stdin.read(915), "assembler.py", "exec"))'
                                      ^
client: fatal: expected server init string 'SSHUTTLE0001'; got ''

This is because fish is not fully POSIX compliant and ssh.py makes assumptions about the shell rather than explicitly calling /bin/sh to ensure compatibility.
Here is a patch that works for me:

--- ssh.py.orig 2015-12-14 17:36:49.000000000 -0800
+++ ssh.py  2016-03-08 15:08:16.000000000 -0800
@@ -108,8 +108,8 @@
         if python:
             pycmd = "'%s' -c '%s'" % (python, pyscript)
         else:
-            pycmd = ("P=python3.5; $P -V 2>/dev/null || P=python; "
-                     "exec \"$P\" -c '%s'") % pyscript
+            pycmd = ("/bin/sh -c \'P=python3.5; $P -V 2>/dev/null || P=python; "
+                     "exec \"$P\" -c \\'%s\\'\'") % pyscript
         argv = (sshl +
                 portl +
                 [rhost, '--', pycmd])

Windows support?

Hi!

What are the chances to run this from Windows? Can we encapsulate it inside Putty-or-the-like?
We have a few users that depend on VNC because they can't decently open a graphical session through an SSH tunnel (because of the TCP over TCP issue) and it would be REALLY great to make them use this instead.

Thanks!

AttributeError: 'unicode' object has no attribute 'rpartition'

If the remote end doesn't have python 2.7, sshuttle will bail with:

Traceback (most recent call last):
File "", line 1, in ?
File "assembler.py", line 18, in ?
AttributeError: 'unicode' object has no attribute 'rpartition'
client: fatal: server died with error code 1

Ideally, sshuttle would support python >=2.4 on the remote end in order to support RHEL5 and RHEL6 remotely. Failing that, a more user friendly error message informing the user that the remote end python is too out of date would be nice.

A downstream bug report is here

make_deb package name should include latest release version and git rev

I was very glad to see this repo of active work on sshuttle, thank you. Additionally the packaging scripts are convenient and greatly appreciated.

Please consider having make_deb include the most recent revision (on the branch), plus the current git rev, e.g.

sshuttle/packaging$ ./make_deb 
dpkg-deb: building package `sshuttle' in `./sshuttle-0+git.deb'.

Should read something like sshuttle-0.72+git-41b8ad4.deb, with deference to any conventions debian might have for the git revision item.

I see the debian control file which would allow local changes to accomplish this, but it would be nice if the make_deb script could introspect the repo state to do it reliably and automatically.

Thanks again for the continued development of sshuttle.

fatal: ['pfctl', '-X', ''] returned 1

I run sshuttle, but got the error below:

Starting sshuttle proxy.
[local sudo] Password:
Starting firewall with Python version 3.5.0
firewall manager ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=8, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.5.0
c : connecting to server...
c : executing: ['ssh', '[email protected]', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (8 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (765 bytes)
server: assembling 'sshuttle.ssnet' (5506 bytes)
server: assembling 'sshuttle.hostwatch' (2307 bytes)
server: assembling 'sshuttle.server' (3016 bytes)
Starting server with Python version 2.7.6
 s: latency control setting = True
 s: available routes:
 s:   2/10.12.0.0/16
 s:   2/10.134.0.0/16
 s:   2/159.203.240.0/20
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=50 (fullness=7)
c : connected.
Connected.
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=7/0)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 58/58
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=57/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=50
Got subnets: [(2, 0, False, '0.0.0.0'), (2, 8, True, '127.0.0.0')]
Got nslist: []
Got ports: 0,12300,0,0
Got udp: False
firewall manager: starting transproxy.
>> pfctl -s all
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=57)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=64/0)
firewall manager: undoing changes.
>> pfctl -a sshuttle -F all
>> pfctl -X
fatal: ['pfctl', '-X', ''] returned 1
c : fatal: cleanup: ['sudo', '-p', '[local sudo] Password: ', 'PYTHONPATH=/usr/local/lib/python3.5/site-packages/sshuttle-0.73-py3.5.egg', '--', '/usr/local/opt/python3/bin/python3.5', '/usr/local/bin/sshuttle', '-v', '-v', '--method', 'auto', '--firewall'] returned 99

I run sshuttle with python 3.5.

Can't load web pages or ping sites when using sshuttle?

Hello!

I'm having an issue using Mac OS X 10.11 and sshuttle 0.73. When I start it, it says "Connected" but I can't access the Web, as far as I can tell. What should I do about this? Thanks!

Here is my terminal output:

