Adam Israel

Adam Israel

An economy of words.

sshuttle workaround for OS X 10.10 (Yosemite), Juju and Vagrant

Adam

2-Minute Read

sshuttle is a nifty little transparent proxy/vpn that works by tunneling TCP traffic over SSH, or more specifically, tearing down a TCP session and reassembling the data on the other side. I started using it earlier this year, as part of my workflow using Juju and developing under OS X. It’s like a data center in a box, inside another box. Code locally in my editor of choice (vim, TextMate, and more recently, Atom). Deploy new code. Refresh web browser, thanks to sshuttle. With sshuttle, I could connect to the services running within my virtual machine running Ubuntu natively through OS X.

Until I upgraded to Yosemite (OS X 10.10).

ipfw, the FreeBSD ip packet filter, was replaced by OpenBSD’s pf in OS X 10.7, but the binary lived on through 10.9. sshuttle has no support for pf, which led me googling down a spiraling trail of despair and hope that someone, some day, would patch sshuttle.

I’m more familiar with iptables than either ipfw or pf, but I understand enough networking to know that ubuntu-in-a-virtual-machine was already setup to talk to the outside world. I figured that there must be something more obvious than setting up a poor man’s VPN to talk to it.

A few hours of testing later, I had a working solution using the route command. 

$ sudo route add -net 10.0.3.0/24 172.16.250.15

The lxc containers run on the 10.0.3.0 network, and the lxc host (always, in the official Vagrant image) has eth1 bound to 172.16.250.15.

There’s a few ways I could have implemented this. I could have made it a static route, always active, but that could lead to unintended side-effects if you were to join a network using the same ip range. Same logic rules out adding it to my ~/.bash_profile. I ended up finding vagrant-triggers, which allows you to run custom commands at various stages of the vagrant lifecycle. With that, I can add the route when I boot up a virtual machine, and remove it when I’ve shut it down.

While I can confirm that it works for me, I can’t say how well it’ll work for other use cases of sshuttle or earlier versions of OS X. Juju users can head over to the Vagrant Workflow docs for the latest and greatest, or read on for the gist.

comments powered by Disqus

Recent Posts

Categories

About

This website is the digital home of software engineer, author, and genealogist Adam Israel.