From ee26157faacd15047f1707648792805619e541ea Mon Sep 17 00:00:00 2001
From: Brian May <brian@linuxpenguins.xyz>
Date: Wed, 20 Jan 2016 20:55:10 +1100
Subject: [PATCH] Add Windows documentation

Copied from https://coderwall.com/p/adfxgw/sshuttle-on-windows

Closes #64
---
 docs/index.rst        |  1 +
 docs/platform.rst     | 10 +++++++++
 docs/requirements.rst |  8 +++++++-
 docs/tproxy.rst       | 42 +++++++++++++++++++++++++++++++++++++
 docs/usage.rst        | 48 ++++++-------------------------------------
 docs/windows.rst      | 19 +++++++++++++++++
 6 files changed, 85 insertions(+), 43 deletions(-)
 create mode 100644 docs/platform.rst
 create mode 100644 docs/tproxy.rst
 create mode 100644 docs/windows.rst

diff --git a/docs/index.rst b/docs/index.rst
index 4cc6c5a..e0d3c87 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -10,6 +10,7 @@ Contents:
    requirements
    installation
    usage
+   platform
    Man Page <manpage>
    how-it-works
    support
diff --git a/docs/platform.rst b/docs/platform.rst
new file mode 100644
index 0000000..62521c9
--- /dev/null
+++ b/docs/platform.rst
@@ -0,0 +1,10 @@
+Platform Specific Notes
+=======================
+
+Contents:
+
+.. toctree::
+   :maxdepth: 2
+
+   tproxy
+   windows
diff --git a/docs/requirements.rst b/docs/requirements.rst
index fae68cd..a7cc10f 100644
--- a/docs/requirements.rst
+++ b/docs/requirements.rst
@@ -37,7 +37,7 @@ Supports:
 Full UDP or DNS support with the TPROXY method requires the ``recvmsg()``
 syscall. This is not available in Python 2, however is in Python 3.5 and
 later. Under Python 2 you might find it sufficient installing PyXAPI_ to get
-the ``recvmsg()`` function.
+the ``recvmsg()`` function. See :doc:`tproxy` for more information.
 
 
 MacOS with PF method
@@ -51,6 +51,12 @@ Requires:
 
 * You need to have the pfctl command.
 
+Windows
+~~~~~~~
+
+Not officially supported, however can be made to work with Vagrant. Requires
+cmd.exe with Administrator access. See :doc:`windows` for more information.
+
 
 Server side Requirements
 ------------------------
diff --git a/docs/tproxy.rst b/docs/tproxy.rst
new file mode 100644
index 0000000..1842cf9
--- /dev/null
+++ b/docs/tproxy.rst
@@ -0,0 +1,42 @@
+TPROXY
+======
+TPROXY is the only method that has full support of IPv6 and UDP.
+
+There are some things you need to consider for TPROXY to work:
+
+- The following commands need to be run first as root. This only needs to be
+  done once after booting up::
+
+      ip route add local default dev lo table 100
+      ip rule add fwmark 1 lookup 100
+      ip -6 route add local default dev lo table 100
+      ip -6 rule add fwmark 1 lookup 100
+
+- The ``--auto-nets`` feature does not detect IPv6 routes automatically. Add IPv6
+  routes manually. e.g. by adding ``'::/0'`` to the end of the command line.
+
+- The client needs to be run as root. e.g.::
+
+      sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle  --method=tproxy ...
+
+- You may need to exclude the IP address of the server you are connecting to.
+  Otherwise sshuttle may attempt to intercept the ssh packets, which will not
+  work. Use the ``--exclude`` parameter for this.
+
+- Similarly, UDP return packets (including DNS) could get intercepted and
+  bounced back. This is the case if you have a broad subnet such as
+  ``0.0.0.0/0`` or ``::/0`` that includes the IP address of the client. Use the
+  ``--exclude`` parameter for this.
+
+- You need the ``--method=tproxy`` parameter, as above.
+
+- The routes for the outgoing packets must already exist. For example, if your
+  connection does not have IPv6 support, no IPv6 routes will exist, IPv6
+  packets will not be generated and sshuttle cannot intercept them::
+
+      telnet -6 www.google.com 80
+      Trying 2404:6800:4001:805::1010...
+      telnet: Unable to connect to remote host: Network is unreachable
+
+  Add some dummy routes to external interfaces. Make sure they get removed
+  however after sshuttle exits.
diff --git a/docs/usage.rst b/docs/usage.rst
index ee4a8db..bf387c6 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -1,5 +1,11 @@
 Usage
 =====
+
+.. note::
+
+    For information on usage with Windows, see the :doc:`windows` section.
+    For information on using the TProxy method, see the :doc:`tproxy` section.
+
 - Forward all traffic::
 
