This artifact demonstrates three approaches for enabling end-to-end connectivity between virtual machines (VMs) across multiple subnets within a routed topology:

1. Dynamic Tunneling with sshuttle
   A simplified alternative that captures TCP traffic and forwards it over an SSH tunnel using sshuttle, removing the need for explicit routing or IP forwarding. This method is useful for quick setups or firewall-bypassed tunneling.
2. Encrypted L3 Overlay with WireGuard
   A secure VPN tunnel using WireGuard to establish an encrypted peer-to-peer mesh between nodes. This method leverages a private subnet and overlay interfaces (wg0) with IP forwarding and iptables to route packets across isolated subnets. It supports all protocols and is ideal for research use cases requiring encryption or overlay topologies.
3. Static Routing with IP Forwarding
   A manual, realistic configuration where intermediary nodes are set up as routers using ip route and IP forwarding. This approach supports all protocols (TCP, UDP, ICMP) and offers full visibility into routing behavior.

Slice Topology

• Node1 ↔ Node2: LAN (192.168.1.0/24)
• Node2 ↔ Node3: WAN (192.168.2.0/24)

Contents of This Artifact

• Code for verifying node-to-node connectivity
• Steps for SSH key setup
• sshuttle usage with diagnostic tips
• WireGuard installation, setup, and routing
• Static route configuration and verification
• Comparison of use cases, benefits, and limitations of each method

Source and full notebook available at: GitHub Repository

This resource is ideal for students, researchers, and network engineers exploring secure routing, overlay networks, and SSH-based tunneling in virtual testbed environments such as FABRIC.