Theres a utility called
sshuttle which allows you to VPN via a SSH connection, which is really handy when you quickly want to be able to reach a private range, which is accessible from a public reachable server such as a bastion host.
In this tutorial, I will demonstrate how to install sshuttle on a mac, if you are using a different OS you can see their documentation and then we will use the VPN connection to reach a “prod” and a “dev” environment.
We will declare 2 jump-boxes / bastion hosts in our ssh config:
dev-jump-hostis a public server that has network access to our private endpoints in
prod-jump-hostis a public server that has network access to our private endpoints in
In this case, the above example is 2 AWS Accounts with the same CIDR’s, and wanted to demonstrate using sshuttle for this reason, as if we had different CIDRs we can setup a dedicated VPN and route them respectively.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Install sshuttle for your operating system:
1 2 3 4 5
To setup a vpn tunnel to route connections to our prod account:
Or to setup a vpn tunnel to route connections to our dev account:
Once one of your chosen sessions establishes, you can use a new terminal to access your private network, as example:
We can wrap this into functions, so we can use
vpn_prod which aliases to the commands shown below:
1 2 3 4 5 6 7 8
Now source that to your environment:
Then you should be able to use
vpn_prod from your terminal:
1 2 3 4
And in a new terminal we can connect to a RDS MySQL Database sitting in a private network:
Sshuttle as a Service
You can create a systemd unit file to run a sshuttle vpn as a service. In this scenario I provided 2 different vpn routes, dev and prod, so you can create 2 seperate systemd unit files, but my case I will only create for prod:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Reload the systemd daemon:
Enable and start the service:
Thanks for reading.