From owner-freebsd-net@FreeBSD.ORG  Mon Sep  8 16:12:36 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 57996BAD
 for <freebsd-net@freebsd.org>; Mon,  8 Sep 2014 16:12:36 +0000 (UTC)
Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3A8201346
 for <freebsd-net@freebsd.org>; Mon,  8 Sep 2014 16:12:35 +0000 (UTC)
Received: from otaku.freeshell.org (IDENT:case@otaku.freeshell.org
 [192.94.73.9])
 by sdf.lonestar.org (8.14.8/8.14.5) with ESMTP id s88GCV1u018223
 (using TLSv1/SSLv3 with cipher DHE-RSA-AES256-SHA (256 bits) verified NO)
 for <freebsd-net@freebsd.org>; Mon, 8 Sep 2014 16:12:31 GMT
Date: Mon, 8 Sep 2014 16:12:31 +0000 (UTC)
From: John Case <case@SDF.ORG>
X-X-Sender: case@faeroes.freeshell.org
To: freebsd-net@freebsd.org
Subject: RE: How can sshuttle be used properly with FreeBSD (and with DNS)
 ?
Message-ID: <Pine.NEB.4.64.1409081608130.28278@faeroes.freeshell.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2014 16:12:36 -0000


Hi Ryan,

Thanks for responding.

Just for the record, I removed my natd and ipdivert lines, so that 
sshuttles divert rules were the only rules on the system ... I made my 
system work without my own natd/divert by putting some static route 
definitions into rc.conf.

Anyway, it still worked fine for tcp over the ssh tunnel, but it didn't 
help the UDP tunneling, which supports your conclusion.

What is the solution here ?  Or more importantly, what is even the 
problem?  sshuttle documentation (the readme) makes some vague references 
to FreeBSD not handling forwarding of UDP properly, which is why the 
diverts for it go into place at all ...

Do we solve this problem by fixing sshuttle (perhaps putting in more 
complex ipfw rules for it to inject) ?  Or do we solve this problem by 
fixing FreeBSD, and making forwarding "work" with UDP properly ?

It doesn't work at all now, but I'd like to at least get a sense as to 
what the real problem to solve here is ...

Thanks.