Hacker News new | past | comments | ask | show | jobs | submit login

"Others have posted great links. But one great aspect is how simple it is."

(generate new keys to manage, create new network interfaces, assign new IPs, run wireguard ...)

I would agree that this is relatively simple but only compared to the other mainstream options (namely, OpenVPN and IPSEC) but it is much, much more complicated than sshuttle[1] which distinguishes itself by allowing you to use any ssh server as a VPN endpoint.

No server side software install is required - all you need on the endpoint is an ssh login.

[1] https://github.com/sshuttle




I think sshuttle is pretty cool. It does layer 3 tunneling over TCP in the right way. Usually when VPNs (like OpenVPN) try to tunnel IP packets over TCP, if those IP packets contain TCP data itself, then you have this problem with tunneling TCP over TCP, and the rate and congestion control algorithms of the two instances of TCP step all over each other, and performance becomes miserable. But sshuttle has done something pretty neat to fix that: it actually parses the TCP in the packets it receives, reconstructs those packets into a normal byte stream, and then sends that over TCP, reflowed, to then be converted back into the original TCP stream on the other end. It's a tiny bit involved, but they made it work well, and most of the time sshuttle "just works."


Indeed. It even has (or at least had in previous versions) a configurable ping-time monitor that traded some bandwidth for interactivity - which is another part of what makes it work so well.


shuttle is indeed magic, but it does require python (and permission to run it) at the other end. That’s almost always there, but there are exceptions (miniaturized docker/vm images or tiny image routers)


My only issue with sshuttle is that getting IPv6 to work with it is a real pain.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: