To create a hassle-free vpn connection to a remote server you need to expose port 22 in the target device. In these examples It is assumed that the remote server is either your edge device, directly connected to an edge device (like a main router) and in a DMZ or or receiving forwarded ssh traffic from your edge device.
First, start a ssh tunnel session with the edge machine:
sshuttle -r [user@ipaddress(edge-device)] [192.168.5.0/24 (internal server's subnet)) --dnsFor ssh port other than the default 22 type:
sshuttle -r [user@ipaddress(edge-device):port] [192.168.5.0/24 (internal server's subnet)) --dnsYou will be asked for your local user’s password and then the password of the user of the edge device to create the vpn connection. Once that’s done, the message “Connected to server” should be shown. From here on, you can open a web browser and type the local ip address of an internal device that belongs to the subnet you specified in the previous command. For example a Proxmox administration webUI behind the router can be accessible without having to configure port forward in the router (edge device). You can log in securely without having to expose this internal server to the internet. The —dns flag is to avoid leaking your dns requests to your ISP and instead forcing it to go through the created tunnel.
The --dns option in sshuttle is used to capture and forward DNS traffic through the SSH tunnel. When you include the --dns option in your sshuttle command, it means that DNS queries originating from your local machine will also be routed through the established SSH tunnel.
Here is another variant which allows you to specify a desired network interface.
sshuttle -r user@ssh_server_ip_or_hostname 192.168.5.0/24 -i enp9s0 --dns-r user@ssh_server_ip_or_hostname: Specifies the remote SSH server.192.168.5.0/24: Specifies the target subnet you want to route through the SSH tunnel.-i enp9s0: Specifies the network interface you want to capture traffic from.--dns: Specifies that DNS traffic should also be routed through the tunnel.
Including the --dns option is particularly useful if you want to ensure that DNS queries are encrypted and go through the same secure connection as your other network traffic. This can be relevant for privacy and security considerations.
Keep in mind that when using --dns, it may affect your ability to resolve DNS queries locally if the DNS server on the remote network is not reachable or not configured correctly. Ensure that the DNS server specified in the remote network is accessible and properly configured.