Tunneling all of a server's traffic through another server using sshuttle

Tunneling all of a server's traffic through another server using sshuttle

Sometimes, you deal with a server that has a restrictive network environment where you are unable to complete a task. Or maybe, you want your traffic to appear as if it were coming from another server somewhere else in the world. Using the program sshuttle, we are able to do this.

sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has python 3.6 or higher

To install sshuttle, use these instructions.  

Use this command to traffic all TCP/UDP packets through server with IP address XXX.XXX.XXX.XXX:

sshuttle -D -r user@XXX.XXX.XXX.XXX 0/0

To stop sshuttle, kill its pid. You can find its pid using ps aux | grep sshuttle. Or, better yet, make command aliasses to make this process even easier.

Some important parameters:

Parameter Description
-D Runs in Daemon mode. So basically, it runs in the background.
-r The remote server to connect to (prefixed with a username, does not need to be sudo).
--dns Also routes DNS requests through tunnel.
<main parameter> The subnet to tunnel. 0/0 is equivalent to 0.0.0.0/0, which will tunnel all possible traffic.

Backstory: I was working with a Ubuntu server that was unable to pull the proper images for a Kubernetes server. Here's what was happening when trying to initialize a cluster using the tool kubeadm.

Using command kubeadm init, several SSL errors were occuring

These errors are due to a network misconfiguration regarding an SSL decryption gateway on the network. The issue was reported and was currently being worked on, however, I couldn't even curl Google.

Using command curl https://www.google.com, an SSL error was present

To solve my problem in the meantime as simple as possible, I needed to tunnel all of my server's traffic to another server. So I spun up a quick Droplet on Digital Ocean preloaded with Ubuntu 20.04 and made it accessible via a simple password, as I would only need it for about five minutes. Then I used the command from above. It worked like magic. The images pulled and I was on my way.