$ sshuttle --dns -vvr [email protected]:55240 0/0
Starting sshuttle proxy.
firewall manager ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x108f1ee50>.
Binding DNS: 12300
DNS listening on ('127.0.0.1', 12300).
DNS listening with <socket._socketobject object at 0x108f740c0>.
c : connecting to server...
c : executing: ['ssh', '-p', '55240', '[email protected]', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; exec compile(sys.stdin.read(890), "assembler.py", "exec")\'']
[email protected]'s password: 
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (7 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (764 bytes)
server: assembling 'sshuttle.ssnet' (5508 bytes)
server: assembling 'sshuttle.hostwatch' (2245 bytes)
server: assembling 'sshuttle.server' (3007 bytes)
 s: latency control setting = True
 s: available routes:
 s:   2/10.4.0.0/16
 s:   2/62.210.18.5/32
 s:   2/128.0.0.0/1
 s:   2/163.172.11.0/24
 s:   2/169.254.0.0/16
 s:   2/213.152.162.73/32
c : connected.
Connected.
c : Waiting: 3 r=[8, 9, 10] w=[10] x=[] (fullness=7/0)
c :   Ready: 3 r=[] w=[10] x=[]
c : mux wrote: 15/15
c : Waiting: 3 r=[8, 9, 10] w=[] x=[] (fullness=7/0)
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=100 (fullness=7)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=107/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=107/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 108/108
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=107/0)
c :   Ready: 3 r=[10] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=100
Got subnets: [(2, 0, False, '0.0.0.0'), (2, 8, True, '127.0.0.0')]
Got partial nslist: [(2, '10.0.0.1')]
Got nslist: [(2, '10.0.0.1')]
Got ports: 0,12300,0,12300
Got udp: False
firewall manager: starting transproxy.
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
>> pfctl -E
c : mux wrote: 15/15
c : Waiting: 3 r=[8, 9, 10] w=[] x=[] (fullness=14/0)
^Cfirewall manager: undoing changes.
>> pfctl -a sshuttle -F all
Killed by signal 2.
>> pfctl -X 14955565523046468463
c : 
c : Keyboard interrupt: exiting.

socket.gaierror: [Errno -9] Address family for hostname not supported reports when I open facebook with dns forward on.

I started sshuttl with sshuttle --dns -vvr username@server 0/0. then when I access www.facebook.com in Chrome, sshuttle crashed, and socket.gaierror: [Errno -9] Address family for hostname not supported is dumped.

below is the full traceback dumped by sshuttle:

 s:   Ready: 3 r=[4] w=[] x=[]
 s: <  channel=4 cmd=DNS_REQ len=34
 s: Incoming DNS request channel=4.
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "assembler.py", line 27, in <module>
  File "server.py", line 318, in main
  File "ssnet.py", line 573, in runonce
  File "ssnet.py", line 474, in callback
  File "ssnet.py", line 462, in handle
  File "ssnet.py", line 397, in got_packet
  File "server.py", line 277, in dns_req
  File "server.py", line 139, in __init__
  File "server.py", line 147, in try_send
  File "/usr/lib/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
socket.gaierror: [Errno -9] Address family for hostname not supported
 s: SW'unknown':Mux#3: deleting (5 remain)
 s: SW#8:159.106.121.75:443: deleting (4 remain)
c :   Ready: 5 r=[9] w=[] x=[]
c : SW#11:10.210.97.16:61804: deleting (5 remain)
c : SW'unknown':Mux#3: deleting (4 remain)
firewall manager: undoing changes.
>> pfctl -a sshuttle -F all
>> pfctl -X 3691003263071173557
c : fatal: server died with error code 1
c : SW#10:10.210.97.16:61803: deleting (3 remain)
c : SW#8:10.210.97.16:61807: deleting (2 remain)

I tried on Ubuntu and OSX 10.11 El captain and encountered same problem.

[FreeBSD] Client fails when setting up pf firewall

Since aaa6062 FreeBSD (10.2-RELEASE-p7) can no longer be used as a client because the pf setup_firewall fails with OSError: [Errno 19] Operation not supported by device while adding an anchor rule (methods/pf.py:222). pf on FreeBSD is always behind the OpenBSD version. I am not sure if it's easier to fix this or revert to using ipfw on FreeBSD.

Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.0
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=7, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.5.0
c : connecting to server...
c : executing: ['ssh', '[email protected]', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys, os; verbosity=4; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(937), "assembler.py", "exec"))\' 2>~/sshuttle.log']
c :  > channel=0 cmd=PING len=7 (fullness=0)
c : connected.
Connected.
c : Waiting: 2 r=[7, 8] w=[8] x=[] (fullness=7/0)
c :   Ready: 2 r=[8] w=[8] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=34
firewall manager: Got subnets: [(2, 8, False, '216.0.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
>> pfctl -s all

methods/pf.py@222: Before RDR anchor rule
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
>> pfctl -a sshuttle -F all
firewall manager: undoing /etc/hosts changes.
Traceback (most recent call last):
  File "/usr/home/vieira/sshuttle/sshuttle/__main__.py", line 154, in <module>
    result = firewall.main(opt.method, opt.syslog)
  File "/usr/home/vieira/sshuttle/sshuttle/firewall.py", line 196, in main
    socket.AF_INET, subnets_v4, udp)
  File "/usr/home/vieira/sshuttle/sshuttle/methods/pf.py", line 223, in setup_firewall
    pf_add_anchor_rule(PF_RDR, "sshuttle")
  File "/usr/home/vieira/sshuttle/sshuttle/methods/pf.py", line 143, in pf_add_anchor_rule
    ioctl(pf_get_dev(), DIOCCHANGERULE, pr)
OSError: [Errno 19] Operation not supported by device
c : fatal: cleanup: ['/usr/local/bin/python3.5', '/usr/home/vieira/sshuttle/sshuttle/__main__.py', '-v', '-v', '-v', '-v', '--method', 'auto', '--firewall'] returned 1

sshuttle in a virtualbox debian:jessie

I want to use sshuttle in a virtual machine box as described here: https://coderwall.com/p/adfxgw/sshuttle-on-windows

Can somebody spot what I'm doing wrong?

