Same here. I got forced to set up a Linux VM with sshuttle and route my traffic to the remote networks through that VM.

I have issues with bettercap any.proxy module which internally uses pfctl. I'm also using macOS Sequoia Beta.

I may have the issue too, same behavior, same output. I am not certain if it is related to the new macOS version or even something else. It fails most of the time, but after restarting the computer, usually the first connection via Sshuttle will work.

• macOS: 15.0 Beta (24A5327a)

Upgraded to Sequoia today. sshuttle stopped working.

EDIT: As others have tested and I've also tested it again, the following instructions doesn't work. Try this one

Seems to be related to an old issue - #538 - it was also not working for me on Sequoia and sshuttle ran perfectly fine on Sonoma.

So I managed to workaround it by manually adding the routes i.e. if sshuttle command looks like this:

sudo sshuttle -r [email protected] 1.2.3.4/32 2.3.4.5/32

Then we need to add routes for 1.2.3.4 and 2.3.4.5 to en0 again:

sudo route add -net 1.2.3.4/32 -interface en0
sudo route add -net 2.3.4.5/32 -interface en0

I'm not sure if it'll always be en0 (your wifi interface - the 'default'), or the interface that is used to connect with the internet - which you can get using ifconfig.

Seems to be related to an old issue - #538 - it was also not working for me on Sequoia and sshuttle ran perfectly fine on Sonoma.

So I managed to workaround it by manually adding the routes i.e. if sshuttle command looks like this:

sudo sshuttle -r [email protected] 1.2.3.4/32 2.3.4.5/32

Then we need to add routes for 1.2.3.4 and 2.3.4.5 to en0 again:

sudo route add -net 1.2.3.4/32 -interface en0
sudo route add -net 2.3.4.5/32 -interface en0

I'm not sure if it'll always be en0 (your wifi interface - the 'default'), or the interface that is used to connect with the internet - which you can get using ifconfig.

this didn't work for me. I'm on official MacOS 15 release

Same here: the sudo route add workaround doesn't work on official MacOS 15.0 Sequoia release. Also, while sshuttle is running, many apps (e.g. Spotify desktop) seem to suffer disconnection.

Sorry about that, yeah, it didn't work for me either after I tried. I gave another go at trying to workaround it and found the solution:

Just run sudo pfctl -f /etc/pf.conf before running sshuttle and you should be good to go. Nothing else is needed.

Hope it works for y'all this time. I tested this by rebooting and doing only the above - so a lot more proper this time.

Rough explanation and cause:

I realized that I was also doing a bunch of things with pfctl and found the root of the issue and misattributed route add to fixing it - because I presume if I have connection issues when I previously haven't got any, it's probably routing related or firewall related. Mac uses pf for firewall.

If we run sudo pfctl -sr (show all rules), we get the following.

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
scrub-anchor "com.apple.internet-sharing" all fragment reassemble
anchor "com.apple/*" all
anchor "com.apple.internet-sharing" all

And if we run sshuttle after, and re-ran pfctl -sr, it'll show this:

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
scrub-anchor "com.apple.internet-sharing" all fragment reassemble
anchor "com.apple/*" all
anchor "com.apple.internet-sharing" all
anchor "sshuttle6-12300" all
anchor "sshuttle-12300" all

But interestingly, sshuttle wouldn't work despite the anchor (anchor is a list of rules) being there.

What if we reload the firewall rules i.e. pfctl -f /etc/pf.conf, then re-ran sshuttle?

We'd get this:

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
anchor "com.apple/*" all
anchor "sshuttle6-12300" all
anchor "sshuttle-12300" all

So something within anchor "com.apple.internet-sharing" all is interfering with sshuttle's anchor, and the default ruleset doesn't come with com.apple.internet-sharing. The ruleset for internet sharing is there even though I've never enabled internet sharing. I decided to close sshuttle, and try disable and re-enable internet sharing. The pf ruleset seems to be reloaded by doing so, and gives this back:

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
scrub-anchor "com.apple.internet-sharing" all fragment reassemble
anchor "com.apple/*" all
anchor "com.apple.internet-sharing" all

Interesting!

P.S: I'm not great at networking, nor great at pfctl so my explanation here might be wildly inaccurate.

