SSH VPN がお手軽に利用できる sshuttle を久々に使おうとしたら失敗します.いくつかのremotehostを試してもうまくいかない.
Debian sid 環境でのエラー
$ sshuttle -v -r user@remotehost 0/0 Starting sshuttle proxy. firewall manager: Starting firewall with Python version 3.7.4 firewall manager: ready method name nat. IPv6 enabled: False UDP enabled: False DNS enabled: False User enabled: False TCP redirector listening on ('127.0.0.1', 12300). Starting client with Python version 3.7.4 c : connecting to server... Host key fingerprint is SHA256:kUoWT4bCu7+HiegN9R5tYqO5nnvpQPobzSk46T8WEwU +---[ECDSA 256]---+ | .E...o | | o o= . | | +o + | | oo . . | | oo. S | | *++ o | | *.+=X+o | | ..=+X*=. | | .o+%B+o | +----[SHA256]-----+ Enter passphrase for key '/home/matoken/.ssh/id_ed25519': Authenticated to nnn.nnn.nnn.nnn ([nnn.nnn.nnn.nnn]:nn). -c:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses Starting server with Python version 3.7.3 s: latency control setting = True c : Connected. s: auto-nets:False firewall manager: setting up. >> iptables -t nat -N sshuttle-12300 >> iptables -t nat -F sshuttle-12300 >> iptables -t nat -I OUTPUT 1 -j sshuttle-12300 >> iptables -t nat -I PREROUTING 1 -j sshuttle-12300 >> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp >> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42 firewall manager: undoing changes. >> iptables -t nat -D OUTPUT -j sshuttle-12300 >> iptables -t nat -D PREROUTING -j sshuttle-12300 >> iptables -t nat -F sshuttle-12300 >> iptables -t nat -X sshuttle-12300 c : fatal: server died with error code 255
最後の行のエラーメッセージで検索すると以下のIssue を見つけました.
参考にして -x remotehostip
で使えるようになりました.-x
は除外オプションで接続先のip を指定して除外するとOKのようです.
-
NG
$ sshuttle -r user@remotehost 0/0
-
OK
$ sshuttle -r user@remotehost 0/0 -x remotehostip
VPN 対象のサブネットと同様 -x
にも複数のサブネット/ip の指定ができます.
$ dpkg-query -W sshuttle sshuttle 0.78.5-1 $ hostnamectl|grep -E 'Operating System|Architecture' Operating System: Debian GNU/Linux bullseye/sid Architecture: x86-64
Raspbian Buster 環境でのエラー
ちなみに sshuttle を Raspbian Buster で試すとまた違うこんなエラーに.でもやっぱり -x
で解決しました.
: client: Connected. packet_write_wait: Connection to 192.168.1.102 port 22: Broken pipe Traceback (most recent call last): File "/usr/bin/sshuttle", line 11, in <module> load_entry_point('sshuttle==0.78.5', 'console_scripts', 'sshuttle')() File "/usr/lib/python3/dist-packages/sshuttle/cmdline.py", line 82, in main opt.sudo_pythonpath) File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 787, in main seed_hosts, auto_hosts, auto_nets, daemon, to_nameserver) File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 547, in _main ssnet.runonce(handlers, mux) File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 598, in runonce h.callback(s) File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 488, in callback self.flush() File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 439, in flush wrote = _nb_clean(os.write, self.wsock.fileno(), self.outbuf[0]) File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 79, in _nb_clean return func(*args) BrokenPipeError: [Errno 32] Broken pipe
$ dpkg-query -W sshuttle sshuttle 0.78.5-1 $ lsb_release -d Description: Raspbian GNU/Linux 10 (buster) $ uname -m armv6l $ cat /proc/device-tree/model ;echo Raspberry Pi Model B Rev 2
Ubuntu 18.04 LTS 環境(OK)
Ubuntu 18.04 LTS のsshuttle でも試してみましたがこれは -x
を付けなくても問題なしでした.sshuttle 0.78.4 〜 0.78.5 の間の修正での影響でしょうか?
$ dpkg-query -W sshuttle sshuttle 0.78.3-1ubuntu1 $ lsb_release -d Description: Ubuntu 18.04.2 LTS $ uname -m x86_64