search

sshuttle / sshuttle

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
GNU Lesser General Public License v2.1
11.39k stars 718 forks source link

Bypassing a Real Censorship Scenario: HELP #559

Open h-saber opened 3 years ago

h-saber commented 3 years ago

Dear friends,

I live in an extremely internet-censored area which sometimes the big-brother decides to block ALL connections to the internet for an unknown duration and routes all the traffics in the local intranet.

This is the technical case:

  1. There rarely exist some special servers who "always" have access to the outside (for example the backend server of a local service application which uses Google Maps) but these servers' traffic is highly monitored and investigated by the cops.
  2. I have access to some of these special servers who can access the free world, but their access is censored, limited and under control. Let's call them "in-cage VPS"
  3. I have some other servers in the real free world which I can go through them to free internet. Let's call them "free VPS"

Now my plan:

  1. Running a VPN server (like WireGuard or Shadowsocks) on in-cage VPS.
  2. Tunneling the whole traffic of in-cage VPS to free VPS in an encrypted way. (obfuscation is a plus, if available).
  3. So my home laptop or mobile phone can access the free world through these two server hubs.

After a few searches, I found sshuttle a great tool for the tunneling part between two servers.

UPDATE: I have installed some VPN servers on my in-cage VPS using Streisand, and installed sshuttle 1.0.5 using git clone. But when I connect to those VPN servers, the outgoing connection won't go through sshuttle (I tried WG, OpenVPN and SSH Tunnel) How can I handle this issue? Any helping solution is appropriated.

svyotov commented 3 years ago

I have used successfully in the past stunnel + openvpn. Stunnel can create end to end encrypted tls tunnel over port 443. Traffic to the outside world looks like any normal encrypted webpage connection (except the amount of data) and then you can do your openvpn or any other connection from inside. https://github.com/Xaqron/stunnel (or google stunnel + openvpn)

h-saber commented 3 years ago

Thanks @svyotov Currently I use the system you suggested but my question is different: I have one client and 2 servers. When I install and run sshuttle on server1, it doesn't accept incoming connection from OpenVPN of the client.

h-saber commented 3 years ago

UPDATE: I have installed some VPN servers on my in-cage VPS using Streisand, and installed sshuttle 1.0.5 using git clone. But when I connect to those VPN servers, the outgoing connection sometimes won't go through sshuttle

How can I handle this issue? Any helping solution is appropriated.

svyotov commented 3 years ago

shot in the dark, but this does not seem like a VPN issue, are you sure it is not related to https://github.com/sshuttle/sshuttle/issues/554 ? What is your OS/ DNS server?

h-saber commented 3 years ago

Nope. It's Ubuntu 16 and sshuttle works perfect, except I can't route the VPN servers' traffic through it. I've even tried this instruction but no success: https://www.reddit.com/r/WireGuard/comments/i2hkhq/using_wireguard_with_sshuttle/

ali80 commented 1 year ago

Nope. It's Ubuntu 16 and sshuttle works perfect, except I can't route the VPN servers' traffic through it. I've even tried this instruction but no success: https://www.reddit.com/r/WireGuard/comments/i2hkhq/using_wireguard_with_sshuttle/

have you found any solutions for this? I have the same issue, when using sshuttle, I connect from the cage vps to free vps, the cage vps stops receiving requests from other clients, so in the other words, the connection between cage vps and free vps is ok, but when I try to connect to cage vps from my laptop, it fails, I cant even establish ssh connection anymore