sshuttle and hotspot not working

[tom...@gmail.com]

Hi,

At first thanks for perfect tool which is very easy to setup and use. 

However for some reason i cannot get internet access for clients connected to the hotspot.

My situation is: 

While im traveling sometimes hotel has restriction to 1 device connection to the Wifi and at the same time some poor router/configuration.

Internet connection is really bad, but when i tunneling traffic trough ssh running at home then internet is working fine. So im sharing the wifi connection by enabling Mint linux  built-in Hotspot feature.

( i have Laptop with persistent Mint linux 18 booting from USB stick. An internal Wifi adapter and additional USB wifi stick.   One adapter for hotel wifi connection another for hotspot)

Without sshutle running, clients get the internet, but with sshuttle running, clients has no internet connection while they are connected to the hotspot. LAptop tunneling is working fine at that time.

Hotspot is created with mint linux built-in Network settings tool. 

How can i get hotspot clients connected to the tunneled internet? 

[Brian May]

tom...@gmail.com writes:

> At first thanks for perfect tool which is very easy to setup and use.
> However for some reason i cannot get internet access for clients connected
> to the hotspot.

I am guessing this might be the same issue:

https://github.com/sshuttle/sshuttle/issues/102

Which unfortunately is a bug in OSX.
--
Brian May <br...@microcomaustralia.com.au>

[Tony Godshall]

What commandline options are you using for sshuttle?

> --
> You received this message because you are subscribed to the Google Groups
> "sshuttle" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sshuttle+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



--
--
Best Regards.
This is unedited.
This message came out of me
via a suboptimal keyboard.

[tom...@gmail.com]

sudo sshuttle  -vHr us...@my.ip:222 0/0

[Tony Godshall]

I'd recommend adding the -v or -vv and sending us those results so we
can see what it's really doing

I'm thinking you might need -e 'ssh -g' so that port-forwards work
outside of the same host

[aappd...@gmail.com]

Oh wow! I just hit this issue as well:

a) Laptop running f25 is running the wifi as hotspot and sshuttle to my home server

b) iPad and iPhone connect to the laptop hotspot

When sshuttle is running, the ipad and iphone cannot get to external sites e.g. cnn, yahoo or netflix.

When sshuttle is not running, ipad and iphone can access internet.

I tried running with sshuttle -vHr <server> e 'ssh -g' 0/0

but that did not work.

[Tony Godshall]

can you ping by name?
e.g. # ping google.com

can you ping by ip address?
e.g. # ping 8.8.8.8

[aappd...@gmail.com]

I was probably not fully clear...

a) The hotspot laptop is the hotspot over wifi and the laptop is connected via ethernet.

Everything from the laptop was working including pinging other hosts, etc.

It was just the ipad and iphone that had the problem accessing each app's content (e.g. the CNN app trying to get CNN app content) that did not work.

With sshuttle off, the iphone and ipad apps ran fine.

I tried being explicit about the mode as well, I tried nat and auto. I also tried using --dns thinking it was unable to do lookups. 

$ ip route show
default via 10.92.0.1 dev enp0s20f0u1  proto static  metric 100  
10.42.0.0/24 dev wlp58s0  proto kernel  scope link  src 10.42.0.1  metric 600  
10.92.0.0/20 dev enp0s20f0u1  proto kernel  scope link  src 10.92.6.43  metric 100  
192.168.46.0/24 dev vmnet8  proto kernel  scope link  src 192.168.46.1

$sshuttle --dns -vH -r m...@my-dynamic-dns-hostname.net -e 'ssh -g' 0/0    
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.2
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: True
TCP redirector listening on ('127.0.0.1', 12300).
DNS listening on ('127.0.0.1', 12300).
Starting client with Python version 3.5.2
c : connecting to server...
Starting server with Python version 3.5.2
s: latency control setting = True
s: available routes:
s:   2/192.168.0.0/24
s:   2/192.168.122.0/24
c : Connected.
c : seed_hosts: []
firewall manager: setting up.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
hostwatch: Starting hostwatch with Python version 3.5.2
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.92.1.101/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 205.222.5.23/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 205.222.5.22/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 8.8.8.8/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : Accept TCP: 10.92.6.43:46948 -> 108.175.43.141:443.

[some hostnames found but deleted since they are private]