$ git clone https://github.com/sshuttle/sshuttle.git
$ cd sshuttle/
$ apt-get install python-setuptools
$ ./setup.py install
$ sshuttle -V
0.78.0

$ sshuttle -l 0.0.0.0 -x 10.0.0.0/8 -x 192.168.0.0/16 0/0
Traceback (most recent call last):
  File "/usr/local/bin/sshuttle", line 9, in <module>
    load_entry_point('sshuttle==0.78.0', 'console_scripts', 'sshuttle')()
  File "/usr/local/lib/python2.7/dist-packages/sshuttle-0.78.0-py2.7.egg/sshuttle/cmdline.py", line 74, in main
    opt.daemon, opt.pidfile)
  File "/usr/local/lib/python2.7/dist-packages/sshuttle-0.78.0-py2.7.egg/sshuttle/client.py", line 716, in main
    seed_hosts, auto_nets, daemon)
  File "/usr/local/lib/python2.7/dist-packages/sshuttle-0.78.0-py2.7.egg/sshuttle/client.py", line 421, in _main
    options=dict(latency_control=latency_control))
  File "/usr/local/lib/python2.7/dist-packages/sshuttle-0.78.0-py2.7.egg/sshuttle/ssh.py", line 132, in connect
    close_fds=True, stderr=stderr)
  File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1335, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

method tproxy requires IPv6

Hi,

I tried to use sshuttle with the tproxy method:
sshuttle --method=tproxy --dns --daemon --pidfile=/run/sshuttle.pid [email protected] xxx.xxx.xxx.xxx/xx
I got errors, that the ip6tables mangle module could not be loaded and therefore sshuttle did not work. Using the default method, sshuttle worked. I do not need IPv6, since the networks I am using are IPv4 only. Why does sshuttle with the tproxy method try to set up (and seems to require) IPv6 when it does not do this with the default NAT method?

Cheers.

NameError: global name 'resolvconf_nameservers' is not defined

[user@box sshuttle] $ src/sshuttle --dns -r [email protected]:2201 0/0
Traceback (most recent call last):
  File "src/main.py", line 224, in <module>
    opt.syslog, opt.daemon, opt.pidfile)
  File "/home/user/sshuttle/src/client.py", line 703, in main
    ns_hosts += resolvconf_nameservers()
NameError: global name 'resolvconf_nameservers' is not defined

The commit is 0fb7148. Fedora 22.

It seems that the commit d2ee34d introduced this issue. If I do git checkout 3cf5002b62650c26a50e18af8d8c5c91d754bab9 -- , I can use sshuttle with no problem.

Sshuttle Documentation

Looking at the original repository for sshuttle I see there is a documentation folder with the man page. I could not find the commit that originally removed this folder.

The current man page on my system for sshuttle is very out of date (version 0.46), and I wanted to see if there was interest in adding a man page back to sshuttle to help package maintainers.

Unknown problem on Linux

So I got another problem, just now on Linux (Fedora 23) box.

$ pip install --user git+git://github.com/sshuttle/sshuttle.git
You are using pip version 7.1.0, however version 8.1.0 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting git+git://github.com/sshuttle/sshuttle.git
  Cloning git://github.com/sshuttle/sshuttle.git to /tmp/pip-ak2T1q-build
Installing collected packages: sshuttle
  Running setup.py install for sshuttle
Successfully installed sshuttle-0.77.3.dev2+ng7875d1b

$ sshuttle -V
0.77.3.dev2+ng7875d1b
$ python --version
Python 2.7.10

$ sshuttle -r [email protected] 0/0
[local sudo] Password: 
bash: -c: line 0: syntax error near unexpected token `('
bash: -c: line 0: `exec /bin/sh -c 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=0; stdin=getattr(sys.stdin,"buffer",sys.stdin); exec(compile(stdin.read(915), "assembler.py", "exec"))\'''
client: fatal: server died with error code 1

Wondering if this depends on Python 3.x

TypeError: unsupported operand type(s) for %: 'bytes' and 'tuple'

sshuttle constantly crashes with

Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.4.1
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
Starting client with Python version 3.4.1
c : connecting to server...
Traceback (most recent call last):
  File "/usr/bin/sshuttle", line 9, in <module>
    load_entry_point('sshuttle==0.77.2', 'console_scripts', 'sshuttle')()
  File "/usr/lib/python3.4/site-packages/sshuttle/cmdline.py", line 226, in main
    opt.daemon, opt.pidfile)
  File "/usr/lib/python3.4/site-packages/sshuttle/client.py", line 712, in main
    seed_hosts, auto_nets, daemon)
  File "/usr/lib/python3.4/site-packages/sshuttle/client.py", line 421, in _main
    options=dict(latency_control=latency_control))
  File "/usr/lib/python3.4/site-packages/sshuttle/ssh.py", line 88, in connect
    empackage(z, 'sshuttle.server') +
  File "/usr/lib/python3.4/site-packages/sshuttle/ssh.py", line 52, in empackage
    return b'%s\n%d\n%s' % (name.encode("ASCII"), len(content), content)
TypeError: unsupported operand type(s) for %: 'bytes' and 'tuple'
cgmachine:/home/cy6ergn0m #

Connection refused on El Capitan 10.11

Seems to start up fine, but no connectivity.

