-
Notifications
You must be signed in to change notification settings - Fork 712
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Copied from https://coderwall.com/p/adfxgw/sshuttle-on-windows Closes #64
- Loading branch information
Showing
6 changed files
with
85 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,6 +10,7 @@ Contents: | |
requirements | ||
installation | ||
usage | ||
platform | ||
Man Page <manpage> | ||
how-it-works | ||
support | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
Platform Specific Notes | ||
======================= | ||
|
||
Contents: | ||
|
||
.. toctree:: | ||
:maxdepth: 2 | ||
|
||
tproxy | ||
windows |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
TPROXY | ||
====== | ||
TPROXY is the only method that has full support of IPv6 and UDP. | ||
|
||
There are some things you need to consider for TPROXY to work: | ||
|
||
- The following commands need to be run first as root. This only needs to be | ||
done once after booting up:: | ||
|
||
ip route add local default dev lo table 100 | ||
ip rule add fwmark 1 lookup 100 | ||
ip -6 route add local default dev lo table 100 | ||
ip -6 rule add fwmark 1 lookup 100 | ||
|
||
- The ``--auto-nets`` feature does not detect IPv6 routes automatically. Add IPv6 | ||
routes manually. e.g. by adding ``'::/0'`` to the end of the command line. | ||
|
||
- The client needs to be run as root. e.g.:: | ||
|
||
sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ... | ||
|
||
- You may need to exclude the IP address of the server you are connecting to. | ||
Otherwise sshuttle may attempt to intercept the ssh packets, which will not | ||
work. Use the ``--exclude`` parameter for this. | ||
|
||
- Similarly, UDP return packets (including DNS) could get intercepted and | ||
bounced back. This is the case if you have a broad subnet such as | ||
``0.0.0.0/0`` or ``::/0`` that includes the IP address of the client. Use the | ||
``--exclude`` parameter for this. | ||
|
||
- You need the ``--method=tproxy`` parameter, as above. | ||
|
||
- The routes for the outgoing packets must already exist. For example, if your | ||
connection does not have IPv6 support, no IPv6 routes will exist, IPv6 | ||
packets will not be generated and sshuttle cannot intercept them:: | ||
|
||
telnet -6 www.google.com 80 | ||
Trying 2404:6800:4001:805::1010... | ||
telnet: Unable to connect to remote host: Network is unreachable | ||
|
||
Add some dummy routes to external interfaces. Make sure they get removed | ||
however after sshuttle exits. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
Microsoft Windows | ||
================= | ||
Currently there is no built in support for running sshuttle directly on | ||
Microsoft Windows. | ||
|
||
What we can really do is to create a Linux VM with Vagrant (or simply | ||
Virtualbox if you like). In the Vagrant settings, remember to turn on bridged | ||
NIC. Then, run sshuttle inside the VM like below:: | ||
|
||
sshuttle -l 0.0.0.0 -x 10.0.0.0/8 -x 192.168.0.0/16 0/0 | ||
|
||
10.0.0.0/8 excludes NAT traffics of Vagrant and 192.168.0.0/16 excludes | ||
traffics to my router. | ||
|
||
Assuming the VM has the IP 192.168.1.200 obtained on the bridge NIC (we can | ||
configure that in Vagrant), we can then ask windows to route all its traffic | ||
via the VM by running the following in cmd.exe with admin right:: | ||
|
||
route add 0.0.0.0 mask 0.0.0.0 192.168.1.200 |