LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

TCP-over-TCP tunnelling (was OpenSSH 4.3 released)

TCP-over-TCP tunnelling (was OpenSSH 4.3 released)

Posted Feb 2, 2006 2:32 UTC (Thu) by dskoll (subscriber, #1630)
In reply to: OpenSSH 4.3 released by djm
Parent article: OpenSSH 4.3 released

People have been using OpenSSH's TCP-over-TCP port forwarding for years without complaint

That's not the same thing. Port-forwarding isn't really TCP-over-TCP. It's really just plain TCP. If you use a TCP connection as a piece of wire, and then run TCP over that piece of wire, then the TCP timers in the wire layer and the top layer can interact in very nasty ways, and pretty soon your connection gets totally clogged. You might not notice it on a LAN, but probably will if you try such tunneling over the Internet.

OpenVPN is really a much nicer solution for tunnelling. Works really well, and unlike IPSec, is not a horrible nightmarish protocol produced by committee.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds