Sshuttle VPN 0.51: now with DNS forwarding and a MacOS GUI
I just released version 0.51 of my Sshuttle VPN. Normally I don't re-announce my projects here unless something really interesting happens, but if you have a Mac, then I think this counts as really interesting:
Sshuttle now has a fancy MacOS GUI!
There's not too much to it. Other than the menubar icon, there's just a preferences window:
For those just joining us, what's so interesting about sshuttle?
- It's easier to install than any other VPN software in the history of the universe.
- It forwards over a plain ssh session, which means your server doesn't need sshuttle installed and you don't need server admin access.
- Authentication is just ssh authentication; there's nothing new to learn.
- It avoids the tcp over tcp problem that's infamous among simple-minded VPNs.
- You don't have to change any SOCKS settings.
- It's more reliable than ssh's port forwarding, which freezes randomly (at least for me).
- It has latency controls to avoid interactive slowness caused by bufferbloat in ssh.
- You can choose to forward only a subset of your traffic (ie. the subnets that exist on the remote end).
- If you have multiple offices or clients, you can connect to more than one remote network at once.
- You can choose to forward all your TCP traffic to protect yourself from things like FireSheep.
- Since Sshuttle 0.50, you can also capture all DNS requests and send them over the tunnel.
- Since Sshuttle 0.51, we now have a workaround for stupid MacOS 10.6 network-dropping-dead kernel bugs. (Man, Apple should hire me as a QA tester. I'll just write open source software and reveal serious kernel bugs. Of course, they don't ever fix them, so...)
To download the source code (for Linux, MacOS, and FreeBSD), visit the sshuttle page on github.
If you want to just download the precompiled MacOS GUI app, I made a github tag for that: download Sshuttle VPN.app here. (The resulting filename is really stupid, because github's auto-generated download filenames are really stupid. It seems obvious to me that a tag named 'sshuttle-0.51-macos-bin' should result in a file called 'sshuttle-0.51-macos-bin.tar.gz', but no, the generated filename is full of crap. If this upsets you, complain to the github people. I already did. They told me I was wrong.)
Will this be going into the fancy newfangled Mac App Store?
No. Sshuttle needs root access (on your client machine, not on the server), which disqualifies it. Oh well. You'll have to go through the rather trivial process of downloading and extracting the zip file instead.
ssh+2FA to all your machines, anywhere, without opening firewall ports.