$ sshuttle -vvvr [email protected] 0/0
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x108883750>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', '[email protected]', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=3; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (8 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (864 bytes)
server: assembling 'sshuttle.ssnet' (5500 bytes)
server: assembling 'sshuttle.hostwatch' (2308 bytes)
server: assembling 'sshuttle.server' (3050 bytes)
Starting server with Python version 2.7.6
 s: latency control setting = True
 s: available routes:
 s:   2/10.8.0.0/24
 s:   2/10.8.0.2/32
 s:   2/69.164.220.0/24
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=46 (fullness=7)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=53/0)
c : Connected.
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=53/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 54/54
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=53/0)
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[9] w=[9] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=46
firewall manager: Got subnets: [(2, 0, False, '0.0.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
rules:
---> table <forward_subnets> {!127.0.0.0/8,0.0.0.0/0}
---> rdr pass on lo0 proto tcp to <forward_subnets> -> 127.0.0.1 port 12300
---> pass out route-to lo0 inet proto tcp to <forward_subnets> keep state
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
>> pfctl -E
c : mux wrote: 15/15
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=14/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=53)
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)

---meanwhile---
$ curl -vvv jsonip.com
* Rebuilt URL to: jsonip.com/
*   Trying 96.126.98.124...
* connect to 96.126.98.124 port 80 failed: Connection refused
*   Trying 2600:3c01::f03c:91ff:fe70:36e5...
* Immediate connect fail for 2600:3c01::f03c:91ff:fe70:36e5: No route to host
*   Trying 2600:3c01::f03c:91ff:fe70:36e5...
* Immediate connect fail for 2600:3c01::f03c:91ff:fe70:36e5: No route to host
* Failed to connect to jsonip.com port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to jsonip.com port 80: Connection refused

$ curl -vvv google.com
* Rebuilt URL to: google.com/
*   Trying 184.150.182.123...
* connect to 184.150.182.123 port 80 failed: Connection refused
*   Trying 184.150.182.88...
* connect to 184.150.182.88 port 80 failed: Connection refused
*   Trying 184.150.182.118...
* connect to 184.150.182.118 port 80 failed: Connection refused
*   Trying 184.150.182.119...
* connect to 184.150.182.119 port 80 failed: Connection refused
*   Trying 184.150.182.114...
* connect to 184.150.182.114 port 80 failed: Connection refused
*   Trying 184.150.182.93...
* connect to 184.150.182.93 port 80 failed: Connection refused
*   Trying 184.150.182.108...
* connect to 184.150.182.108 port 80 failed: Connection refused
*   Trying 184.150.182.84...
* connect to 184.150.182.84 port 80 failed: Connection refused
*   Trying 184.150.182.89...
* connect to 184.150.182.89 port 80 failed: Connection refused
*   Trying 184.150.182.98...
* connect to 184.150.182.98 port 80 failed: Connection refused
*   Trying 184.150.182.109...
* connect to 184.150.182.109 port 80 failed: Connection refused
*   Trying 184.150.182.94...
* connect to 184.150.182.94 port 80 failed: Connection refused
*   Trying 184.150.182.103...
* connect to 184.150.182.103 port 80 failed: Connection refused
*   Trying 184.150.182.104...
* connect to 184.150.182.104 port 80 failed: Connection refused
*   Trying 184.150.182.99...
* connect to 184.150.182.99 port 80 failed: Connection refused
*   Trying 184.150.182.113...
* connect to 184.150.182.113 port 80 failed: Connection refused
*   Trying 2607:f8b0:4006:80a::1004...
* Immediate connect fail for 2607:f8b0:4006:80a::1004: No route to host
*   Trying 2607:f8b0:4006:80a::1004...
* Immediate connect fail for 2607:f8b0:4006:80a::1004: No route to host
* Failed to connect to google.com port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to google.com port 80: Connection refused

---


^CKilled by signal 2.
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
>> pfctl -a sshuttle -F all
>> pfctl -X 7308245303723806807
firewall manager: undoing /etc/hosts changes.
c :
c : Keyboard interrupt: exiting.

socket.error: [Errno 101] Network is unreachable when --dns option is on.

if enable --dns option, error socket.error: [Errno 101] Network is unreachable is reported. However, if I disable --dns, it seems work properly.

0.77 docs build broken: setuptools-scm was unable to detect version

The 0.77 also has problems with the docs building:

+ pushd docs
+ make man
~/build/BUILD/sshuttle-0.77/docs ~/build/BUILD/sshuttle-0.77
sphinx-build -b man -d _build/doctrees   . _build/man
Running Sphinx v1.3.1
making output directory...

Exception occurred:
  File "/usr/lib/python2.7/site-packages/setuptools_scm/__init__.py", line 80, in _do_parse
    "use git+https://github.com/user/proj.git#egg=proj" % root)
LookupError: setuptools-scm was unable to detect version for '/builddir/build/BUILD/sshuttle-0.77'.

Make sure you're not using GitHub's tarballs (or similar ones), as those don't contain the necessary metadata. Use PyPI's tarballs instead.

For example, if you're using pip, instead of https://github.com/user/proj/archive/master.zip use git+https://github.com/user/proj.git#egg=proj
The full traceback has been saved in /tmp/sphinx-err-p6hl0b.log, if you want to report the issue to the developers.
Please also report this if it was a user error, so that a better error message can be provided next time.
A bug report can be filed in the tracker at <https://github.com/sphinx-doc/sphinx/issues>. Thanks!
Makefile:131: recipe for target 'man' failed
make: *** [man] Error 1

Mac OS X El Capitan (10.11.1): requests are not forwarded through a proxy

Hello,

A tunnel via ssh -NC XXXX@XXXX -L 9999:10.150.135.166:1526 works just fine.

