VPN in 60 seconds
If you prefer simple and beautiful solutions, or you like everything that falls under the It Just Works category, then this article is for you. To start an encrypted connection, it is enough to have an SSH client on your computer, install sshuttle (more on that later) and purchase a VPS with any tariff plan in the country you are interested in. On a remote VPS machine, in most cases, absolutely nothing needs to be configured (it is enough that the python packages and the SSH server are installed).
Install sshuttle on your computer:
Next, you need to run a simple command:
where username is the login on the remote virtual server, sshserver is its IP address or domain name, the parameter 0.0.0.0/0 means that we are going to add a rule to our routing table, due to which all outgoing traffic will be sent to the remote server, except for DNS queries. The developer intentionally does not include this DNS functionality by default, because some users must use provider name resolution servers to access the Internet. If we can use any DNS servers, then requests to them can be “wrapped” in our encrypted SSH tunnel:
In addition, we can send our outgoing traffic not completely to the tunnel, but only for certain IP subnets, indicating the appropriate parameter:
The advantages of this solution are as follows:
There is only one drawback (if you can call it a drawback): sshuttle does not support Windows, users of this OS can make a crutch in the form of a VM .
Install sshuttle on your computer:
- either by
')pip install sshuttle - or by copying source from github
git clone https://github.com/sshuttle/sshuttle.git && python setup.py install - debian users can do this:
apt-get install sshuttle
Next, you need to run a simple command:
sudo sshuttle -r username@sshserver 0.0.0.0/0 where username is the login on the remote virtual server, sshserver is its IP address or domain name, the parameter 0.0.0.0/0 means that we are going to add a rule to our routing table, due to which all outgoing traffic will be sent to the remote server, except for DNS queries. The developer intentionally does not include this DNS functionality by default, because some users must use provider name resolution servers to access the Internet. If we can use any DNS servers, then requests to them can be “wrapped” in our encrypted SSH tunnel:
sshuttle --dns -r username@sshserver 0.0.0.0/0 In addition, we can send our outgoing traffic not completely to the tunnel, but only for certain IP subnets, indicating the appropriate parameter:
sshuttle -r username@sshserver 11.12.13.14/0 The advantages of this solution are as follows:
- you do not need to have administrator rights on the remote server used to access the Internet
- You do not need to create SSH rules for forwarding each port.
There is only one drawback (if you can call it a drawback): sshuttle does not support Windows, users of this OS can make a crutch in the form of a VM .
Source: https://habr.com/ru/post/318694/
All Articles