sshuttle
TLDR
Tunnel all traffic
SYNOPSIS
sshuttle [-r server] [--dns] [-x exclude] [options] subnets
DESCRIPTION
sshuttle creates a VPN-like tunnel over SSH. It transparently redirects traffic through a remote server without configuring VPN software.
Unlike VPNs, sshuttle requires only SSH access. No server-side installation is needed beyond Python. It works where VPN ports are blocked.
Subnet specifications determine what traffic is tunneled. 0/0 tunnels everything. Specific subnets route only matching traffic.
DNS tunneling prevents leaks. Remote DNS resolution hides query patterns from local networks.
The tool uses iptables/pf to redirect traffic. Root access is needed locally for routing setup. The remote needs only SSH access.
Auto-nets reads the remote routing table to tunnel all its accessible networks.
PARAMETERS
-r SERVER
Remote server (user@host).--dns
Tunnel DNS queries.-x SUBNET
Exclude subnet.-l ADDR
Listen address.--auto-nets
Auto-detect server networks.--auto-hosts
Scan for hosts.-N
Auto-detect DNS server.-e CMD
SSH command.-v
Verbose.--daemon
Run as daemon.--pidfile FILE
PID file.--method METHOD
NAT method (auto, nat, tproxy).
CAVEATS
Requires root locally. Not a full VPN (no UDP by default). Latency added by SSH. Some applications may not work through tunnel.
HISTORY
sshuttle was created by Avery Pennarun around 2010. It was described as a "poor man's VPN" that works wherever SSH works.
SEE ALSO
ssh(1), openvpn(8), wireguard(8), proxychains(1)