When I run sshuttle my requests to 10.150.135.166 are not forwarded.
This is how I run it:

toyota$ sshuttle -r XXXX@XXXXX XX.XXXX.135.166 -N  -vv
Starting sshuttle proxy.
[local sudo] Password: 
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x10c2d7980>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', 'XXXX@XXXXXX', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']
[email protected]'s password: 
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (8 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (765 bytes)
server: assembling 'sshuttle.ssnet' (5506 bytes)
server: assembling 'sshuttle.hostwatch' (2307 bytes)
server: assembling 'sshuttle.server' (3047 bytes)
Starting server with Python version 2.6.6
 s: latency control setting = True
 s: available routes:
 s:   2/146.213.0.128/27
 s:   2/169.254.0.0/16
 s:  > channel=0 cmd=PING len=7 (fullness=0)
c : Connected.
 s:  > channel=0 cmd=ROUTES len=36 (fullness=7)
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=7/0)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=43/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=43/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 44/44
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=43/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=36
firewall manager: Got subnets: [(2, 32, False, '10.150.135.166'), (2, 27, False, '146.213.0.128'), (2, 16, False, '169.254.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
>> pfctl -E
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=43)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=50/0)
c : mux wrote: 15/15
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)

What can be an issue? NO errors reported.

0.77 release tarball broken: setuptools-scm was unable to detect version

Building 0.77 on Fedora rawhide bails at:

+ CFLAGS='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
+ /usr/bin/python3 setup.py build '--executable=/usr/bin/python3 -s'

Installed /builddir/build/BUILD/sshuttle-0.77/.eggs/setuptools_scm-1.10.1-py3.5.egg
Traceback (most recent call last):
  File "setup.py", line 60, in <module>
    keywords="ssh vpn",
  File "/usr/lib64/python3.5/distutils/core.py", line 108, in setup
    _setup_distribution = dist = klass(attrs)
  File "/usr/lib/python3.5/site-packages/setuptools/dist.py", line 272, in __init__
    _Distribution.__init__(self,attrs)
  File "/usr/lib64/python3.5/distutils/dist.py", line 281, in __init__
    self.finalize_options()
  File "/usr/lib/python3.5/site-packages/setuptools/dist.py", line 327, in finalize_options
    ep.load()(self, ep.name, value)
  File "/builddir/build/BUILD/sshuttle-0.77/.eggs/setuptools_scm-1.10.1-py3.5.egg/setuptools_scm/integration.py", line 19, in version_keyword
  File "/builddir/build/BUILD/sshuttle-0.77/.eggs/setuptools_scm-1.10.1-py3.5.egg/setuptools_scm/__init__.py", line 102, in get_version
  File "/builddir/build/BUILD/sshuttle-0.77/.eggs/setuptools_scm-1.10.1-py3.5.egg/setuptools_scm/__init__.py", line 80, in _do_parse
LookupError: setuptools-scm was unable to detect version for '/builddir/build/BUILD/sshuttle-0.77'.

Make sure you're not using GitHub's tarballs (or similar ones), as those don't contain the necessary metadata. Use PyPI's tarballs instead.

For example, if you're using pip, instead of https://github.com/user/proj/archive/master.zip use git+https://github.com/user/proj.git#egg=proj

sshuttle master is broken

I checked out a master version as of today and when I ran this I get an error...

[mszczap@d-txl-00445584 sshuttle]$  git:(master)./run -H --dns -r [email protected] 192.168.1.0/24
Python 3.5.0
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "assembler.py", line 13, in <module>
TypeError: a bytes-like object is required, not 'str'
client: fatal: server died with error code 1

sshuttle does not connect and exits with error "fatal: firewall: expected route but got ''"

Note: this is a duplicate of what I submitted to the mailing list. I'm opening it as an issue so it doesn't get lost.

I am using the Debian unstable sshuttle package. After upgrade to 0.71 I cannot connect with sshuttle. After ssh negotiations it fails with:
fatal: firewall: expected route but got ''
See full example below.

I reported this bug to Debian (#790894), but it seems this is a bug in sshuttle itself, not in the Debian package.

Any help in resolving this would be appreciated
Shai

Example trying to connect to localhost (but same problem exists when trying other host) with verbose output:

>> sudo sshuttle -vvv -NH -r localhost:22
Starting sshuttle proxy.
UDP support requires tproxy; disabling UDP.
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
firewall manager ready method nat.
c : connecting to server...
c : executing: ['ssh', '-p', '22', 'localhost', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; skip_imports=1; verbosity=3; exec compile(sys.stdin.read(770), "assembler.py", "exec")\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
shaia@localhost's password: 
server: assembling 'cmdline_options.py' (42 bytes)
server: assembling 'helpers.py' (829 bytes)
server: assembling 'ssubprocess.py' (13703 bytes)
server: assembling 'ssnet.py' (5466 bytes)
server: assembling 'hostwatch.py' (2255 bytes)
server: assembling 'server.py' (3186 bytes)
 s: latency control setting = True
 s: available routes:
 s:   2/169.254.0.0/16
 s:   2/192.168.221.0/24
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=36 (fullness=7)
c : connected.
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=43/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
Connected.
c : seed_hosts: []
 s: mux wrote: 44/44
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=43/0)
c :  > channel=0 cmd=HOST_REQ len=0 (fullness=7)
c : Waiting: 2 r=[5, 8] w=[8] x=[] (fullness=7/0)
c :   Ready: 2 r=[8] w=[8] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=36
fatal: firewall: expected route but got ''
c : fatal: cleanup: ['python2', '/usr/lib/sshuttle/main.py', 'python2', '-v', '-v', '-v', '--firewall', '0', '12300', '0', '0', 'auto', '0'] returned 99
 s:   Ready: 1 r=[4] w=[] x=[]

-- System Information:
Debian Release: stretch/sid
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)

Client runs with python 3.5 but server runs python 2.7 and no package is redirected.

