Sshuttle doesn't work across VPN tunnel on Mac OS X.116
2,451 views
Skip to first unread message
Mark Cairney
Sep 21, 2016, 4:35:25 AM9/21/16
to sshuttle
Hi,
Due to corporate firewall policies we need to VPN onto the LAN to access our workstations. Once VPN'ed in I run sshuttle to tunnel to my desktop machine.
This approach works fine on Linux but on my Mac nothing seems to be transmitted once the sshuttle connection is established.
Is this a bug, expected behaviour or do I need to supply a parameter to tell sshuttle which network interface to tunnel on?
I've included ifconfig and netstat output before and after sshuttle is attempted. The VPN appears to be running on ppp0.
This is what I see with the --dns flag:
Latapy:sshuttle mcairney$ sudo sshuttle --dns -v -r username@system 0/0
Password:
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
IPv6 enabled: True
UDP enabled: False
DNS enabled: True
TCP redirector listening on ('::1', 12300, 0, 0).
TCP redirector listening on ('127.0.0.1', 12300).
DNS listening on ('::1', 12300, 0, 0).
DNS listening on ('127.0.0.1', 12300).
Starting client with Python version 2.7.10
c : connecting to server...
username@system's password:
/opt/X11/bin/xauth: file /Users/username/.Xauthority does not exist
Starting server with Python version 2.7.5
s: latency control setting = True
s: available routes:
s: 2/129.215.200.0/23
s: 2/169.254.0.0/16
s: 2/192.168.122.0/24
c : Connected.
firewall manager: setting up.
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle6-12300 -f /dev/stdin
>> pfctl -E
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle-12300 -f /dev/stdin
>> pfctl -E
c : DNS request from ('129.215.4.136', 62900) to None: 35 bytes
c : DNS request from ('129.215.4.136', 62900) to None: 35 bytes
<SNIP>
^CKilled by signal 2.
firewall manager: undoing changes.
>> pfctl -a sshuttle6-12300 -F all
>> pfctl -X 4290893155170430161
>> pfctl -a sshuttle-12300 -F all
>> pfctl -X 4290893155170430033
And without the --dns flag:
Latapy:sshuttle mcairney$ sudo sshuttle -v -r username@system 0/0
Password:
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
IPv6 enabled: True
UDP enabled: False
DNS enabled: False
TCP redirector listening on ('::1', 12300, 0, 0).
TCP redirector listening on ('127.0.0.1', 12300).
Starting client with Python version 2.7.10
c : connecting to server...
username@system's password:
/opt/X11/bin/xauth: file /Users/username/.Xauthority does not exist
Starting server with Python version 2.7.5
s: latency control setting = True
s: available routes:
s: 2/129.215.200.0/23
s: 2/169.254.0.0/16
s: 2/192.168.122.0/24
c : Connected.
firewall manager: setting up.
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle6-12300 -f /dev/stdin
>> pfctl -E
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle-12300 -f /dev/stdin
>> pfctl -E
c : Accept TCP: 192.168.1.101:50689 -> 192.168.1.254:445.
c : Accept TCP: 192.168.1.101:50691 -> 192.168.1.254:445.
s: SW#7:192.168.1.254:445: uwrite: got EPIPE
s: SW'unknown':Mux#2: deleting (3 remain)
s: SW#7:192.168.1.254:445: deleting (2 remain)
s: SW#7:192.168.1.254:445: error was: [Errno 111] Connection refused
s: SW'unknown':Mux#1: deleting (1 remain)
s: SW#6:192.168.1.254:445: deleting (0 remain)
s: SW#6:192.168.1.254:445: error was: [Errno 111] Connection refused
c : SW#10:192.168.1.101:50689: deleting (3 remain)
c : SW'unknown':Mux#1: deleting (2 remain)
s: warning: closed channel 1 got cmd=TCP_STOP_SENDING len=0
s: warning: closed channel 2 got cmd=TCP_STOP_SENDING len=0
s: warning: closed channel 2 got cmd=TCP_EOF len=0
^Cfirewall manager: undoing changes.
Killed by signal 2.
>> pfctl -a sshuttle6-12300 -F all
>> pfctl -X 4290893155132248273
>> pfctl -a sshuttle-12300 -F all
>> pfctl -X 4290893154646633937
Due to corporate firewall policies we need to VPN onto the LAN to access our workstations. Once VPN'ed in I run sshuttle to tunnel to my desktop machine.
This approach works fine on Linux but on my Mac nothing seems to be transmitted once the sshuttle connection is established.
Is this a bug, expected behaviour or do I need to supply a parameter to tell sshuttle which network interface to tunnel on?
I've included ifconfig and netstat output before and after sshuttle is attempted. The VPN appears to be running on ppp0.
