There are many ways to set up a VPN. Setting up a VPN typically requires using privileged access on all hosts involved (in order to create virtual network interfaces via TUN/TAP devices), as well as opening up additional VPN ports on any existing firewall. This is an administrative overhead. If you can configure a VPN over a commonly available SSH tunnel, it will reduce the VPN provisioning overhead.
In this tutorial, I will describe how to set up a VPN over SSH in Linux, by using a command-line tool called sshuttle.
sshuttle is originally developed as a transparent proxy server, but it can work as a VPN over SSH.
To be able to create a VPN through SSH with sshuttle, you only need to install sshuttle on local host. You do not need to install sshuttle nor require root access on the other remote host. Upon VPN creation, the sshuttle's python code on local host will automatically be uploaded to the remote host for running without root access. The only requirements for the remote host are that SSH server be running, and that python interpreter be installed.
To install sshuttle on Ubuntu or Debian:
To install sshuttle on CentOS, Fedora or RHEL, download its python code from its official repository, and include the downloaded sshuttle in your PATH environment variable.
$ git clone git://github.com/apenwarr/sshuttle
To initiate a VPN connection through SSH tunnel with sshuttle, run the following command.
user@remote_host's password: ####### Connected.
As you can see above, sshuttle will ask you for SSH password to the remote host. If you see "Connected" message after logging in, this means that a VPN is successfully established over SSH.
"0.0.0.0/0" means that all traffic will be forwarded to, and routed via the remote SSH host. "--dns" option makes local DNS requests be forward to the remote host as well.
At this point, you should be able to access any external host via a remote SSH host. To tear down an existing VPN over SSH, simply press Ctrl+C on the terminal where sshuttle is running.
If you want only specific subnets to be routed over the VPN, you can specify such subnets when launching sshuttle as follows.
As clarified in the beginning, the remote host must have python installed. If python is not available on the remote host, you will see the following error when running sshuttle.
P=python2: Command not found. P: Undefined variable. client: fatal: server died with error code 1
Subscribe to Xmodulo
You can have daily Linux tutorials and FAQs delivered to your email inbox. Simply enter your email address below to subscribe to our mailing list. You will receive hands-on guides and carefully written tutorials related to Linux, everything for free.