sshuttle VPN no longer working in Mavericks due to ipfw changes ... anyone ?

gjarold

macrumors regular
Original poster
Nov 14, 2007
123
0
First, let me recommend "sshuttle" as a VPN software - very simple, very nice way of making a quick and simple VPN with any remote server that is running OpenSSH. Only requirement is that the remote server has to have python on it.

https://github.com/apenwarr/sshuttle

I have used this on several OSX systems with good success.

It does not work on Mavericks. The issue is explained well in this apple forum posting:

https://discussions.apple.com/thread/6534813

I wonder if anyone here is using sshuttle on Mavericks and can comment ?

Why is ipfw broken and poorly maintained in OSX nowadays ?
 

gjarold

macrumors regular
Original poster
Nov 14, 2007
123
0
Ok, here is an immediate followup ...

It turns out that, as of October 2014, *this* is the source repo that you want to be using:

https://github.com/sshuttle/sshuttle

and *not* the original apenwarr version that is what google shows you, etc.

There are new commits and new code in that new git repo ... however I have not yet tested whether it actually works on Mavericks ...
 

gjarold

macrumors regular
Original poster
Nov 14, 2007
123
0
Another self-reply ...

All versions of sshuttle, including the newest ones from the new author, rely on ipfw.

And ipfw is broken / deprecated in OSX as of ... Mountain Lion ? Who knows.

ipfw binary is still there in OSX and looks like its working, but it is not.

To be clear - there was absolutely no reason to break ipfw - it does not interfere with the new pf/pfctl framework and if people aren't using it, it just sits there as an unused binary. No reason at all to cripple/break it.

But they did.
 

petehare

macrumors newbie
Oct 31, 2014
1
0
@gjerold So is the general consensus that it's a no-go for now? Such a shame if so. I'm still trying to find a viable solution.
 

Astralis

macrumors newbie
Dec 21, 2014
1
0
Sweden
Hi, everyone.

I was looking for the solution to this as well and I stumbled upon ssh's built in SOCKS proxy. To use it, ssh to your machine using "ssh -D 1234 user@hostname" and then add a proxy connection to "localhost:1234". While not a complete solution to the problem, it is a very nice alternative for most people.
 

domain

macrumors member
Jan 25, 2007
35
0
I glanced over the code of this application (which was quite frightening)... trying to understand what changes it makes from a firewall perspective.

Based on my understanding of what it is trying to accomplish, the version of pf included with OS X is missing functionality that would be required to make this work.

The mainline version of pf (from the originating OpenBSD) looks like it would be capable of replicating what they are doing in ipfw via the "divert-to" option, but the one included in OSX does not support this to my knowledge.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.