This is what I see with the --dns flag:
Latapy:sshuttle mcairney$ sudo sshuttle --dns -v -r username@system 0/0
Password:
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
IPv6 enabled: True
UDP enabled: False
DNS enabled: True
TCP redirector listening on ('::1', 12300, 0, 0).
TCP redirector listening on ('127.0.0.1', 12300).
DNS listening on ('::1', 12300, 0, 0).
DNS listening on ('127.0.0.1', 12300).
Starting client with Python version 2.7.10
c : connecting to server...
username@system's password:
/opt/X11/bin/xauth: file /Users/username/.Xauthority does not exist
Starting server with Python version 2.7.5
s: latency control setting = True
s: available routes:
s: 2/129.215.200.0/23
s: 2/169.254.0.0/16
s: 2/192.168.122.0/24
c : Connected.
firewall manager: setting up.
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle6-12300 -f /dev/stdin
>> pfctl -E
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle-12300 -f /dev/stdin
>> pfctl -E
c : DNS request from ('129.215.4.136', 62900) to None: 35 bytes
c : DNS request from ('129.215.4.136', 62900) to None: 35 bytes
<SNIP>
^CKilled by signal 2.
firewall manager: undoing changes.
>> pfctl -a sshuttle6-12300 -F all
>> pfctl -X 4290893155170430161
>> pfctl -a sshuttle-12300 -F all
>> pfctl -X 4290893155170430033
And without the --dns flag:
Latapy:sshuttle mcairney$ sudo sshuttle -v -r username@system 0/0
Password:
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
IPv6 enabled: True
UDP enabled: False
DNS enabled: False
TCP redirector listening on ('::1', 12300, 0, 0).
TCP redirector listening on ('127.0.0.1', 12300).
Starting client with Python version 2.7.10
c : connecting to server...
username@system's password:
/opt/X11/bin/xauth: file /Users/username/.Xauthority does not exist
Starting server with Python version 2.7.5
s: latency control setting = True
s: available routes:
s: 2/129.215.200.0/23
s: 2/169.254.0.0/16
s: 2/192.168.122.0/24
c : Connected.
firewall manager: setting up.
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle6-12300 -f /dev/stdin
>> pfctl -E
>> pfctl -s Interfaces -i lo -v
>> pfctl -s all
>> pfctl -a sshuttle-12300 -f /dev/stdin
>> pfctl -E
c : Accept TCP: 192.168.1.101:50689 -> 192.168.1.254:445.
c : Accept TCP: 192.168.1.101:50691 -> 192.168.1.254:445.
s: SW#7:192.168.1.254:445: uwrite: got EPIPE
s: SW'unknown':Mux#2: deleting (3 remain)
s: SW#7:192.168.1.254:445: deleting (2 remain)
s: SW#7:192.168.1.254:445: error was: [Errno 111] Connection refused
s: SW'unknown':Mux#1: deleting (1 remain)
s: SW#6:192.168.1.254:445: deleting (0 remain)
s: SW#6:192.168.1.254:445: error was: [Errno 111] Connection refused
c : SW#10:192.168.1.101:50689: deleting (3 remain)
c : SW'unknown':Mux#1: deleting (2 remain)
s: warning: closed channel 1 got cmd=TCP_STOP_SENDING len=0
s: warning: closed channel 2 got cmd=TCP_STOP_SENDING len=0
s: warning: closed channel 2 got cmd=TCP_EOF len=0
^Cfirewall manager: undoing changes.
Killed by signal 2.
>> pfctl -a sshuttle6-12300 -F all
>> pfctl -X 4290893155132248273
>> pfctl -a sshuttle-12300 -F all
>> pfctl -X 4290893154646633937
Brian May
Sep 28, 2016, 6:00:40 PM9/28/16
to sshuttle
Mark Cairney <mark.r....@gmail.com> writes:
> Due to corporate firewall policies we need to VPN onto the LAN to access
> our workstations. Once VPN'ed in I run sshuttle to tunnel to my desktop
> machine.
>
> This approach works fine on Linux but on my Mac nothing seems to be
> transmitted once the sshuttle connection is established.
> Is this a bug, expected behaviour or do I need to supply a parameter to
> tell sshuttle which network interface to tunnel on?
Have a look at https://github.com/sshuttle/sshuttle/issues/102/
> Due to corporate firewall policies we need to VPN onto the LAN to access
> our workstations. Once VPN'ed in I run sshuttle to tunnel to my desktop
> machine.
>
> This approach works fine on Linux but on my Mac nothing seems to be
> transmitted once the sshuttle connection is established.
> Is this a bug, expected behaviour or do I need to supply a parameter to
> tell sshuttle which network interface to tunnel on?
If this is the same problem, it is a bug in MacOSX, reported as 27061884
upstream.
--
Brian May <br...@microcomaustralia.com.au>
Reply all
Reply to author
Forward
0 new messages