Routing question (to a client)

kaiyoti · 07-27-2013, 12:20 PM

Code:

(Openwrt Router)-----------+
   |     |                 |
   |     +-----------+     +-----(client c)
   |                 |
(client a)       (client b)

Question about routing? I've recently started learning about routing and iptables, but it's still a huge black hole for me.

Here's my goal: to have all clients behind router be behind a US network (I'm from Canada) through ssh tunneling. (SSH tunnel is the only option as I don't have root access on remote server)

Router - Openwrt Linux (32mb ram)

What I've tried: Through a combination of autossh and sshuttle, I managed to be able to keep an active tunneled network on the router in my openwrt router. It works great while it lasts, however, I've noticed that the process gets killed due to the 32mb ram limit. SSHUTTLE relies on python and it seems like that's the bottle neck.

What I want to try: My plan is to offload that SSHUTTLE tunneling to one of the clients (say client c, this device has 1gb ram, and quad core cpu), I will force static ip on this client, outside the dhcp range on the openwrt router. Client A and Client B will both be within the dhcp issued range. I will run sshuttle on client C, then I want to be able to forward ALL requests from the dhcp range to client C. I'm talking every requests... including DNS, HTTPS, etc.

Appreciate if I can get some tip, guide, direction on how I can achieve this.

business_kid · 07-27-2013, 01:27 PM

It depends on what's possible on the router. If you have only begun learning the routing stuff, beware that they show you the simple, kludgy, & old stuff first and the more sophisticated stuff later. Ideally the router will have simple processes - python is a hog.

Why not some form of https:// proxy? The only value in what you outline seems to be to make doing something dubious more difficult to detect. Is the us/canada border that perilous a place to network traffic?

kaiyoti · 07-27-2013, 01:38 PM

The openwrt is flexible. I've cross compiled applications for it before, let's assume it's capable of almost anything bound by the limited processor and ram.

I've compiled redsocks for it but have yet tried it because I'm still reading through iptables.

Are there alternatives to my methods that doesn't require root on remote server (starting a tun adapter is out of the question)

You'd think being so close to US, would be easy, but US treats us like any other country.