
Transparent proxy server that works as a poor man's VPN - nxnfufunezn
https://github.com/sshuttle/sshuttle
======
rsync
I love sshuttle. You can point it at any ssh server (that has python installed
on it) and you don't need any special privileges on the remote end.

One problem is that it does _not_ support DNS tunneling if FreeBSD is your
client.[1]

Item: we (rsync.net) would be _willing to pay_ for development that gets
sshuttle to work properly and bulletproof on FreeBSD. In fact, we would be
willing to pay for sshuttle development in general. Email us.[2]

Also, what is up with this new fork ... which speaks from the original authors
point of view and, in fact, has his own personal notes cut and pasted into the
README. In fact, the contact information is the original author - Avery
Pennarun apenwarr@gmail.com - what's going on here ?

[1] No, the note about IPFIREWALL_FORWARD does not fix this problem.

[2] info@rsync.net

~~~
jaytaylor
sshuttle is really cool, except both macs I've run it on would have weird
system crashes while running it.

I ended up creating a proper VPN via a microtik router and have enjoyed the
superior performance compared to sshuttle, though it was several orders of
magnitude more effort to get going! sshuttle was almost too easy to get up and
running :)

~~~
kbenson
A python script should not be able to make your Mac crash (depending on what
you mean by "weird system crash"). If it actually causes a hard crash, that
likely either points to a weird hardware/software problem on your system, or
it's a bug that Apple would like to know about if they don't already.

~~~
jaytaylor
Using it consistently produced hard system freezes.

------
jepatrick
You can also just use a SSH to set up a socks proxy as well.

[http://blog.jpatrick.io/tube-socks/](http://blog.jpatrick.io/tube-socks/)

------
a5m0
I see that this is a fork of a fork, what are the differences from the
original?

------
rahimnathwani
Just use Shadowsocks, unless you're on iOS, in which case use PPTP. These both
work reliably for me, and with the latest versions of OSX.

If you need something more resistant to DPI, check out stunnel or obfsproxy as
carriers for OpenVPN. Switch ports regularly as well. You needn't change
server config to do this: just use iptables to forward stuff so your server's
stunnel daemon is listening on hundreds of ports.

~~~
akerl_
One of the primary use cases, as described on the main page linked, is for
systems where you aren't an admin of the remote system, and thus can't use
iptables as you describe.

------
CSDude
If you want a poorer VPN, you can use socat [1] or n2n[2], which both works
great!

1: [http://www.dest-unreach.org/socat/doc/socat-tun.html](http://www.dest-
unreach.org/socat/doc/socat-tun.html)

2: [https://en.wikipedia.org/wiki/N2n](https://en.wikipedia.org/wiki/N2n)

------
jpgvm
Been using this for years, can be a little weird at times but usually works
fairly well, even on OS X.

~~~
mailanik
Doesn't work on Yosemite!

~~~
X-Istence
It does. It was updated a couple of months ago to use the new pfctl framework
of -E/-X to enable/disable the firewall and uses the existing hooks in the
firewall to automatically insert/remove rules as necessary.

I've used it extensively on Yosemite.

~~~
justizin
Using this fork on El Capitan now.

------
ausjke
I used this for a while in summer while I travelled to China, it worked
shortly before the powerful GFW blocks it deadly, along with openvpn-
over-443-port etc that I tried, which also failed soon after it's used for a
short while.

~~~
FifteenChractrs
The great firewall won't block tor bridges on port 80 or 443. I've been there
a time or two and used it :D

~~~
ausjke
it does, 443 still leaks pattens(e.g. packet length and when/how they're
sent/received,etc), that GFW can detec and tell if it's a typical 443 or
openvpn-over-443. also 80 has no security at all and I don't know what it can
be used for this purpose.

------
2bluesc
Why not just use OpenVPN? It's just as simple (if not simpler) to setup and
considerably more powerful.

An OpenVPN server can go from zero to done in under 5 minutes (for HN readers,
less) with a Docker container:
[https://github.com/kylemanna/github](https://github.com/kylemanna/github)

~~~
X-Istence
That might work if you have root on the system you are connecting to, but in a
lot of cases you might not. In a corporate scenario sshuttle has been life
saver because it makes it simple to make networks behind a jump server look
and feel like they are just a router hop away. This makes using stuff like
VMWare easier since it usually requires direct access to the hosts on various
different ports and makes it difficult to set up port forwarding.

------
austinchou0126
Absolutely will not in China, LOL

~~~
gbraad
Works well.

... Only recently had issues during the parade using with the Linode IP range.
DigitalOcean no problems.