I install sshuttle with python 3.5, but it reports Starting server with Python version 2.7.6 during it's initiation procedure. I am not sure if it is a bug.

Also, after initiation, it stops at s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0) and nothing is printed any more, seems that packages are not redirected to sshuttle.

The full log shows below:

Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.0
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=8, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.5.0
c : connecting to server...
c : executing: ['ssh', '[email protected]', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']
^Cc :
c : Keyboard interrupt: exiting.
Trident-l ➜  sshuttle git:(master) ✗                                         19:52:37
Trident-l ➜  sshuttle git:(master) ✗ sshuttle -r [email protected] 0/0 -vvv
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.0
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=8, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.5.0
c : connecting to server...
c : executing: ['ssh', '[email protected]', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=3; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (8 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (765 bytes)
server: assembling 'sshuttle.ssnet' (5506 bytes)
server: assembling 'sshuttle.hostwatch' (2307 bytes)
server: assembling 'sshuttle.server' (3016 bytes)
Starting server with Python version 2.7.6
 s: latency control setting = True
 s: available routes:
 s:   2/10.12.0.0/16
 s:   2/10.134.0.0/16
 s:   2/159.203.240.0/20
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=50 (fullness=7)
c : connected.
Connected.
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=7/0)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 58/58
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=57/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=50
firewall manager: Got subnets: [(2, 0, False, '0.0.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=57)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=64/0)
>> pfctl -E
c : mux wrote: 15/15
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
[The cursor stops here]

If I install sshuttle via python 2, It works properly.

command line option processing broken

Looks like double dashed command line options do not work, they get completely ignored.

$ python -m sshuttle -vvvvr --eeeee=dddd 0/0
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.9
firewall manager: ready method name nat.
...

Seems to work under some circumstances:

$ python -m sshuttle --eeeee=dddd 0/0 
error: option --eeeee not recognized

Wonder if it is worth replacing sshuttle/options.py with something better.

FreeBSD issue

Hello,

I get the below error when trying to run sshuttle from a FreeBSD server

Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.11
firewall manager: ready method name pf.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
Starting client with Python version 2.7.11
c : connecting to server...
Starting server with Python version 2.7.6
 s: latency control setting = True
 s: available routes:
 s:   2/10.92.115.0/24
c : Connected.
firewall manager: setting up.
>> pfctl -s all
firewall manager: undoing changes.
>> pfctl -a sshuttle -F all
Traceback (most recent call last):
  File "/usr/local/bin/sshuttle", line 9, in <module>
    load_entry_point('sshuttle==0.78.0', 'console_scripts', 'sshuttle')()
  File "/usr/local/lib/python2.7/site-packages/sshuttle/cmdline.py", line 25, in main
    return firewall.main(opt.method, opt.syslog)
  File "/usr/local/lib/python2.7/site-packages/sshuttle/firewall.py", line 196, in main
    socket.AF_INET, subnets_v4, udp)
  File "/usr/local/lib/python2.7/site-packages/sshuttle/methods/pf.py", line 394, in setup_firewall
    pf.add_anchors()
  File "/usr/local/lib/python2.7/site-packages/sshuttle/methods/pf.py", line 159, in add_anchors
    self._add_anchor_rule(self.PF_RDR, b'sshuttle')
  File "/usr/local/lib/python2.7/site-packages/sshuttle/methods/pf.py", line 169, in _add_anchor_rule
    super(FreeBsd, self)._add_anchor_rule(type, name, pr=pr)
  File "/usr/local/lib/python2.7/site-packages/sshuttle/methods/pf.py", line 117, in _add_anchor_rule
    ioctl(pf_get_dev(), pf.DIOCCHANGERULE, pr)
IOError: [Errno 19] Operation not supported by device
c : fatal: cleanup: ['/usr/local/bin/python2.7', '/usr/local/bin/sshuttle', '-v', '--method', 'pf', '--firewall'] returned 1

FreeBSD release

10.3-RELEASE-p3 FreeBSD 10.3-RELEASE-p3
amd64

KeyError when running on Kali Linux

After installing Django and txlib modules got the following error when running shuttle:

Traceback (most recent call last):
File "/usr/local/bin/shuttle", line 9, in
load_entry_point('shuttle==0.1', 'console_scripts', 'shuttle')()
File "/usr/local/lib/python2.7/dist-packages/shuttle/sync.py", line 512, in main
HANDLERS[options.types](
KeyError: None

Support tunneling only specified ports.

It does not appear possible to tunnel over SSH only specific ports. I have the problem that my universities in its infinite wisdom blocks the email ports 587 and 465. I have tried to get them opened, but they refuse. (This is in violation of RFC5068 and Eduroam policies, which state that these ports MUST BE open.) So I need to get those ports rerouted to the free outside world, so I can provide a hotspot for my devices and my visitors to access email. Sshuttle seems to be the tool, but it seems to forward all ports, which I don't want. Would it be possible to add an option to tunnel only specified ports?

