What is Reddit's opinion of
sshuttle?
From 3.5 billion Reddit comments
18 reviews of this app found across Reddit:
I would be wary of technical workarounds. Now that OP's friend has been busted, the authorities might be monitoring him for exactly that kind of thing, and a long-lived session is probably not the only thing they can detect. Is it worth the risk?
As long as we're linking tools, though, I came across sshuttle recently. Looks pretty handy, and since it tunnels through ssh, it probably looks to traffic monitors slightly less like a VPN than algo's IPSEC.
There is something called sshuttle that lets you tunnel IP via SSH. Is this what you're looking for?
Edit: but if it's your ISP doing the throttling then obviously the other endpoint must be somewhere outside of their control.
Regarding the self-installation: It might be worth a look at how sshuttle solves this. It only requires sshd and python3 on the remote system, but not any root privileges or even any tunneling setup.
you are mostly looking for ssh proxycommand to login directly onto the remote box behind the jumphost. google proxycommand. however there is something a lot nicer that even lets you discard the vpn piece, https://github.com/sshuttle/sshuttle sshuttle will allow you to kubectl directly from your box to the k8s api endpoint.
I’m not sure how this will run on Windows, since support is listed as Linux, bsd, & mac, but I think you’re looking for sshuttle: where transparent proxy meets VPN meets ssh (https://github.com/sshuttle/sshuttle)
Edit: found more info about how to run utilize from windows.
Okay, so I don't really know the official AWS method for this. First suggestion is using VPC VPN of course, but as you say you can't do this effectively without a static IP. A second idea would be to use a bastion EC2 instance. This instance could potentially run something like OpenVPN for you to connect to (which does not require a client static IP). Or you could use a utility like sshuttle to really easily tunnel your traffic over SSH to the instance. A poor man's VPN if-you-will. Both of these options will ensure that the service you access will see the instance's IP address as the source, which can be static with the use of an elastic IP.
If the number of remote hosts is big, have a look at sshuttle. It looks like a VPN from the user's point of view, using only SSH connection forwarding. Thats an extremely handy tool!
Adding on to the "ubiquity" point, sshuttle relies on the fact that the remote machine has python installed to send its server code over ssh and run it, thus requiring installation only on clients.
Disclaimer: best policy is honesty many companies as surprisingly cool with short term travel. Also, if you are dealing with classified info, you can deal with seriously bad repercussions.
All that being said, if you are sure that your company would object a vpn is a good start. Although, I’ve worked for companies that monitored my IP address and would object if I worked from a cafe or the library unless I informed them in advance. (I no longer work for them for obvious reasons.)
So if you are technical, there is a program called sshuttle (https://github.com/sshuttle/sshuttle) that can route all of your laptops traffic through your home network.
It takes a bit to setup and you need a machine on your home network. It also cuts your network bandwidth considerably. However, it makes it harder for your it folks to spot since all your traffic should be coming from your home ip.
Assuming your SSH shell has access to the port you want to pipe HTTP requests to, you don't need to use anything other then SSH itself to accomplish that.
https://robotmoon.com/ssh-tunnels/ has some info on it, but there's other resources out there as well. In short, you can forward port on the remote server to a local port on your computer that you interact with. You can also do the reverse and forward a local port to the remote shell to interact with locally (on its end).
There's also other options like https://github.com/sshuttle/sshuttle which can provide a VPN using SSH as well.
You should use proxychains4, you can build it yourself https://github.com/rofl0r/proxychains-ng, I like using sshuttle project, kinda like a pseudovpn https://github.com/sshuttle/sshuttle
You can get a VPS (droplet) at a provider such as digitalocean.com .You can select from 12 different locations for the data center.
It costs $5 for 720 hours. So, make sure to destroy the droplet every time you are done. Otherwise, the hourly bill will keep running.
Next, install and start sshuttle on your laptop. It will route all traffic through the droplet (including those pesky dns queries).
If you want to route part of your traffic differently, use virtualbox and create a VM for each set of different requirements. So, you will be simultaneously in the US, the UK, Brazil, and Columbia, if you like. It will allow you to be truly omnipresent in addition to already being pretty much all-knowing! ;-)
I didn't see a description of what you're syncing between, but you did say mobile isn't an issue. So why don't you just centralize your data and access it over SMB/Samba or even SSHFS? Here's an idea:
- Server running Samba and/orOpenSSH Server with users/permissions set appropriately.
- Server runs an open source mesh VPN like ZeroTier, Tinc, or Nebula (https://github.com/slackhq/nebula). I do it with ZeroTier and it is magical. If you don't want a mesh, you could do WireGuard or even sshuttle (https://github.com/sshuttle/sshuttle).
- SSH and/or Samba ONLY listens on the VPN
- Map your Samba share or whatever FS path over SSHFS to your client machines.
This isn't particularly fancy but there isn't much to go wrong. The data lives on the server but is transparently accessed by your client machine provided you have a reasonable pipe. Plus it's easier to run backups from the centralized data. If you want to get fancier, you can run it over a COW filesystem like zfs or btrfs and periodically snapshot as another layer to prevent accidental deletion or data loss. You could also run NextCloud's external storage plugin to mount your Samba or SSH share to make it accessible in that WebDAV.
Personally I have an exposed SSH port with key only authentication and IP-block after 2 failed attempts. Then I can connect using sshuttle to my network from wherever I am, I can also route all my traffic via sshuttle if I want to.
Attempting to tunnel back home while connected to the school's wlan is pretty low-risk imo. It's either going to work or it's not.
If our hero's first attempt ends in failure, it's reasonable to assume the network is employing at minimum some out-of-the-box parental control type countermeasures (and attempts at connecting to a VPS-based VPN server would also fail).
His next step might be to try to SSH tunnel back home. Use sshuttle or something else that abstracts the burden of managing port forwards.
All of that said, let's remember this is high school. News will travel quick if boy wonder ends up being the only kid with access to YouTube or Facebook. The cute blonde who bats her eyes and asks him to setup her machine too will be his downfall. Not some crazed K12 computer lab teacher pouring over DPI data :)
If you are already a techy and have servers outside the UK with SSH access I've found https://github.com/sshuttle/sshuttle to be excellent (You can also tunnel dns with the -dns flag).
ISP sees an SSH (encrypted) connection to a server and that's it.
Has the advantage of not been on a list of IP's assigned to VPN providers which cynic me has to believe means every intelligence agency in the west is all over...
Also works for Netflix since they play whack a mole with the big VPN providers but couldn't give a shit about weirdos like me.
I never experienced a Problem with a module not working with a bastion host in use.
If a module/plugin uses something other than SSH, it might be problematic, also if you delegate certain tasks to your own machine, or something alike.
You could work around that by using something like https://github.com/sshuttle/sshuttle which will allow you to use other protocols and stuff easily.
Read the docs on sshuttle. It's not just the regular SSH VPN. It does a lot of multiplexing work to improve performance, especially https://github.com/sshuttle/sshuttle#theory-of-operation
The same TCP performance issues can be seen with OpenVPN used in TCP mode. The inner TCP transmission must encounter packet loss (but never will), so performance can go crazy. The TCP stack will just think it has access to this all-powerful pipe that has unlimited bandwidth.