sshuttle running, but not actually proxying

[sc...@bytality.com]

Sshuttle seems to connect, and I can see it presumably requesting objects via the tunnel, but when I pull up www.ipchicken.com it shows the client IP not the server IP.  To verify I can tunnel to that machine OK, I verified using a standard SSH tunnel.  When I connect via a dynamic forward with a regular ssh tunnel connection, it works great using it as a socks proxy.  When I use sshuttle, it doesn't seem to be using the tunnel, and seems to fallback to using the regular connection.

Here's my setup:
  Server:  Ubuntu 12.04 LTS - Server version (physical box) Linux 3.2.0-23-generic
  Client: Xubuntu 14.04 LTS - 3.13.0-24-generic running as Oracle Virtualbox VM

I'm trying to use sshuttle to encrypt and tunnel all trafic from the VM to my home server while traveling & on open wifi for better security.  Apparently, something is wrong because its not tunneling, and I am seeing "c : read: err was: [Errno 11] Resource temporarily unavailable" errors in the output.

Any Ideas what's going on?  I can make my way around linux OK, but I'm by no means a guru.  This seems to have me stumped.  FYI - I've got root authority available on the server side, just let me know if any debugging info would be helpful and I can get it.

user@xubuntu159357:~/.ssh$ sshuttle -l 0.0.0.0 --dns -vvvvvvvvv --ssh-cmd 'ssh myserver' 0/0
Starting sshuttle proxy.
Binding: 12300
Listening on ('0.0.0.0', 12300).
DNS listening on ('0.0.0.0', 12300).
firewall manager ready.
c : connecting to server...
c : executing: ['python', '-c', 'import sys; skip_imports=1; verbosity=9; exec compile(sys.stdin.read(764), "assembler.py", "exec")']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'cmdline_options.py' (29 bytes)
server: assembling 'helpers.py' (698 bytes)
server: assembling 'ssubprocess.py' (13695 bytes)
server: assembling 'ssnet.py' (5447 bytes)
server: assembling 'hostwatch.py' (2238 bytes)
server: assembling 'server.py' (2377 bytes)
 s: latency control setting = True
 s: available routes:
 s:   10.0.2.0/24
 s:  > channel=0 cmd=PING len=7 (fullness=0)
c : connected.
Connected.
c : Waiting: 3 r=[3, 5, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 3 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=7/0)
 s:  > channel=0 cmd=ROUTES len=12 (fullness=7)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=19/0)
 s:   Ready: 1 r=[4] w=[5] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=19)
 s: mux wrote: 15/15
c :   Ready: 3 r=[9] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : mux wrote: 15/15
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=14/0)
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: mux wrote: 20/20
c :   Ready: 3 r=[9] w=[] x=[]
c : <  channel=0 cmd=ROUTES len=12
firewall manager: starting transproxy.
>> iptables -t nat -N sshuttle-12300
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 127.0.1.1/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=0/0)

c :   Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('127.0.0.1', 46110): 36 bytes
c :  > channel=1 cmd=DNS_REQ len=36 (fullness=0)
c : Remaining DNS requests: 1
c : mux wrote: 44/44
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=36/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=1 cmd=DNS_REQ len=36
 s: Incoming DNS request.
 s: DNS: sending to '127.0.1.1'
 s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=0/0)
 s:   Ready: 2 r=[6] w=[] x=[]
 s: DNS response: 68 bytes
 s:  > channel=1 cmd=DNS_RESPONSE len=68 (fullness=0)
c :   Ready: 3 r=[9] w=[] x=[]
c : <  channel=1 cmd=DNS_RESPONSE len=68
c : dns_done: channel=1 peer=('127.0.0.1', 46110)
c : doing sendto ('127.0.0.1', 46110)
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=36/0)
 s: mux wrote: 76/76
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=68/0)
c :   Ready: 3 r=[3] w=[] x=[]
c : Accept: 10.0.2.15:36359 -> 141.101.120.14:80.
c :  > channel=2 cmd=CONNECT len=17 (fullness=36)
c : creating new SockWrapper (1 now exist)
c : new channel: 2
c : creating new SockWrapper (2 now exist)
c : mux wrote: 25/25
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=53/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=2 cmd=CONNECT len=17
 s: Connecting to 141.101.120.14:80
 s: creating new SockWrapper (1 now exist)
 s: SW#7:141.101.120.14:80: trying connect to ('141.101.120.14', 80)
 s: SW#7:141.101.120.14:80: connect result: [Errno 115] Operation now in progress
 s: creating new SockWrapper (2 now exist)
 s: new channel: 2
 s: SW#7:141.101.120.14:80: trying connect to ('141.101.120.14', 80)
 s: SW#7:141.101.120.14:80: connect result: [Errno 114] Operation already in progress
 s: Waiting: 2 r=[4] w=[7] x=[] (fullness=68/0)
 s:   Ready: 2 r=[] w=[7] x=[]
 s: SW#7:141.101.120.14:80: trying connect to ('141.101.120.14', 80)
 s: read: err was: [Errno 11] Resource temporarily unavailable
 s: read: err was: [Errno 11] Resource temporarily unavailable
 s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=68/0)
c :   Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('127.0.0.1', 45738): 42 bytes
c :  > channel=3 cmd=DNS_REQ len=42 (fullness=53)
c : Remaining DNS requests: 1
c : mux wrote: 50/50
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=95/0)
 s:   Ready: 2 r=[4] w=[] x=[]
 s: <  channel=3 cmd=DNS_REQ len=42
 s: Incoming DNS request.
 s: DNS: sending to '127.0.1.1'
 s: read: err was: [Errno 11] Resource temporarily unavailable
 s: Waiting: 3 r=[4, 7, 8] w=[] x=[] (fullness=68/0)
 s:   Ready: 3 r=[8] w=[] x=[]
 s: DNS response: 128 bytes
 s:  > channel=3 cmd=DNS_RESPONSE len=128 (fullness=68)
c :   Ready: 4 r=[9] w=[] x=[]
c : <  channel=3 cmd=DNS_RESPONSE len=128
c : dns_done: channel=3 peer=('127.0.0.1', 45738)
c : doing sendto ('127.0.0.1', 45738)
c : read: err was: [Errno 11] Resource temporarily unavailable
c : read: err was: [Errno 11] Resource temporarily unavailable
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=95/0)

 

For reference, here is my ssh config file showing the connection parameters used.  I'm using it for both the regular SSH tunnel (which works fine) and the sshuttle connection (which doesn't work)

Host myserver
  User myusername
  Hostname myserver.com
  Port 22
  IdentityFile ~/.ssh/ssh_private.ppk
  DynamicForward *:3001

[Gabriel Filion]

On 23/05/14 03:46 PM, sc...@bytality.com wrote:
> Host myserver
> User myusername
> Hostname myserver.com
> Port 22
> IdentityFile ~/.ssh/ssh_private.ppk
> DynamicForward *:3001

hmm just trying a wild guess here. that DynamicForward line seems to be
related to the SOCKS proxy. what happens if you comment this line out
before trying to connect with sshuttle?

--
Gabriel Filion

[sc...@bytality.com]

@Gabriel Filion - it does the same thing with, or without the dynamic forward line in the host config.  I originally had it connecting w/out the forward but only added it afterward the issues as an attempt to verify at least an SSH tunnel worked.

One other oddity, I couldn't get it to recognize using a host config from the command line without overriding the SSH command via the --ssh-cmd parameter.  It only wanted to use the hostname and wouldn't lookup the configuration from my config file until I forced it with the ssh-cmd.  Not a big deal once I figured it out, but a (probably unrelated) oddity.