Not able to exclude localhost

I added -x 127.0.0.1. But it doesn't work as expected.

TypeError: a bytes-like object is required, not 'str'

This is a new problem that I am getting connecting to home, version I am using is from master from shuttle/shuttle.

To other ssh servers I can establish a connection, just this one doesn't work.
On server I have Arch Linux (ARM) with Rasperry PI 2

[mszczap@d-txl-00445584 sshuttle]$  git:(master) 2Acat home.sh 
#!/bin/bash
./run -vv -H --dns -r [email protected] 192.168.1.0/24
[mszczap@d-txl-00445584 sshuttle]$  git:(master) 2A./home.sh 
Python 3.5.1
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.1
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: True
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=7, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Binding DNS: 12300
DNS listening on ('127.0.0.1', 12300).
DNS listening with <socket.socket fd=8, family=AddressFamily.AF_INET, type=SocketKind.SOCK_DGRAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.5.1
c : connecting to server...
c : executing: ['ssh', '[email protected]', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; stdin=getattr(sys.stdin,"buffer",sys.stdin); exec(compile(stdin.read(915), "assembler.py", "exec"))\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (7 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (861 bytes)
server: assembling 'sshuttle.ssnet' (5502 bytes)
server: assembling 'sshuttle.hostwatch' (2307 bytes)
server: assembling 'sshuttle.server' (3100 bytes)
Starting server with Python version 3.5.1
 s: latency control setting = True
 s: available routes:
 s:   2/192.168.1.0/24
c : Connected.
c : seed_hosts: []
c :  > channel=0 cmd=HOST_REQ len=0 (fullness=7)
c : Waiting: 3 r=[7, 8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 3 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : mux wrote: 8/8
c : Waiting: 3 r=[7, 8, 9] w=[] x=[] (fullness=7/0)
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=17 (fullness=7)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=24/0)
 s:   Ready: 1 r=[] w=[5] x=[]
c :   Ready: 3 r=[9] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : mux wrote: 15/15
c : Waiting: 3 r=[7, 8, 9] w=[] x=[] (fullness=14/0)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=24/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 25/25
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=24/0)
c :   Ready: 3 r=[9] w=[] x=[]
c : <  channel=0 cmd=ROUTES len=17
firewall manager: Got subnets: [(2, 24, False, '192.168.1.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got partial nslist: [(2, '10.250.16.37')]
firewall manager: Got partial nslist: [(2, '10.250.16.37'), (2, '10.250.16.38')]
firewall manager: Got partial nslist: [(2, '10.250.16.37'), (2, '10.250.16.38'), (2, '10.243.48.16')]
firewall manager: Got partial nslist: [(2, '10.250.16.37'), (2, '10.250.16.38'), (2, '10.243.48.16'), (2, '10.243.48.222')]
firewall manager: Got nslist: [(2, '10.250.16.37'), (2, '10.250.16.38'), (2, '10.243.48.16'), (2, '10.243.48.222')]
firewall manager: Got ports: 0,12300,0,12300
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 192.168.1.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
 s:  > channel=0 cmd=PONG len=7 (fullness=24)
 s: <  channel=0 cmd=HOST_REQ len=0
 s: mux wrote: 15/15
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
HH: Starting hostwatch with Python version 3.5.1
 s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=31/0)
 s:   Ready: 2 r=[4] w=[] x=[]
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.250.16.37/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=0/0)
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.250.16.38/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
HH: Found: 1: 1.186.176.170
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.243.48.16/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
HH: Traceback (most recent call last):
--->   File "sshuttle.server", line 106, in start_hostwatch
--->   File "sshuttle.hostwatch", line 262, in hw_main
--->   File "sshuttle.hostwatch", line 65, in read_host_cache
--->   File "sshuttle.hostwatch", line 79, in found_host
--->   File "sshuttle.hostwatch", line 39, in write_host_cache
---> TypeError: a bytes-like object is required, not 'str'
 s:   Ready: 2 r=[7] w=[] x=[]
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.243.48.222/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 3 r=[7, 8, 9] w=[] x=[] (fullness=0/0)
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "assembler.py", line 36, in <module>
  File "sshuttle.server", line 327, in main
  File "sshuttle.ssnet", line 575, in runonce
  File "sshuttle.server", line 256, in hostwatch_ready
TypeError: Can't convert 'bytes' object to str implicitly
c :   Ready: 3 r=[9] w=[] x=[]
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
>> iptables -t nat -D OUTPUT -j sshuttle-12300
>> iptables -t nat -D PREROUTING -j sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -X sshuttle-12300
firewall manager: undoing /etc/hosts changes.
c : fatal: server died with error code 1
[mszczap@d-txl-00445584 sshuttle]$  git:(master) 2A

Feature ipv6 not supported with method pf

shuttle version: 0.77.2

W sshuttle -vv -H --dns -r [email protected] 192.168.1.0/24
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
fatal: Feature ipv6 not supported with method pf.

fails to run on mac os x if ipv6 is configured

Error:

fatal: Feature ipv6 not supported with method pf.

How to stop sshuttle running in daemon mode?

