The Problem
If you are in a not very trustworthy network environment (e.g. free internet at the airport) then you may consider to send all your traffic (encrypted) through a VPN to a trusted site.
This usually requires some kind of VPN solution - but setting up a complete VPN can be a time consuming task. Here is a short solution how to redirect all your traffic with one simple command.
The Solution
sshuttle is a great piece of software! It allows you to connect (encrypted via SSH) to a remote computer and it redirects all local traffic through it.
All you need is a remote site where you habe ssh access - e.g. a Raspberry Pi with ssh turned on.
So lets assume you have a linux pc (called traveller) and your raspberry pi at home (with ssh turned on, and a user named john).
Setup of the raspberry pi
Here are the good news - you just have to turn on ssh access on the pi.
- Enter sudo raspi-config in a terminal window
- Select Interfacing Options
- Navigate to and select SSH
- Choose Yes
- Select Ok
- Choose Finish
Reboot the pi and try to login via ssh. If this works, then everything is ok.
Ensure that your RPi is accessible from the internet - e.g. by exposing it in your firewall as DMZ computer and pointing a dyndns domain to it.
The best news is: If ssh is already installed, then you do not need root access anymore.
Installing sshuttle
On most linux systems sshuttle comes prepackaged with your package manager. Assuming that you are using apt-eg as packagemanager of your choice the installation would look like the following example:
Thats it.
Connecting to the pi
The final step is to connect from the traveller machine to your home pi.
The authenticity of host 'pi.dnndns.net (111.222.223.1)' can't be established.
ECDSA key fingerprint is SHA256:zXxWLZC+2Cedglmm8UKR1t3NxJUUzXvIG2ZHU1JSzc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'pi.dnndns.net,111.222.223.1' (ECDSA) to the list of known hosts.
john@pi.dnndns.net's password:
client: Connected.
Nowyou are sending your whole traffic through the ssh tunnel to your pi, and from there to the internet.