[plug] securely tunneling UDP traffic
Luke Dudney
plug at apophis.net
Mon Dec 16 14:59:31 WST 2002
On 16/12/2002 2:44 PM, Craig Ringer wrote:
> Hi all
>
> I've been beating my head against a wall for a while on this one so I
> though I'd see if anybody on PLUG had any ideas.
>
> I need to tunnel UDP traffic between a number of hosts, very much in
> the style of ssh port forwarding tunnels. Unfortunately, ssh only
> seems to tunnel TCP traffic (netstat -lunp doesn't show it listening
> to a udp port when a portforward is established; nothing in the man
> pages).
>
> I /really/ don't want to go for a full IPsec VPN, as I'm looking at
> connecting several different hosts and only need to protect traffic on
> one port. FreeS/WAN is IMHO far too clunky for me to wish to use it at
> this point and for this application.
>
> I've found some info on ssh port forwarding of RPC services, but I
> need to forward snmp traffic and a few other things, not RPC. While
> SNMP supports TCP, not all client programs do and some of the other
> services I'm trying to use don't do TCP transport at all.
>
> As a last resort, I suppose I could use ssh as the transport for a ppp
> session :-(
>
> So - ideas?
>
> Craig Ringer
You could use CIPE - crypto IP encapsulation.
http://sites.inka.de/sites/bigred/devel/cipe.html
You haven't mentioned what distribution you're using, but it comes with
RedHat and is the VPN implementation they use in the official security
documentation (The Official RH Linux Security Guide).
I'm sure packages are available for all the other major distros.
Configuring it is very simple - each side of the tunnel has a shared
128-bit key and the endpoint information. The tunnel comes up as a
network interface (cipcb<xx>) so you can set up routes and filtering as
normal.
Cheers
Luke
More information about the plug
mailing list