Thanks a lot it worked for me

Awesome, works for me too! Thanks!

same here, thank you!

it connects for sometime and then get the following error:

ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: Connection corrupted
c : fatal: ssh connection to server (pid 1347) exited with returncode 255

not working for me

Sorry about that, yeah, it didn't work for me either after I tried. I gave another go at trying to workaround it and found the solution:

Just run sudo pfctl -f /etc/pf.conf before running sshuttle and you should be good to go. Nothing else is needed.

Hope it works for y'all this time. I tested this by rebooting and doing only the above - so a lot more proper this time.

Rough explanation and cause:

I realized that I was also doing a bunch of things with pfctl and found the root of the issue and misattributed route add to fixing it - because I presume if I have connection issues when I previously haven't got any, it's probably routing related or firewall related. Mac uses pf for firewall.

If we run sudo pfctl -sr (show all rules), we get the following.

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
scrub-anchor "com.apple.internet-sharing" all fragment reassemble
anchor "com.apple/*" all
anchor "com.apple.internet-sharing" all

And if we run sshuttle after, and re-ran pfctl -sr, it'll show this:

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
scrub-anchor "com.apple.internet-sharing" all fragment reassemble
anchor "com.apple/*" all
anchor "com.apple.internet-sharing" all
anchor "sshuttle6-12300" all
anchor "sshuttle-12300" all

But interestingly, sshuttle wouldn't work despite the anchor (anchor is a list of rules) being there.

What if we reload the firewall rules i.e. pfctl -f /etc/pf.conf, then re-ran sshuttle?

We'd get this:

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
anchor "com.apple/*" all
anchor "sshuttle6-12300" all
anchor "sshuttle-12300" all

So something within anchor "com.apple.internet-sharing" all is interfering with sshuttle's anchor, and the default ruleset doesn't come with com.apple.internet-sharing. The ruleset for internet sharing is there even though I've never enabled internet sharing. I decided to close sshuttle, and try disable and re-enable internet sharing. The pf ruleset seems to be reloaded by doing so, and gives this back:

$ pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
scrub-anchor "com.apple.internet-sharing" all fragment reassemble
anchor "com.apple/*" all
anchor "com.apple.internet-sharing" all

Interesting!

P.S: I'm not great at networking, nor great at pfctl so my explanation here might be wildly inaccurate.

this is work for me, thank you!

Thanks a lot, it's working for me. Without that, I wouldn't be able to work with MacOS 15.0 (using sshuttle every day).

Hey guys,

I switched to Seqoia yesterday, too. Now I am facing similiar sshuttle problems. I tried the workaround @abdullah-kasim provided but unfortunately it doesn't work for me.

Anyways, it seems my issue is a little different. When connecting to hosts with HTTPS or SSH through sshuttle I'm fine. When downloading a file through WebGUI or SSH over the tunnel the connection breaks immediately. I turned on verbose and got this:

Bad packet length 2382065274.
ssh_dispatch_run_fatal: Connection to < host IP > port 22: Connection corrupted
fw: undoing changes.
fw: undoing IPv6 changes.
fw: >> pfctl -a sshuttle6-12300 -F all
fw: >> pfctl -X 18343089517282467048
fw: undoing IPv4 changes.
fw: >> pfctl -a sshuttle-12300 -F all
fw: >> pfctl -X 2662159319849425339
fw: which() could not find 'resolvectl' in < my folders >
fw: which() could not find 'systemd-resolve' in < my folders >

The "bad packet length" seems to be the trigger for breaking the SSH tunnel. I am running sshuttle version 1.1.2. The issue occurs in daemon mode, too. Any ideas on this?

Edit

It seems there are several bugs in the macOS firewall. Have a read here -> https://www.reddit.com/r/MacOS/comments/1fihlge/comment/lnngp9n/

Edit2

macOS 15.0.1 has been released and I tested sshuttle with it. I downloaded a 149 MByte file without any disruption. At first glance, everything seems to work again.

Does not work for me on 15.0.1. After

sudo pfctl -f /etc/pf.conf

it did work. Thanks for the workaround but is there anything that can be done within the package/brew installation that will make it work without this workaround?