Cheap VPN using sshuttle and DigitalOcean

Date: 25 Jun, 2014
Posted by: admin
In: hints & tips|internet, web design & development|linux, open source & software

Bookmark and Share

Using a cheap server for VPN?

Why VPN?

Well if you’re interested in general info then Wikipedia is probably the place to go. For me I was trying to solve a problem with my ISP. It’s a protracted way about it but running mtr (a ping-ing tool) I found that my gaming ping was mainly the result of one particular step in my connection. One step was adding 500-900ms of time to the round trip for packets whilst the other parts of the route only seem to be adding about 90ms combined. This is a recent change too.

So my solution was to try and send all my traffic instead via an alternate route. If I could get traffic to go a different route then maybe it would skip the data-centre with the massive delays and so give me a better ping and thus reduce gaming lag!? Worth a try.

OpenVPN or sshuttle?

DigitalOcean Create Droplet [aff link]The only VPN I’d come used so far was OpenVPN with some free VPN providers. When I looked at setting it up it seemed pretty complicated so I looked around for other more turnkey-like solutions. My main idea was that I could use a cheap and fast DigitalOcean server [aff link] to run the VPN server end. The main benefit there is that I can run up a new server on DigitalOcean (DO) in a couple of minutes; if I destroy the server at the end then I only pay for the used time by the hour and so the set up can be very cheap. DO also have servers in NY where the gaming server I’m trying to connect to is located and so routing through to NY should be easy.

During my search I came across a StackExchange answer that mentioned using sshuttle “a poor man’s VPN”. Sshuttle is on github but I was able to install it via apt-get without additionally repos.

Tunnelling over SSH

With only an SSH server running on my DO box, standard on the Ubuntu install (and a key can be saved in the DO panel that gets inserted in to the DO droplet [ie virtual server] when it’s activated). That means I don’t need to worry about saving images, I can bring up a box and use this:

sshuttle –dns -rv 0/0 –exclude # start sshuttle

to create a tunnel for traffic from my local computer to the DO droplet [server] and then out on to the internet.

Limitations of sshuttle

As it happens this all worked perfectly. A quick:

curl -s

on my local computer returns the IP address of the DO droplet and websites see me as being located at the IP address of the droplet, ie in the USA (NY or SF) or Amsterdam or Singapore. But, and this is a big but, the traffic routed is only TCP traffic. The tunnel that sshuttle creates doesn’t route UDP datagrams and (UDP is an active topic on their forums), as it happens, that’s what the game I was playing uses … doh!


In summary this is a great way to root traffic cheaply via a distant server — using sshuttle to create an SSH tunnel to a distant DigitalOcean server — but it won’t help if you actually want to route UDP traffic it seems you need a full VPN for that.

Sorry, comments are closed.


Flapjacktastic is just a random collection of musings, hints&tips, notes, information ... a collection of stuff really that's overflowed from the brain of this husband, father, potter, business-man, geek ...

past posts