[HECnet] UDP tunnelling over SSH - Solution for people dynamic IP addresses?

[Johnny Billquist]

Sampsa Laine wrote:
Came across this whilst looking for some SSH stuff and realized this could be used to either securely transmit HECnet data between two hosts or enable a host with a dynamic IP to run the bridge/MULTINET UDP thing:
http://24.97.150.195/nstwiki/index.php/Tunnelling_UDP_Traffic_Through_An_SSH_Connection Basically, they use a combination of SSH port forwarding (which is TCP only) and nc to create a secure UDP tunnel between two sites. Setting this up would be trivial on a standard Unix box and if we use public key authentication we don't even need to store passwords anywhere. Also, we would of course benefit from the authentication and cryptographic features that SSH brings to the table.
The main disadvantage I can see is that SSH runs over TCP so any dropped packets might cause more delays than using straight UDP.

Yes, tunneling through something would always work. It will cost a lot in overhead, but for some that may be okay.
Also, as you note, it might cause retransmits at several levels, which also cost some.
And of course, you also risk additional delays.

But in addition, for this to work, you need to allow the remote users to get ssh access to your local machine, otherwise ssh can't set up tunneling.
And for me, that's not something I'll do for all you guys... :-)

There are other aspects to this as well, but I'll leave it at this. I've also read the other comments. :-)

	Johnny

-- 
Johnny Billquist                                   || "I'm on a bus
                                                                  ||   on a psychedelic trip
email: bqt at softjar.se                         ||   Reading murder books
pdp is alive!                                         ||   tryin' to stay hip" - B. Idol