Blog

Problem: When trying to route all traffic through SSHuttle (sshuttle -r user@server 0/0), connections fail with Broken pipe or sudden disconnects. The issue occurs because SSHuttle attempts to tunnel its own SSH connection, creating a loop.

Solution:

Exclude the server’s IP from tunneling using the -x flag:

sshuttle -vNr user@server_ip 0.0.0.0/0 -x server_ip/32

Breakdown of the Command:

• -vN: Verbose mode + no remote command execution (optional but recommended).
• -r user@server_ip: SSH server details.
• 0.0.0.0/0: Route all IPv4 traffic through the tunnel.
• -x server_ip/32: Exclude the server’s IP to prevent tunneling the SSH traffic itself.

Why This Works:

SSHuttle normally tunnels all traffic, including its own SSH packets to the server. By excluding the server’s IP (-x), we ensure SSH connections remain direct, avoiding infinite loops or disconnects.

Additional Tips:

• DNS Forwarding: Add --dns if you want to tunnel DNS queries:

sshuttle --dns -vNr user@server_ip 0.0.0.0/0 -x server_ip/32

• IPv6 Support: Use ::/0 for IPv6 (and exclude IPv6 server addresses if needed).
• Debugging: Use -vv for detailed logs if issues persist.

Example with All Options:

sshuttle -vNr --dns [email protected] 0.0.0.0/0 ::/0 -x 5.124.1.1/32

Final Notes:

• Replace 5.124.1.1 with your server’s actual IP.
• This solution is especially critical for servers hosting the SSH tunnel themselves.