Requirements¶
Client side Requirements¶
sudo, or root access on your client machine. (The server doesn’t need admin access.)
Python 3.9 or greater.
Linux with NAT method¶
Supports:
IPv4 TCP
IPv4 DNS
IPv6 TCP
IPv6 DNS
Requires:
iptables DNAT and REDIRECT modules. ip6tables for IPv6.
Linux with nft method¶
Supports
IPv4 TCP
IPv4 DNS
IPv6 TCP
IPv6 DNS
Requires:
nftables
Linux with TPROXY method¶
Supports:
IPv4 TCP
IPv4 UDP
IPv4 DNS
IPv6 TCP
IPv6 UDP
IPv6 DNS
MacOS / FreeBSD / OpenBSD / pfSense¶
Method: pf
Supports:
IPv4 TCP
IPv4 DNS
IPv6 TCP
IPv6 DNS
Requires:
You need to have the pfctl command.
Windows¶
Experimental built-in support available. See Microsoft Windows for more information.
Server side Requirements¶
Python 3.9 or greater.
Additional Suggested Software¶
If you are using systemd, sshuttle can notify it when the connection to the remote end is established and the firewall rules are installed. For this feature to work you must configure the process start-up type for the sshuttle service unit to notify, as shown in the example below.
[Unit]
Description=sshuttle
After=network.target
[Service]
Type=notify
ExecStart=/usr/bin/sshuttle --dns --remote <user>@<server> <subnets...>
[Install]
WantedBy=multi-user.target