Connects to sshuttle tunnel using Shimo

shimo-sshuttle

#!/bin/bash

# Function to convert cidr to a mask
cidr2mask () {
    # Number of args to shift, 255..255, first non-255 byte, zeroes
    set -- $(( 5 - (${1} / 8) )) 255 255 255 255 $(( (255 << (8 - (${1} % 8))) & 255 )) 0 0 0
    [ ${1} -gt 1 ] && shift ${1} || shift
    echo ${1-0}.${2-0}.${3-0}.${4-0}
}

# Function which adds a split mapping to the list - available in the config script
FORWARDS=(); _add_split() { FORWARDS+=("${1}/${2}"); }

# Function which looks up addresses in DNS and adds them as a split mapping - available in the config script
_lookup_addrs() {
  for i in $@; do dig +noall +answer ${i}; done \
  | sed -nE 's/^.*IN[\t[:space:]]+A[\t[:space:]]+([0-9\.]+)$/\1/p' \
  | sort -u
}

# Function which looks up and adds multiple addresses as a split mapping - available in the config script
_add_addrs() {
  for i in $(_lookup_addrs $@); do _add_split ${i} 32; done
}

# Function which adds an sshuttle param - available in the config script
PARAMS=(); _add_param() { PARAMS+=("${1}"); }


# Load our configuration script path
if [ "${1}" == "-c" -a -n "${2}" ]; then SCRIPT_CFG="${2}"; shift 2; fi
[ -f "${SCRIPT_CFG}" ] || {
  : ${SHIMO_HOME:="${HOME}/Library/Application Support/Shimo"}
  : ${SHIMO_SCRIPT_HOME:="${SHIMO_HOME}/Scripts"}
  : ${SHIMO_SSHUTTLE_DIR:="${SHIMO_SCRIPT_HOME}/sshuttle"}
  SCRIPT_CFG="${SHIMO_SSHUTTLE_DIR}/${SCRIPT_CFG}.sh"
}
[ -f "${SCRIPT_CFG}" ] || { echo "Usage: ${0} -c <SCRIPT_NAME|/path/to/script.sh>" >&2; exit 1; }

# Load our variables
[ -n "${CS_UNIQUE_IDENTIFIER}" ] || { echo "This script must be run from within Shimo" >&2; exit 1; }
: ${SSHCONF:="/var/run/Shimo/configs/${CS_UNIQUE_IDENTIFIER}.sshconf"}
: ${PIDFILE:="${TMPDIR:=/tmp}/sshuttle-${CS_UNIQUE_IDENTIFIER}.pid"}

# Source our profile and our script-based config so that we have the correct items
source "/etc/profile"
[ -f "${SCRIPT_CFG}" ] && source "${SCRIPT_CFG}"

# Load values out of our SSHConfig file
HOSTNAME="$(cat "${SSHCONF}" 2>/dev/null | sed -nE 's/^HostName (.+)$/\1/p')"
USER="$(cat "${SSHCONF}" 2>/dev/null | sed -nE 's/^User (.+)$/\1/p')"
PORT="$(cat "${SSHCONF}" 2>/dev/null | sed -nE 's/^Port (.+)$/\1/p')"
[ -n "${HOSTNAME}" -a -n "${USER}" -a -n "${PORT}" -a ${#FORWARDS[@]} -gt 0 ] || { 
  echo "Invalid SSH configuration and/or script" >&2
  exit 1
}

# Connect to sshuttle - trap on exit and clean up the connection
[ -f "${SCRIPT_CFG}" ] && "${SCRIPT_CFG}" start &>/dev/null
/usr/local/opt/sshuttle/libexec/bin/python /usr/local/bin/sshuttle --no-sudo-pythonpath \
                                                                   --daemon --pidfile "${PIDFILE}" \
                                                                   "${PARAMS[@]}" -r ${USER}@${HOSTNAME} \
                                                                   ${FORWARDS[@]} || exit $?
trap 'kill "$(cat "${PIDFILE}" 2>/dev/null)" &>/dev/null; \
      [ -f "${SCRIPT_CFG}" ] && "${SCRIPT_CFG}" stop &>/dev/null' EXIT

# Run netcat to the same SSH server (or localhost) so that Shimo is happy
/usr/bin/nc "${HOSTNAME}" "${PORT}" || /usr/bin/nc localhost 22

To use:

1. Create a script (in ~/Library/Application Support/Shimo/Scripts/sshuttle/<IDENTIFIER>.sh)
2. Use the _add_split, and _add_addrs functions to add your mappings. Optionally, you can use _add_param to add a command-line parameter (such as --dns) as well.
3. Make sure you can log in to your target machine without a password
4. Make sure that /usr/local/opt/sshuttle/libexec/bin/python and /usr/local/bin/sshuttle are added to your sudoers to not require a password
5. Set up a Shimo SSH VPN using the information for your target machine
6. Set the ProxyCommand option in the Shimo VPN config to /usr/local/bin/shimo-sshuttle -c <IDENTIFIER>