[chippy]

I love sshuttle - I'd love to see a dead mans switch work with it and/or integration with desktop indicators.

Also, they say these things are "poor mans" but does this mean that it is inefficient than a real VPN? If so, would it be very inefficient?

[eeZi]

sshuttle's performance is actually pretty good for what it does. You can even run it with PyPy. It's not going to be a bottleneck with a recent CPU and <1Gbit.

The way it does it is that is actually proxies the TCP connections instead of encapsulating them.

  Client <-A-> sshuttle client <-B-> sshuttle server <-C-> Server

By doing this, it sidesteps the issues you have with TCP in TCP encapsulation, especially with poor connections (the outer and the inner sessions would do their own flow control and interact badly). But this also means that it can only tunnel TCP connections. There's a fork at https://github.com/sshuttle/sshuttle which supposedly extends support to UDP, but I haven't tested it and it's only UDP, so ICMP and lots of other protocols are still unsupported. It also NATs all connections, relies on black magic™ for tunneling instead of using a tun/tap IF, uploads code to the server and requires shell access.

Those are a few reasons why it's really only a workaround or a remote access tool, not a replacement for a real, UDP-based VPN. Still invaluable for those use cases.