Last active
May 9, 2025 03:03
Revisions
-
kylekyle revised this gist
Jun 24, 2021 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -55,6 +55,8 @@ You should be set. To start `sshuttle`, run: ```bash root@OpenWrt:~# sshuttle @sshuttle.conf - or - root@OpenWrt:~# screen -d -m sshuttle @sshuttle.conf ``` Everything passing through the router should now be tunneled. To restrict tunneling to just the `192.168.2.1/24` subnet, you'll need to add an `iptables` rule: -
Jun 23, 2021 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -15,7 +15,7 @@ Once you have the space, install `sshuttle`: ```bash root@OpenWrt:~# opkg update root@OpenWrt:~# opkg install python3 python3-pip iptables-mod-extra iptables-mod-nat-extra iptables-mod-ipopt root@OpenWrt:~# pip3 install sshuttle ``` ## Create a wifi access point @@ -28,6 +28,8 @@ Generate an ssh key to add to authorized keys on the remote server: ```bash root@OpenWrt:~# dropbearkey -t rsa -f /root/.ssh/id_rsa root@OpenWrt:~# dropbearkey -y -f .ssh/id_rsa | grep "^ssh-rsa " > .ssh/id_rsa.pub root@OpenWrt:~# scp .ssh/id_rsa.pub kyle.king@jump.eecs.ninja:.ssh/authorized_keys ``` ## Create sshuttle.conf -
Jun 23, 2021 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,11 @@ # Install and configure sshuttle on OpenWrt Note that ANY flash update will wreck the extroot configuration. I didn't realize that and had to: * Take the USB out and reboot so overlay would detach * Repartition/format the USB * [Set up extroot from scratch](https://openwrt.org/docs/guide-user/additional-software/extroot_configuration). ## Configure extroot Before you can install `sshuttle`, you'll need to add some space. Pop a USB drive in the back of the router and follow [these directions](https://openwrt.org/docs/guide-user/additional-software/extroot_configuration). -
Nov 26, 2020 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,16 +29,16 @@ root@OpenWrt:~# dropbearkey -t rsa -f /root/.ssh/id_rsa Create a file called `sshuttle.conf` that looks something like this: ```bash 0/0 -v -l 0.0.0.0:12345 -e ssh -i /root/.ssh/id_rsa -r kyle.king@jump.eecs.ninja --ns-host 192.168.2.1 ``` # Start sshuttle -
Nov 26, 2020 . 1 changed file with 3 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,9 +14,7 @@ root@OpenWrt:~# python3 /usr/bin/pip3 install sshuttle ## Create a wifi access point I really wanted a wireless access point that tunneled everything on it through sshuttle. To do that, you'll need to add a `Static IP` interface, and give it a unique block of DHCP addresses to give clients. I used `192.168.2.0/24`. The interface should be in the `lan` firewall group and bridge to the `wan` port. Next, configure a wifi access point to use your new interface. ## Generate an ssh key @@ -32,8 +30,6 @@ Create a file called `sshuttle.conf` that looks something like this: ```bash -D -l 0.0.0.0:12345 --ns-hosts @@ -42,8 +38,7 @@ Create a file called `sshuttle.conf` that looks something like this: ssh -i /root/.ssh/id_rsa -r you@remote-host 0/0 ``` # Start sshuttle @@ -54,7 +49,7 @@ You should be set. To start `sshuttle`, run: root@OpenWrt:~# sshuttle @sshuttle.conf ``` Everything passing through the router should now be tunneled. To restrict tunneling to just the `192.168.2.1/24` subnet, you'll need to add an `iptables` rule: ```bash root@OpenWrt:~# iptables -t nat -I sshuttle-12345 -j RETURN \! --src 192.168.2.0/24 -
Nov 26, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # Install and configure sshuttle on OpenWrt ## Configure extroot -
Nov 26, 2020 . 1 changed file with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,32 +1,32 @@ # sshuttle on OpenWrt ## Configure extroot Before you can install `sshuttle`, you'll need to add some space. Pop a USB drive in the back of the router and follow [these directions](https://openwrt.org/docs/guide-user/additional-software/extroot_configuration). Once you have the space, install `sshuttle`: ```bash root@OpenWrt:~# opkg update root@OpenWrt:~# opkg install python3 python3-pip iptables-mod-extra iptables-mod-nat-extra iptables-mod-ipopt root@OpenWrt:~# python3 /usr/bin/pip3 install sshuttle ``` ## Create a wifi access point I really wanted a wireless access point that tunneled everything on it through sshuttle. To do that, you'll need to add a `Static IP` interface, and give it a unique block of DHCP addresses to give clients. I used `192.168.2.0/24`. The interface should be in the `lan` firewall group and bridge to the `wan` port. Next, create a wifi access point that uses your new interface. ## Generate an ssh key Generate an ssh key to add to authorized keys on the remote server: ```bash root@OpenWrt:~# dropbearkey -t rsa -f /root/.ssh/id_rsa ``` ## Create sshuttle.conf Create a file called `sshuttle.conf` that looks something like this: -
Nov 26, 2020 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Nov 26, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,75 @@ # sshuttle on OpenWrt ## extroot Before you can install `sshuttle`, you'll need to add some space. Pop a USB drive in the back and follow [these directions](https://openwrt.org/docs/guide-user/additional-software/extroot_configuration). Once you have the space, install sshuttle: ```bash root@OpenWrt:~# opkg update root@OpenWrt:~# opkg install python3 python3-pip iptables-mod-extra iptables-mod-nat-extra iptables-mod-ipopt root@OpenWrt:~# python3 /usr/bin/pip3 install sshuttle ``` ## Create your wifi access point I really wanted a wireless access point that tunneled everything on it through sshuttle. To do that, you'll need to add a `Static IP` interface, and give it a unique block of DHCP addresses to give clients. I used `192.168.2.0/24`. The interface should be in the `lan` firewall group and bridge to the `wan` port. Next, create a wifi access point that uses your new interface. ## ssh key Generate an ssh key to add to authorized keys on the remote server: ```bash root@OpenWrt:~# dropbearkey -t rsa -f /root/.ssh/id_rsa ``` ## sshuttle.conf Create a file called `sshuttle.conf` that looks something like this: ```bash -D -v 0/0 -l 0.0.0.0:12345 --ns-hosts 192.168.2.1 -e ssh -i /root/.ssh/id_rsa -r you@remote-host -x 192.168.0.0/16 ``` # Start sshuttle You should be set. To start `sshuttle`, run: ```bash root@OpenWrt:~# sshuttle @sshuttle.conf ``` If everything is working, then everything passing through the router should be tunneled. To restrict tunneling to just the `192.168.2.1/24` subnet, you'll need to add an `iptables` rule: ```bash root@OpenWrt:~# iptables -t nat -I sshuttle-12345 -j RETURN \! --src 192.168.2.0/24 ``` You can see the `iptables` rules for `sshuttle` with the following command: ```bash root@OpenWrt:~# iptables -t nat -L sshuttle-12345 Chain sshuttle-12345 (2 references) target prot opt source destination RETURN all -- !192.168.2.0/24 anywhere RETURN !udp -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN udp -- anywhere anywhere ADDRTYPE match dst-type LOCAL udp dpt:!domain RETURN tcp -- anywhere 192.168.0.0/16 REDIRECT tcp -- anywhere anywhere TTL match TTL != 63 redir ports 12345 REDIRECT udp -- anywhere OpenWrt.lan udp dpt:domain TTL match TTL != 63 redir ports 12299 ```