description "Create a transparent proxy over SSH" author "Jim Wyllie " manual nice -5 # Edit this file with network prefixes that should be loaded through the SSH # tunnel. env PREFIX_LOCATION=/etc/sshuttle/prefixes.conf # Routing table; defaults to 100 env ROUTE_TABLE=100 # fwmark; defaults to 1 env FWMARK=1 # SSH tunnel configuration file env SSHUTTLE_TUNNEL_FILE=/etc/sshuttle/tunnel.conf # File containing the tunnel proxy name / host / whatever env TUNNEL_PROXY="/etc/sshuttle/tunnel.conf" # Any other commands needed to run before or after loading the SSH tunnel. # This is where you can put any of your hacks to set up tunnels-in-tunnels, # etc. Scripts in this directory are executed in order. env MISC_START_DIR=/etc/sshuttle/pre-start.d env MISC_STOP_DIR=/etc/sshuttle/post-stop.d start on (local-filesystems and net-device-up IFACE!=lo) stop on stopping network-services #respawn pre-start script # Make sure we have created the routes sudo ip rule add fwmark ${FWMARK} lookup ${ROUTE_TABLE} logger "Starting sshuttle..." if [ -f "${PREFIX_LOCATION}" ]; then cat "${PREFIX_LOCATION}" | while read ROUTE; do # Skip comments if [ -n "$(echo ${ROUTE} | egrep "^[ ]*#")" ]; then continue fi # Skip empty lines if [ -z "${ROUTE}" ]; then continue fi logger "Adding route: ${ROUTE}" ip route add local ${ROUTE} dev lo table ${ROUTE_TABLE} done fi for RUNFILE in ${MISC_START_DIR}/*; do logger "Executing ${RUNFILE}" /bin/sh -c "${RUNFILE}" done end script post-stop script if [ -f "${PREFIX_LOCATION}" ]; then cat "${PREFIX_LOCATION}" | while read ROUTE; do # Skip comments if [ -n "$(echo ${ROUTE} | egrep "^[ ]*#")" ]; then continue fi # Skip empty lines if [ -z "${ROUTE}" ]; then continue fi logger "Deleting route: ${ROUTE}" ip route del local ${ROUTE} dev lo table ${ROUTE_TABLE} done fi ip rule del fwmark ${FWMARK} for RUNFILE in "${MISC_STOP_DIR}/*"; do logger "Executing ${RUNFILE}" /bin/sh -c "${RUNFILE}" done end script exec /usr/bin/sshuttle --dns --method=tproxy --listen 0.0.0.0 --remote sshuttle_tunnel -s /etc/sshuttle/prefixes.conf -e "ssh -F ${TUNNEL_PROXY}"