sshuttle

I took a quick look at sshuttle, a poor man’s VPN. It creates an ssh tunnel to any Linux host you can ssh too, then munges your OS to route most, but not all, traffic through the tunnel.

I’m confused about how it works. On my Mac I couldn’t find any evidence of it in ifconfig or the routing tables. It does set some ipfw rules, and more if I enable DNS as well. Can ipfw manipulate traffic in this way? There’s some more commentary on this 4 year old Hacker News discussion.

The big drawback is it only handles TCP, with an option to also handle DNS traffic. But not arbitrary UDP or all IP. I think for many practical things that doesn’t matter, but it is a drawback.

The nice thing is it’s super easy to set up and doesn’t require any server infrastructure. It’s a clever hack. Clients work on MacOS and Linux, at least.