       sshuttle -r username@sshserver 0.0.0.0/0
@@ -51,45 +57,3 @@ the data back and forth through ssh.
 Fun, right?  A poor man's instant VPN, and you don't even have to have
 admin access on the server.
 
-Additional information for TPROXY
----------------------------------
-TPROXY is the only method that supports full support of IPv6 and UDP.
-
-There are some things you need to consider for TPROXY to work:
-
-- The following commands need to be run first as root. This only needs to be
-  done once after booting up::
-
-      ip route add local default dev lo table 100
-      ip rule add fwmark 1 lookup 100
-      ip -6 route add local default dev lo table 100
-      ip -6 rule add fwmark 1 lookup 100
-
-- The ``--auto-nets`` feature does not detect IPv6 routes automatically. Add IPv6
-  routes manually. e.g. by adding ``'::/0'`` to the end of the command line.
-
-- The client needs to be run as root. e.g.::
-
-      sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle  --method=tproxy ...
-
-- You may need to exclude the IP address of the server you are connecting to.
-  Otherwise sshuttle may attempt to intercept the ssh packets, which will not
-  work. Use the ``--exclude`` parameter for this.
-
-- Similarly, UDP return packets (including DNS) could get intercepted and
-  bounced back. This is the case if you have a broad subnet such as
-  ``0.0.0.0/0`` or ``::/0`` that includes the IP address of the client. Use the
-  ``--exclude`` parameter for this.
-
-- You need the ``--method=tproxy`` parameter, as above.
-
-- The routes for the outgoing packets must already exist. For example, if your
-  connection does not have IPv6 support, no IPv6 routes will exist, IPv6
-  packets will not be generated and sshuttle cannot intercept them::
-
-      telnet -6 www.google.com 80
-      Trying 2404:6800:4001:805::1010...
-      telnet: Unable to connect to remote host: Network is unreachable
-
-  Add some dummy routes to external interfaces. Make sure they get removed
-  however after sshuttle exits.
diff --git a/docs/windows.rst b/docs/windows.rst
new file mode 100644
index 0000000..3bfff57
--- /dev/null
+++ b/docs/windows.rst
@@ -0,0 +1,19 @@
+Microsoft Windows
+=================
+Currently there is no built in support for running sshuttle directly on
+Microsoft Windows.
+
+What we can really do is to create a Linux VM with Vagrant (or simply
+Virtualbox if you like). In the Vagrant settings, remember to turn on bridged
+NIC. Then, run sshuttle inside the VM like below::
+
+    sshuttle -l 0.0.0.0 -x 10.0.0.0/8 -x 192.168.0.0/16 0/0
+
+10.0.0.0/8 excludes NAT traffics of Vagrant and 192.168.0.0/16 excludes
+traffics to my router.
+
+Assuming the VM has the IP 192.168.1.200 obtained on the bridge NIC (we can
+configure that in Vagrant), we can then ask windows to route all its traffic
+via the VM by running the following in cmd.exe with admin right::
+
+     route add 0.0.0.0 mask 0.0.0.0 192.168.1.200