[HECnet] UDP tunnelling over SSH - Solution for people dynamic IP addresses?
Sampsa Laine
sampsa at mac.com
Wed May 13 11:39:19 PDT 2009
Came across this whilst looking for some SSH stuff and realized this could be used to either securely transmit HECnet data between two hosts or enable a host with a dynamic IP to run the bridge/MULTINET UDP thing:
http://24.97.150.195/nstwiki/index.php/Tunnelling_UDP_Traffic_Through_An_SSH_Connection
Basically, they use a combination of SSH port forwarding (which is TCP only) and nc to create a secure UDP tunnel between two sites. Setting this up would be trivial on a standard Unix box and if we use public key authentication we don't even need to store passwords anywhere. Also, we would of course benefit from the authentication and cryptographic features that SSH brings to the table.
The main disadvantage I can see is that SSH runs over TCP so any dropped packets might cause more delays than using straight UDP.
Sampsa
More information about the Hecnet-list
mailing list