TCP-over-TCP tunnelling (was OpenSSH 4.3 released)
Posted Feb 2, 2006 2:32 UTC (Thu) by dskoll
In reply to: OpenSSH 4.3 released
Parent article: OpenSSH 4.3 released
People have been using OpenSSH's TCP-over-TCP port forwarding for years without complaint
That's not the same thing. Port-forwarding isn't really TCP-over-TCP. It's really just plain TCP. If you use a TCP connection as a piece of wire, and then run TCP over that piece of wire, then the TCP timers in the wire layer and the top layer can interact in very nasty ways, and pretty soon your connection gets totally clogged. You might not notice it on a LAN, but probably will if you try such tunneling over the Internet.
OpenVPN is really a much nicer solution for tunnelling. Works really well, and unlike IPSec, is not a horrible nightmarish protocol produced by committee.
to post comments)