Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sshuttle 1.1.1 not working on macOS Sonoma 14.1.1 #914

Open
jadsonjs opened this issue Nov 20, 2023 · 7 comments
Open

Sshuttle 1.1.1 not working on macOS Sonoma 14.1.1 #914

jadsonjs opened this issue Nov 20, 2023 · 7 comments

Comments

@jadsonjs
Copy link

Sorry if this is a duplicate issue, but I could not find another issue with the same problem. I am trying to use Sshuttle for the first time to connect to a Linux server from my macOS. With the command below:

sshuttle -v -r user@XXX.XX.XX.XX:YYYY -x XXX.XX.XXX.XX XXX.0.0.0/8 XXX.XXX.X.0/24

When running this command, after typing the password, the flow lines of logs are shown:

s: Running server on remote host with /usr/bin/python3 (version 3.10.6)
s: latency control setting = True
s: auto-nets:False
c : Connected to server.
fw: setting up.
fw: >> pfctl -s Interfaces -i lo -v
fw: >> pfctl -s all
fw: >> pfctl -a sshuttle6-12300 -f /dev/stdin
fw: >> pfctl -E
fw: >> pfctl -s Interfaces -i lo -v
fw: >> pfctl -s all
fw: >> pfctl -a sshuttle-12300 -f /dev/stdin
fw: >> pfctl -E

And it stays stopped in the last line (pfctl -E command), frozen, forever.
The pfctl -E command is used to enable the PF (Packet Filter) firewall on macOS
When I try to execute the command directly on my macOS terminal, the following lines are shown:

$pfctl -E
No ALTQ support in kernel
ALTQ related functions disabled
pf enabled
Token : 4235676552202453487

macOS Sonoma 14.1.1
shuttle --version 1.1.1

I checked the following issues, without any success:

#563
#706
#864
#895

I think this is a bug of sshuttle in macOS Sonoma. Can someone help me? Thanks
@yokotoka
Copy link

yokotoka commented Jan 2, 2024

Same problem here. Everything worked before update

% sshuttle --dns -vr root@xxx 0/0
Starting sshuttle proxy (version 1.1.1).
c : Starting firewall manager with command: ['/Users/xxx/.pyenv/versions/3.11.5/envs/global3_11_5/bin/python3.11', '/Users/xxx/.pyenv/versions/global3_11_5/bin/sshuttle', '-v', '--method', 'auto', '--firewall']
fw: Starting firewall with Python version 3.11.5
fw: ready method name nft.
c : IPv6 enabled: Using default IPv6 listen address ::1
c : Method: nft
c : IPv4: on
c : IPv6: on
c : UDP : off (not available with nft method)
c : DNS : on
c : User: off (not available with nft method)
c : Subnets to forward through remote host (type, IP, cidr mask width, startPort, endPort):
c :   (<AddressFamily.AF_INET: 2>, '0.0.0.0', 0, 0, 0)
c : Subnets to exclude from forwarding:
c :   (<AddressFamily.AF_INET: 2>, '127.0.0.1', 32, 0, 0)
c :   (<AddressFamily.AF_INET6: 30>, '::1', 128, 0, 0)
c : DNS requests normally directed at these servers will be redirected to remote:
c :   (<AddressFamily.AF_INET: 2>, '8.8.8.8')
c :   (<AddressFamily.AF_INET: 2>, '1.1.1.1')
c :   (<AddressFamily.AF_INET: 2>, '4.4.2.2')
c : TCP redirector listening on ('::1', 12300, 0, 0).
c : TCP redirector listening on ('127.0.0.1', 12300).
c : DNS listening on ('::1', 12299, 0, 0).
c : DNS listening on ('127.0.0.1', 12299).
c : Starting client with Python version 3.11.5
c : Connecting to server...
 s: Running server on remote host with /usr/bin/python3 (version 3.10.12)
 s: latency control setting = True
 s: auto-nets:False
c : Connected to server.
fw: setting up.
fw: nft add table inet sshuttle-ipv6-12300
Error: No such file add table
fw: undoing changes.
fw: nft delete table inet sshuttle-ipv6-12300
Error: No such file delete table
fw: error: ['nft', 'delete table', 'inet', 'sshuttle-ipv6-12300', ''] returned -13
fw: nft delete table inet sshuttle-ipv4-12300
Error: No such file delete table
fw: error: ['nft', 'delete table', 'inet', 'sshuttle-ipv4-12300', ''] returned -13
fw: fatal: ['nft', 'add table', 'inet', 'sshuttle-ipv6-12300', ''] returned 1
c : fatal: cleanup: ['/Users/xxx/.pyenv/versions/3.11.5/envs/global3_11_5/bin/python3.11', '/Users/xxx/.pyenv/versions/global3_11_5/bin/sshuttle', '-v', '--method', 'auto', '--firewall'] returned 99

@andloh
Copy link

andloh commented Feb 15, 2024

Works fine with 1.1.1 on Sonoma 14.3

@Japillow
Copy link

Japillow commented Feb 22, 2024
edited

Contrary to to what is said by @andloh, I still have the issue in Sonoma 14.3 (version 14.3.1 (23D60)) with sshuttle v1.1.1 and v1.1.2 (available in brew) on Macbook Air M2 (SIP enabled; professionnal machine with Microsoft Defender for Endpoint) and Macbook Pro M2 Pro (SIP enabled; personal machine, no security software installed)

@skrobul
Copy link

skrobul commented Feb 28, 2024

Didn't work on 14.2.2, I attempted to upgrade to 14.3.1 and it still does not work. Wonder if there is some other factor in play here. @andloh do you have your firewall enabled?

@andloh
Copy link

andloh commented Mar 5, 2024

@skrobul Yes, I have firewall enabled, SIP too. Intel Mac

@skrobul
Copy link

skrobul commented Mar 5, 2024

@andloh thanks, fwiw I'm on ARM based Mac so there is a difference here. Enabling/disabling firewall does not change a thing. SIP is enabled and I want to keep it that way.
Maybe it's some sort of endpoint protection software (i.e. Crowdstrike or Appgate SDP) blocking these?

@ZeGuigui
Copy link

ZeGuigui commented Mar 6, 2024

sshuttle 1.1.1 on ARM M2 is OK for me. Firewall disabled. I did not change my SIP settings (=> enabled)

If you are using a VPN to connect see #563

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@skrobul @yokotoka @jadsonjs @Japillow @ZeGuigui @andloh