[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    =?utf-8?B?UmU6IFJlOiDigJxTdHJpcHBlZC1kb3du4oCdIFNTSCAobm8gZW5jcnlwdGlv?= =?utf-8?Q?n_or_authenticati
From:       Jochen Bern <Jochen.Bern () binect ! de>
Date:       2019-10-16 8:16:58
Message-ID: 5e551884-ba2f-e586-7623-47dab3330430 () binect ! de
[Download RAW message or body]

On 10/16/2019 02:04 AM, Demi M. Obenour wrote:
> As I mentioned in another email, what I am really looking for is
> multiplexing multiple socket connections over a single full-duplex
> stream.

As far as I know, SSH's forwarding allows only one kind of "socket",
namely, TCP connections - as opposed to, e.g., UNIX sockets.

If that's what you mean, my recommendation would be to establish the
"trunk" connection not with OpenSSH, but OpenVPN.

OpenVPN can use TCP and (preferred) UDP for the "trunk", can AFAIK be
configured not to encrypt the *data* stream at all, will automatically
re-establish the "trunk" when it gets closed, and the server can "push"
a route to the subnet your Docker containers live in to the client. (If
that subnet or the addresses thereon tend(s) to *change* over time,
finding the proper IPs to connect to from the VPN client might become a
(minor) problem.)

If you want to avoid even the *potential* overhead of the encryption
parts of a VPN software like OpenVPN, my next suggestion would be GRE,
but I haven't done *that* on a unixoid base yet and you *will* have to
do quite some work to permit GRE tunnels from A to B through all the
firewalls that may sit on the path ...

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
Robert-Koch-Straße 9
64331 Weiterstadt


["smime.p7s" (application/pkcs7-signature)]

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

--===============7672065493486995198==--

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic