Sampsa Laine wrote:
Came across this whilst looking for some SSH stuff and realized this could be used to
either securely transmit HECnet data between two hosts or enable a host with a dynamic IP
to run the bridge/MULTINET UDP thing:
http://24.97.150.195/nstwiki/index.php/Tunnelling_UDP_Traffic_Through_An_SS…
Basically, they use a combination of SSH port forwarding (which is TCP only) and nc to
create a secure UDP tunnel between two sites. Setting this up would be trivial on a
standard Unix box and if we use public key authentication we don't even need to store
passwords anywhere. Also, we would of course benefit from the authentication and
cryptographic features that SSH brings to the table.
The main disadvantage I can see is that SSH runs over TCP so any dropped packets might
cause more delays than using straight UDP.
Yes, tunneling through something would always work. It will cost a lot in overhead, but
for some that may be okay.
Also, as you note, it might cause retransmits at several levels, which also cost some.
And of course, you also risk additional delays.
But in addition, for this to work, you need to allow the remote users to get ssh access to
your local machine, otherwise ssh can't set up tunneling.
And for me, that's not something I'll do for all you guys... :-)
There are other aspects to this as well, but I'll leave it at this. I've also read
the other comments. :-)
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic
trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" -
B. Idol