After days of struggling against the Openstack installation procedure I’ve decided to test the single installation guide provided by Ubuntu. Very easy and straightforward, this guide allows to deploy a complete Openstack environment in a few minutes without concerning about manually building up the whole Openstack infrastructure, which is famous for being complex and challenging.
The only single problem I had is that the horizon dashboard started running at an internal subnet (10.0.6.0/24) only reachable from the Ubuntu box while connecting to Openstack from the outside world. There are a few options to solve this from deploying an IPsec VPN or installing an OpenVPN server on the same Ubuntu server. However, I love simple and effective solutions and this time I’ve found a simple workaround: sshutle, or better known as the “poor’s man VPN”.
sshuttle is a ssh utility which runs on Linux and Mac OSX (Windows friends: I am sorry) and allows to tunnel all traffic or some networks from the local machine through a SSH session on a remote server/router/device.
brew install sshuttle
(if brew complains about cowardly refusing to install, you can try setting root owner permissions to the brew executable with “chown root:wheel /usr/local/bin/brew”)
apt-get install sshuttle
2. Creating a tunnel to a remote network
Tunneling all our traffic through the remote SSH server (Very useful as quick bypass for some firewall restrictions)
sshuttle -r firstname.lastname@example.org 0/0
Where 0/0 = 0.0.0.0/0. This installs a default route on our local machine to redirect all traffic through the remote server IP address.
Tunneling certain networks only (split tunneling)
sshuttle -r email@example.com 10.0.6.0/24
Where 10.0.6.0/24 is the remote network. Same as above, this command installs a static route on our local machine to reach the given network.
sshuttle offers a simple, yet useful way to automatic add the remote networks already installed at the remote router’s routing table and add it to our own machine. If the server has a static route pointing to 10.0.3.0/24, this command will detect it and automatically install the same route on our system.
sshuttle -Hr firstname.lastname@example.org
Everything perfect, except that the local routes cannot be automatically installed when using sshuttle with OS X Yosemite, because starting from OS X 10.7, OpenBSD’s firewall called Packet Filter (PF) replaced ipfw, and sshuttle has no support for PF.
The workaround is very simple: manually adding the remote networks:
$ sudo route add -net 10.0.6.0/24 188.8.131.52
(assuming 184.108.40.206 as the IP address of the remote server).
sh-3.2# ping 10.0.6.91
PING 10.0.6.91 (10.0.6.91): 56 data bytes
64 bytes from 10.0.6.91: icmp_seq=0 ttl=62 time=0.818 ms
64 bytes from 10.0.6.91: icmp_seq=1 ttl=62 time=8.632 ms
64 bytes from 10.0.6.91: icmp_seq=2 ttl=62 time=3.240 ms
By Paulo Colomés