c : Accept TCP: 10.92.6.43:38414 -> 108.48.85.221:443.
c : warning: closed channel 2 got cmd=TCP_STOP_SENDING len=0
c : DNS request from ('10.92.6.43', 29789) to None: 33 bytes
c : Accept TCP: 10.92.6.43:43250 -> 54.85.0.192:443.
c : DNS request from ('10.92.6.43', 29619) to None: 34 bytes
c : Accept TCP: 10.92.6.43:42952 -> 204.79.197.213:443.
c : DNS request from ('10.92.6.43', 51052) to None: 49 bytes
s: SW#8:108.48.85.221:443: deleting (7 remain)
c : Accept TCP: 10.92.6.43:52940 -> 40.117.100.83:443.
s: SW'unknown':Mux#2: deleting (6 remain)
c : SW#10:10.92.6.43:38414: deleting (9 remain)
c : SW'unknown':Mux#2: deleting (8 remain)
c : DNS request from ('10.92.6.43', 47698) to None: 38 bytes
c : DNS request from ('10.92.6.43', 26589) to None: 38 bytes
hostwatch: Found: a-0011: 204.79.197.213
hostwatch: Found: ipv4_1: 108.175.43.141
hostwatch: Found: ec2-54-85-0-192: 54.85.0.192
c : Accept TCP: 10.92.6.43:38422 -> 108.48.85.221:443.
c : warning: closed channel 11 got cmd=TCP_STOP_SENDING len=0
c : DNS request from ('10.92.6.43', 41459) to None: 42 bytes
c : DNS request from ('10.92.6.43', 41459) to None: 42 bytes
c : Accept TCP: 10.92.6.43:38424 -> 108.48.85.221:443.
c : warning: closed channel 14 got cmd=TCP_STOP_SENDING len=0
c : warning: closed channel 1 got cmd=TCP_STOP_SENDING len=0
s: warning: closed channel 6 got cmd=TCP_STOP_SENDING len=0
s: warning: closed channel 6 got cmd=TCP_EOF len=0
c : Accept TCP: 10.92.6.43:38426 -> 108.48.85.221:443.
c : SW#14:10.92.6.43:38424: deleting (13 remain)
c : SW'unknown':Mux#14: deleting (12 remain)
c : SW#8:10.92.6.43:46948: deleting (11 remain)
c : SW'unknown':Mux#1: deleting (10 remain)
c : SW#12:10.92.6.43:42952: deleting (9 remain)
c : SW'unknown':Mux#6: deleting (8 remain)
s: SW#13:108.48.85.221:443: deleting (13 remain)
s: SW'unknown':Mux#14: deleting (12 remain)
s: SW#6:108.175.43.141:443: deleting (11 remain)
s: SW'unknown':Mux#1: deleting (10 remain)
s: SW#12:204.79.197.213:443: deleting (9 remain)
s: SW#12:204.79.197.213:443: error was: uread: [Errno 104] Connection reset by peer
s: SW'unknown':Mux#6: deleting (8 remain)
c : warning: closed channel 15 got cmd=TCP_STOP_SENDING len=0
c : DNS request from ('10.92.6.43', 36989) to None: 61 bytes
c : Accept TCP: 10.92.6.43:46964 -> 108.175.43.141:443.
c : SW#15:10.92.6.43:38426: deleting (9 remain)
c : SW'unknown':Mux#15: deleting (8 remain)
s: SW#15:108.48.85.221:443: deleting (9 remain)
s: SW'unknown':Mux#15: deleting (8 remain)
c : SW#10:10.92.6.43:38422: deleting (7 remain)
c : SW'unknown':Mux#11: deleting (6 remain)
s: SW#14:108.48.85.221:443: deleting (7 remain)
s: SW'unknown':Mux#11: deleting (6 remain)
c : Accept TCP: 10.92.6.43:46966 -> 108.175.43.141:443.
c : SW#8:10.92.6.43:46964: uwrite: got EPIPE
c : warning: closed channel 17 got cmd=TCP_EOF len=0
c : warning: closed channel 17 got cmd=TCP_DATA len=133

 s: SW#9:108.175.43.141:443: deleting (7 remain)
s: SW'unknown':Mux#17: deleting (6 remain)
c : SW'unknown':Mux#17: deleting (7 remain)
c : SW#8:10.92.6.43:46964: deleting (6 remain)
c : SW#8:10.92.6.43:46964: error was: nowrite: [Errno 107] Transport endpoint is not connected
c : DNS request from ('10.92.6.43', 11074) to None: 32 bytes
c : Accept TCP: 10.92.6.43:60050 -> 13.77.92.139:443.
c : DNS request from ('10.92.6.43', 44399) to None: 32 bytes

...

 SW#17:66.35.62.162:80: deleting (21 remain)
s: SW'unknown':Mux#34: deleting (20 remain)
c : SW#18:10.92.6.43:34280: deleting (19 remain)
c : SW'unknown':Mux#34: deleting (18 remain)
c : SW#10:10.92.6.43:46966: uwrite: got EPIPE
c : Accept TCP: 10.92.6.43:46984 -> 108.175.43.141:443.
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : SW#10:10.92.6.43:46966: deleting (19 remain)
c : SW#10:10.92.6.43:46966: error was: nowrite: [Errno 107] Transport endpoint is not connected
c : SW'unknown':Mux#18: deleting (18 remain)
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048
c : warning: closed channel 18 got cmd=TCP_DATA len=2048

[harn...@gmail.com]

Hi!

I was able to solve the problem by adding "-l 0.0.0.0:0" to the command:

Like that:

sshuttle -r usename@server 0.0.0.0/0 -l 0.0.0.0:0 -H


-H is just for the DNS, I don't think it is necessary if you don't need it.