mirror of
https://github.com/sshuttle/sshuttle.git
synced 2024-11-22 07:53:43 +01:00
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
d43db80dec
When running sshuttle with a large list of routes it's failing to clean them up at exit. It returns the following: $ sshuttle -r user@host.example.com -s /tmp/aws-cidrs.txt user@host.example.com's password: client: Connected. ^CAnother app is currently holding the xtables lock; still -9s 0us time ahead to have a chance to grab the lock... Another app is currently holding the xtables lock; still -19s 0us time ahead to have a chance to grab the lock... Another app is currently holding the xtables lock; still -29s 0us time ahead to have a chance to grab the lock... This continues indefinitely. Looking in ps reveals that there are 2 iptables processes running. Killing -9 the first one, allows sshuttle to continue and clean up successfully. The problem lies with the use of Popen here. The function currently returns as soon as it finds a match without consuming everything from stdout. This means that if there's more output from iptables than will fit in the buffer it doesn't exit, and therefore doesn't release the kernel xtables lock. |
||
|---|---|---|
| docs | ||
| sshuttle | ||
| tests | ||
| .gitignore | ||
| .prospector.yml | ||
| .travis.yml | ||
| bandit.yml | ||
| CHANGES.rst | ||
| LICENSE | ||
| MANIFEST.in | ||
| README.rst | ||
| requirements-tests.txt | ||
| requirements.txt | ||
| run | ||
| setup.cfg | ||
| setup.py | ||
| tox.ini | ||
sshuttle: where transparent proxy meets VPN meets ssh
=====================================================
As far as I know, sshuttle is the only program that solves the following
common case:
- Your client machine (or router) is Linux, FreeBSD, or MacOS.
- You have access to a remote network via ssh.
- You don't necessarily have admin access on the remote network.
- The remote network has no VPN, or only stupid/complex VPN
protocols (IPsec, PPTP, etc). Or maybe you *are* the
admin and you just got frustrated with the awful state of
VPN tools.
- You don't want to create an ssh port forward for every
single host/port on the remote network.
- You hate openssh's port forwarding because it's randomly
slow and/or stupid.
- You can't use openssh's PermitTunnel feature because
it's disabled by default on openssh servers; plus it does
TCP-over-TCP, which has terrible performance (see below).
Obtaining sshuttle
------------------
- Debian stretch or later::
apt-get install sshuttle
- From PyPI::
sudo pip install sshuttle
- Clone::
git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
sudo ./setup.py install
It is also possible to install into a virtualenv as a non-root user.
- From PyPI::
virtualenv -p python3 /tmp/sshuttle
. /tmp/sshuttle/bin/activate
pip install sshuttle
- Clone::
virtualenv -p python3 /tmp/sshuttle
. /tmp/sshuttle/bin/activate
git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
./setup.py install
- Homebrew::
brew install sshuttle
Documentation
-------------
The documentation for the stable version is available at:
https://sshuttle.readthedocs.org/
The documentation for the latest development version is available at:
https://sshuttle.readthedocs.org/en/latest/