I can't find a proper way to stop the daemon in the doc.
Kill it seems to create network problem (I guess routes are not reverted or something)

Mac app sudo prompt isn't working

I'm on El Capitan, if that matters, but I'm running into an issue where the sudo prompt in the Mac GUI isn't working correctly. I input the correct password for it, but it then hangs, not proceeding to connect. If I drop to a terminal and manually sudo something, then try again, it works since it doesn't need to prompt at that point.

RuntimeError: dictionary changed size during iteration

Just recording this error so I don't forget it:

firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
>> iptables -t nat -D OUTPUT -j sshuttle-12300
>> iptables -t nat -D PREROUTING -j sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -X sshuttle-12300
firewall manager: undoing /etc/hosts changes.
Traceback (most recent call last):
  File "/home/brian/.pyenv/versions/3.5.0/lib/python3.5/runpy.py", line 170, in _run_module_as_main
    "__main__", mod_spec)
  File "/home/brian/.pyenv/versions/3.5.0/lib/python3.5/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/brian/tree/sshuttle/sshuttle/__main__.py", line 212, in <module>
    opt.syslog, opt.daemon, opt.pidfile)
  File "/home/brian/tree/sshuttle/sshuttle/client.py", line 648, in main
    daemon)
  File "/home/brian/tree/sshuttle/sshuttle/client.py", line 488, in _main
    ssnet.runonce(handlers, mux)
  File "/home/brian/tree/sshuttle/sshuttle/ssnet.py", line 575, in runonce
    h.callback(s)
  File "/home/brian/tree/sshuttle/sshuttle/client.py", line 119, in <lambda>
    lambda sock: callback(sock, method, mux, handlers)
  File "/home/brian/tree/sshuttle/sshuttle/client.py", line 380, in ondns
    expire_connections(now, mux)
  File "/home/brian/tree/sshuttle/sshuttle/client.py", line 280, in expire_connections
    for chan, timeout in dnsreqs.items():
RuntimeError: dictionary changed size during iteration

specify an alternate ssh key

Is it possible to specify an alternate ssh key (identity file)

./sshuttle -i ~/.ssh/id_key5 --dns -H -vvr [email protected] 0/0

OSX 10.10 + sshuttle + tproxy throws socket.error: [Errno 22] Invalid argument

sshuttle is installed through brew.

$ sshuttle --dns -r server 0/0 -v --method=tproxy
Starting sshuttle proxy.
tproxy UDP support requires recvmsg function.
tproxy DNS support requires recvmsg function.
TCP redirector listening on ('::1', 12300, 0, 0).
TCP redirector listening on ('127.0.0.1', 12300).
firewall manager ready method tproxy.
Traceback (most recent call last):
  File "/usr/local/Cellar/sshuttle/0.71/libexec/src/main.py", line 216, in <module>
    opt.syslog, opt.daemon, opt.pidfile)
  File "/usr/local/Cellar/sshuttle/0.71/libexec/src/client.py", line 743, in main
    tcp_listener.setsockopt(socket.SOL_IP, IP_TRANSPARENT, 1)
  File "/usr/local/Cellar/sshuttle/0.71/libexec/src/client.py", line 228, in setsockopt
    self.v6.setsockopt(level, optname, value)
  File "/usr/local/Cellar/python/2.7.10_2/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 22] Invalid argument

How do I obtain the recvmsg function?

Compatibility with other shells

Hello,

I have a server that uses Fish as the default shell.
When I try to connect with sshuttle, I get this error:

fish: Unknown command 'P=python3.5'. Did you mean 'set P python3.5'? For information on assigning values to variables, see the help section on the set command by typing 'help set'.

This is because Fish does not set variables like Bash (set P python3.5 instead of P=python3.5.)

Maybe it would be possible to launch Bash on the server if it isn't the default shell?

Setup "on" Windows

I know that Windows won't easily get native support from sshuttle, though, we can use VM on Windows to do so. I have written a short tips on how to do so at https://coderwall.com/p/adfxgw/sshuttle-on-windows. Can we add a pointer on the docs here so that others can make use of sshuttle on Windows?

sshuttle doesn't hide my IPV6 address

I've been using sshuttle for a number of years now, and recently my ISP rolled out IPV6 support.
The sshuttle command I use is:

sshuttle --no-latency-control -vvr [email protected] 0/0 -x 10.0.0.0/24

Sometimes I add the --dns flag as well.

This has been working fine, and continuous to work fine, for sites that show me an IPV4 address. For example, http://www.whatsmyip.org/ correctly shows me remote.server's address, instead of my real one. And I see what looks like correct activity from the sshuttle debug output.

However I've recently noticed that sites responding back with an IPV6 (have IPV6 support?) are still showing me my real IPV6 address. For example:

https://www.google.com/search?q=google+what%27s+my+ip&ie=utf-8&oe=utf-8
icanhazip.com

When accessing those sites or downloading anything from them I see no output from sshuttle, which makes me suspect sshuttle is getting bypassed somehow and doesn't intercept the IPV6 traffic (although I am just guessting).
Furthermore if the --dns flag is used I do see the dns query go through for those sites, just not the traffic. My best guess for this would be that whichever DNS I'm using isn't configured for IPV6, and so sshuttle still intercepts the traffic.

sshuttle / sshuttle Goto Github PK

sshuttle's Introduction

sshuttle: where transparent proxy meets VPN meets ssh

Obtaining sshuttle

Documentation

Running as a service

sshuttle's People

Contributors

Stargazers

Watchers

Forkers

sshuttle's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs