Blog

Immer aktuell informiert sein in unserem Blog!

ssh-e1360792910841

After days of struggling against the Openstack installation procedure I’ve decided to test the single installation guide provided by Ubuntu. Very easy and straightforward, this guide allows to deploy a complete Openstack environment in a few minutes without concerning about manually building up the whole Openstack infrastructure, which is famous for being complex and challenging.

The only single problem I had is that the horizon dashboard started running at an internal subnet (10.0.6.0/24) only reachable from the Ubuntu box while connecting to Openstack from the outside world. There are a few options to solve this from deploying an IPsec VPN or installing an OpenVPN server on the same Ubuntu server. However, I love simple and effective solutions and this time I’ve found a simple workaround: sshutle, or better known as the “poor’s man VPN”.

sshuttle is a ssh utility which runs on Linux and Mac OSX (Windows friends: I am sorry) and allows to tunnel all traffic or some networks from the local machine through a SSH session on a remote server/router/device.

1. Installation:

Mac:
brew install sshuttle

(if brew complains about cowardly refusing to install, you can try setting root owner permissions to the brew executable with “chown root:wheel /usr/local/bin/brew”)

Ubuntu/Debian:
apt-get install sshuttle

2. Creating a tunnel to a remote network

Tunneling all our traffic through the remote SSH server (Very useful as quick bypass for some firewall restrictions)

sshuttle -r user@remoteserver.com 0/0

Where 0/0 = 0.0.0.0/0. This installs a default route on our local machine to redirect all traffic through the remote server IP address.

Tunneling certain networks only (split tunneling)

sshuttle -r user@remoteserver.com 10.0.6.0/24

Where 10.0.6.0/24 is the remote network. Same as above, this command installs a static route on our local machine to reach the given network.

Automatic discovery

sshuttle offers a simple, yet useful way to automatic add the remote networks already installed at the remote router’s routing table and add it to our own machine. If the server has a static route pointing to 10.0.3.0/24, this command will detect it and automatically install the same route on our system.

sshuttle -Hr user@remoteserver.com

Everything perfect, except that the local routes cannot be automatically installed when using sshuttle with OS X Yosemite, because starting from OS X 10.7, OpenBSD’s firewall called Packet Filter (PF) replaced ipfw, and sshuttle has no support for PF.

The workaround is very simple: manually adding the remote networks:

$ sudo route add -net 10.0.6.0/24 199.199.199.199

(assuming 199.199.199.199 as the IP address of the remote server).

sh-3.2# ping 10.0.6.91
PING 10.0.6.91 (10.0.6.91): 56 data bytes
64 bytes from 10.0.6.91: icmp_seq=0 ttl=62 time=0.818 ms
64 bytes from 10.0.6.91: icmp_seq=1 ttl=62 time=8.632 ms
64 bytes from 10.0.6.91: icmp_seq=2 ttl=62 time=3.240 ms

By Paulo Colomés

Abboniere unseren Newsletter!