Network Tunnel

Published

November 17, 2023

Modified

April 18, 2024

sshuttle 1 creates a transparent tunnel to a remote network using SSH. This is similar in connectivity to a Virtual Private Network (VPN) 2 based technology. Sshuttle enables users to work as if their computer is located within the GSI network. Practically this allows to access all GSI internal service including the HPC infrastructure. The sshuttle requires root access on your local computer in order to modify the system firewall to tunnel all traffic through an SSH connection.

Connect

Connect to a login node from the Internet. Start a tunnel to the GSI internal network with following command, where $user is your GSI Linux username:

sshuttle --daemon --pidfile=/tmp/sshuttle.pid --dns --remote $user@lxpool.gsi.de 0/0

The /tmp/sshuttle.pid stores the process ID of the sshuttle instance for later use. This connection will route all your traffic including DNS requests transparently through an SSH connection into the GSI network. Using the sshuttle command will prompt for the sudo 3 password and then for the SSH login password.

Disconnect

Use the process ID stored in /tmp/sshuttle.pid to disconnect:

# stop the tunnel
kill $(cat /tmp/sshuttle.pid)

Alternatively you can run pkill sshuttle 4, which will kill all active sshuttle instances running.

Configuration

It is recommended to us a configuration-file 5 to store all connection options for repeated logins. The following examples illustrates a configuration to connect to the lxlogin.gsi.de nodes from the Internet:

# Create a configuration file
cat > lxlogin.conf <<EOF
140.181.0.0/16
10.0.0.0/8
--remote
lxlogin.gsi.de
--dns
--disable-ipv6
--daemon
--pidfile
/tmp/sshuttle.pid
--exclude
140.181.60.0/24
EOF

Arguments read from a file must be one per line, as shown above. Pass the name of the configuration file preceded by the @ character to the Sshuttle command:

# ...and pass the configuration file as argument to Sshuttle
sshuttle @lxlogin.conf