sshuttle - where transparent proxy meets VPN meets ssh

[1-61803]

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

From readme file:
As far as I know, sshuttle is the only program that solves the following common case:
Your client machine (or router) is Linux, FreeBSD, or MacOS.
You have access to a remote network via ssh.
You don't necessarily have admin access on the remote network.
The remote network has no VPN, or only stupid/complex VPN protocols (IPsec, PPTP, etc). Or maybe you are the admin and you just got frustrated with the awful state of VPN tools.
You don't want to create an ssh port forward for every single host/port on the remote network.
You hate openssh's port forwarding because it's randomly slow and/or stupid.
You can't use openssh's PermitTunnel feature because it's disabled by default on openssh servers; plus it does TCP-over-TCP, which has terrible performance (see below).

​https://github.com/apenwarr/sshuttle

[ken-cunningham-webuse]

I agree -- this is a very useful app that solved a huge problem for me! Thanks for the suggestion.

I have the port building and I'm using it regularly now. Should have a port file to send up fairly shortly (week or so) once I work out an idiosyncrasy or two with the build process hanging.

There are some reports on the net that this app stops working after a certain MacOSX version -- I don't know about that as I haven't tested it all the way up the chain as yet.

[ken-cunningham-webuse]

OK -- I have a portfile available for testing, if anyone is interested. It appears to work well. Lots of manual installation details as that part wasn't in the port itself. To try it out, put it in your local repo under ./net/sshuttle/Portfile.

There are a couple of idiosyncracies with this one. It uses an unusual build system. For some reason that I have not yet been able to debug, there is noticeable pause between the build phase and the destroot phase -- the build system is doing something, but I can't figure out what it is. It seems to be waiting for some command to finish, and then times out. So don't be too impatient with it -- it seems to always finish.

Removing stamp files...

---LONG PAUSE!------ then action continues ...

make: Leaving directory '/opt/local/var/macports/build/_opt_myports_net_sshuttle/sshuttle/work/sshuttle-29d2e06bf5cd3d575015e23c638ca9e5a10ee29c'
--->  Staging sshuttle into destroot

The machine you're connecting to needs to have at least python 2.4 running. Well the docs say python 2.3 will work, but python 2.35 didn't work for me, so I had to upgrade an older Tiger PPC machine I use for the server to a newer python version to make it work.

I should specify that it should use python27 for building somewhere in the portfile. I asked it to install python27 versions of the dependencies it requires. The build script appears to just 'shebang' python, so perhaps the best way I could add that would be to set a build environment variable to python27.

For running it, it just uses the system's default python settings it appears, so I haven't exhaustively tested which versions of python might or might not work. I have my defaults set to python27 for both python and python2. Here's the launch script:

if python2 -V 2>/dev/null; then
	exec python2 "$DIR/main.py" python2 "$@"
else
	exec python "$DIR/main.py" python "$@"
fi

Oh, by the way -- the GUI just puts up a menu bar icon, and you won't see a window open initially, in case you wonder if it actually worked.

Hope the testing goes well for anyone interested, and we'll see what warts shake loose initially, prior to any attempt at a final release of this. Best, Ken

[ken-cunningham-webuse]

sshuttle-portfile-version1-for-testing

[1-61803]

Great! Since it's already been submitted, when will this be added to the main repo? https://www.macports.org/ports.php?by=name&substr=sshuttle.

[ken-cunningham-webuse]

It needs a bit of testing on some other systems -- it's been working just great for me. I'm using it now. i need to specific the python version a little better as well.

To use it yourself, download the portfile into a directory of your choosing. then

sudo port -v install

and you should be good to go.

Let me know if there are any problems identified. If it passes muster, it'll get included.

[ken-cunningham-webuse]

Cc Me!

[ken-cunningham-webuse]

updated portfile to specify python version and add python portgroup. other than the weird long pause when building, this seems to work OK for me.

[ken-cunningham-webuse]

Portfile v2

[ken-cunningham-webuse]

Portfile v2 with whitespace fix

[ryandesign (Ryan Carsten Schmidt)]

Replying to ken.cunningham.webuse@…:

There are a couple of idiosyncracies with this one. It uses an unusual build system. For some reason that I have not yet been able to debug, there is noticeable pause between the build phase and the destroot phase -- the build system is doing something, but I can't figure out what it is. It seems to be waiting for some command to finish, and then times out. So don't be too impatient with it -- it seems to always finish.

