Welcome to bytebang » The blog about all and nothing » Painless VPN with sshuttle

Painless VPN with sshuttle

Feb 28 2019

The Problem

If you are in a not very trustworthy network environment (e.g. free internet at the airport) then you may consider to send all your traffic (encrypted) through a VPN to a trusted site.
This usually requires some kind of VPN solution - but setting up a complete VPN can be a time consuming task. Here is a short solution how to redirect all your traffic with one simple command.

The Solution

sshuttle is a great piece of software! It allows you to connect (encrypted via SSH) to a remote computer and it redirects all local traffic through it.
All you need is a remote site where you habe ssh access - e.g. a Raspberry Pi with ssh turned on.

So lets assume you have a linux pc (called traveller) and your raspberry pi at home (with ssh turned on, and a user named john).

Setup of the raspberry pi

Here are the good news - you just have to turn on ssh access on the pi.

  1. Enter sudo raspi-config in a terminal window
  2. Select Interfacing Options
  3. Navigate to and select SSH
  4. Choose Yes
  5. Select Ok
  6. Choose Finish

Reboot the pi and try to login via ssh. If this works, then everything is ok.

Installing a RPi is a good idea, because it is under your full control, but this should also work with many predefined hosting-packages which you get at web providers.

Ensure that your RPi is accessible from the internet - e.g. by exposing it in your firewall as DMZ computer and pointing a dyndns domain to it.

The best news is: If ssh is already installed, then you do not need root access anymore.

Installing sshuttle

On most linux systems sshuttle comes prepackaged with your package manager. Assuming that you are using apt-eg as packagemanager of your choice the installation would look like the following example:

john@travellersudo apt install sshuttle

Thats it.

Connecting to the pi

The final step is to connect from the traveller machine to your home pi.

john@traveller:~sudo sshuttle -r john@pi.dnndns.net 0/0
The authenticity of host 'pi.dnndns.net (' can't be established.
ECDSA key fingerprint is SHA256:zXxWLZC+2Cedglmm8UKR1t3NxJUUzXvIG2ZHU1JSzc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '
pi.dnndns.net,' (ECDSA) to the list of known hosts.
s password:
client: Connected.

Nowyou are sending your whole traffic through the ssh tunnel to your pi, and from there to the internet.

Get Social

(c) 2024, by bytebang e.U. - Impressum - Datenschutz / Nutzungsbedingungen