SSH VPN がお手軽に利用できる sshuttle を久々に使おうとしたら失敗します.いくつかのremotehostを試してもうまくいかない.
Debian sid 環境でのエラー
$ sshuttle -v -r user@remotehost 0/0
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.7.4
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
User enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
Starting client with Python version 3.7.4
c : connecting to server...
Host key fingerprint is SHA256:kUoWT4bCu7+HiegN9R5tYqO5nnvpQPobzSk46T8WEwU
+---[ECDSA 256]---+
| .E...o |
| o o= . |
| +o + |
| oo . . |
| oo. S |
| *++ o |
| *.+=X+o |
| ..=+X*=. |
| .o+%B+o |
+----[SHA256]-----+
Enter passphrase for key '/home/matoken/.ssh/id_ed25519':
Authenticated to nnn.nnn.nnn.nnn ([nnn.nnn.nnn.nnn]:nn).
-c:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
Starting server with Python version 3.7.3
s: latency control setting = True
c : Connected.
s: auto-nets:False
firewall manager: setting up.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
firewall manager: undoing changes.
>> iptables -t nat -D OUTPUT -j sshuttle-12300
>> iptables -t nat -D PREROUTING -j sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -X sshuttle-12300
c : fatal: server died with error code 255最後の行のエラーメッセージで検索すると以下のIssue を見つけました.
参考にして -x remotehostip で使えるようになりました.-x は除外オプションで接続先のip を指定して除外するとOKのようです.
NG
$ sshuttle -r user@remotehost 0/0OK
$ sshuttle -r user@remotehost 0/0 -x remotehostip
VPN 対象のサブネットと同様 -x にも複数のサブネット/ip の指定ができます.
Debian sid 環境
$ dpkg-query -W sshuttle sshuttle 0.78.5-1 $ hostnamectl|grep -E 'Operating System|Architecture' Operating System: Debian GNU/Linux bullseye/sid Architecture: x86-64
Raspbian Buster 環境でのエラー
ちなみに sshuttle を Raspbian Buster で試すとまた違うこんなエラーに.でもやっぱり -x で解決しました.
Raspbian Buster での error message
:
client: Connected.
packet_write_wait: Connection to 192.168.1.102 port 22: Broken pipe
Traceback (most recent call last):
File "/usr/bin/sshuttle", line 11, in <module>
load_entry_point('sshuttle==0.78.5', 'console_scripts', 'sshuttle')()
File "/usr/lib/python3/dist-packages/sshuttle/cmdline.py", line 82, in main
opt.sudo_pythonpath)
File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 787, in main
seed_hosts, auto_hosts, auto_nets, daemon, to_nameserver)
File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 547, in _main
ssnet.runonce(handlers, mux)
File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 598, in runonce
h.callback(s)
File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 488, in callback
self.flush()
File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 439, in flush
wrote = _nb_clean(os.write, self.wsock.fileno(), self.outbuf[0])
File "/usr/lib/python3/dist-packages/sshuttle/ssnet.py", line 79, in _nb_clean
return func(*args)
BrokenPipeError: [Errno 32] Broken pipeRaspbian Buster の環境
$ dpkg-query -W sshuttle sshuttle 0.78.5-1 $ lsb_release -d Description: Raspbian GNU/Linux 10 (buster) $ uname -m armv6l $ cat /proc/device-tree/model ;echo Raspberry Pi Model B Rev 2
Ubuntu 18.04 LTS 環境(OK)
Ubuntu 18.04 LTS のsshuttle でも試してみましたがこれは -x を付けなくても問題なしでした.sshuttle 0.78.4 〜 0.78.5 の間の修正での影響でしょうか?
error の出なかった環境
$ dpkg-query -W sshuttle sshuttle 0.78.3-1ubuntu1 $ lsb_release -d Description: Ubuntu 18.04.2 LTS $ uname -m x86_64