Theres a utility called sshuttle
which allows you to VPN via a SSH connection, which is really handy when you quickly want to be able to reach a private range, which is accessible from a public reachable server such as a bastion host.
In this tutorial, I will demonstrate how to install sshuttle on a mac, if you are using a different OS you can see their documentation and then we will use the VPN connection to reach a “prod” and a “dev” environment.
SSH Config
We will declare 2 jump-boxes / bastion hosts in our ssh config:
dev-jump-host
is a public server that has network access to our private endpoints in172.31.0.0/16
prod-jump-host
is a public server that has network access to our private endpoints in172.31.0.0/16
In this case, the above example is 2 AWS Accounts with the same CIDR’s, and wanted to demonstrate using sshuttle for this reason, as if we had different CIDRs we can setup a dedicated VPN and route them respectively.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
|
Install sshuttle
Install sshuttle for your operating system:
1 2 3 4 5 |
|
Usage
To setup a vpn tunnel to route connections to our prod account:
1
|
|
Or to setup a vpn tunnel to route connections to our dev account:
1
|
|
Once one of your chosen sessions establishes, you can use a new terminal to access your private network, as example:
1
|
|
Bash Functions
We can wrap this into functions, so we can use vpn_dev
or vpn_prod
which aliases to the commands shown below:
1 2 3 4 5 6 7 8 |
|
Now source that to your environment:
1
|
|
Then you should be able to use vpn_dev
and vpn_prod
from your terminal:
1 2 3 4 |
|
And in a new terminal we can connect to a RDS MySQL Database sitting in a private network:
1 2 |
|
Sshuttle as a Service
You can create a systemd unit file to run a sshuttle vpn as a service. In this scenario I provided 2 different vpn routes, dev and prod, so you can create 2 seperate systemd unit files, but my case I will only create for prod:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
|
Reload the systemd daemon:
1
|
|
Enable and start the service:
1 2 |
|
Thank You
Thanks for reading.