This would be nice to fix but is not a showstopper.

I should specify that it should use python27 for building somewhere in the portfile. I asked it to install python27 versions of the dependencies it requires. The build script appears to just 'shebang' python, so perhaps the best way I could add that would be to set a build environment variable to python27.

Yes, you must somehow inform the build system that it must use MacPorts python2.7.

Instead of hardcoding 27 in the python dependencies, use the python.version variable so that, if you later change the python version, you only have to do so on the python.default_version line instead of in multiple places.

You should remove the name and homepage lines; the github.setup line sets those for you.

Instead of setting destroot.cmd to /usr/bin/true and then defining a post-destroot block, just define a destroot block.

Why are you specifying commit 29d2e06bf5cd3d575015e23c638ca9e5a10ee29c instead of using the 0.61 tag?

You define an appname variable, but then don't use it in notes.

When you want a newline in notes, usually you should just type an actual newline (i.e. press the return key on your keyboard), rather than using a \ line continuation and a \n newline.

There should not be two newlines at the beginning of notes.

[ken-cunningham-webuse]

thanks, Ryan.

I also just noticed that adding in the python portgroup also changed the build command and something funny happens now -- I missed that first go.

I'll have to fix that too -- thanks for the feedback, and I'll get back to you again when it's fixed. Ken

[ken-cunningham-webuse]

I had not dug into the python portgroup much before this. Reading through the python portgroup file this afternoon, I see it changes the way this port builds and functions quite extensively. I added the python portgroup to this portfile not realizing how deeply it would affect everything. I think the best approach for this one might be to remove the python portgroup (which will allow it to build and install again!) and then to add in the few needed functions manually...

will post a revised portfile once I do that. -- K

[eborisch (Eric A. Borisch)]

Cc Me!

[ken-cunningham-webuse]

This version of the portfile (v4) works again after deleting the python portgroup -- after six weeks of monkeying around with it, I can't figure out how to use the python portgroup in this port. I'm not sure it applies to a port like this. Maybe it does, and I can't see how. Anyway, best I can do with it.

It works great, for anyone who wants to use it. But you'll have to manually select python27 as your python and python2 to build it. Look forward to seeing how to do that magically, if it's possible.

I see there's interest in this, so hope it helps somebody. I use this port all day, every day, at work. It's one of the more useful ports I've come across that way. Thanks to the original requester, who pointed me in that direction.

[ken-cunningham-webuse]

sshuttle working portfile - no python portgroup

[ken-cunningham-webuse]

I have found a newer github repository for this port, that looks to have newer tag releases and follows a more traditional python approach, with setup.py. I think moving over to this newer version would make sense for the macports port. It's at <​https://github.com/sshuttle/sshuttle> and I'll start working on this soonish.

[Russell-Jones-OxPhys (Russell Jones)]

Replying to ken-cunningham-webuse:

I have found a newer github repository for this port, that looks to have newer tag releases and follows a more traditional python approach, with setup.py. I think moving over to this newer version would make sense for the macports port. It's at <​https://github.com/sshuttle/sshuttle> and I'll start working on this soonish.

Do they publish to PyPI? If so, you may find ​https://trac.macports.org/wiki/pypi2port useful.

[ken-cunningham-webuse]

That works fairly well, thanks for the suggestion. A working portfile falls into your hand with pypi2port. Unfortunately this version doesn't have the nice macOS GUI .... ah well.

I'm having a little trouble getting py-sphinx to build the man pages (or any other pages) from the *.rst files -- that part didn't come through automatically. When I figure that out I'll put up a (hopefully) final portfile.

[kencu (Ken)]

This port just isn't going to make the cut for MacPorts at present. Doesn't run on newer systems, and too many issues on the older systems. I'll close it down now, therefore.

[herbygillot (Herby Gillot)]

A basic port for sshuttle has been merged into ports:

​https://github.com/macports/macports-ports/blob/master/net/sshuttle/Portfile