[NCLUG] Speaking of SSH and Tunnels...

Gabriel L. Somlo gsomlo at gmail.com
Fri Oct 13 07:59:46 MDT 2017


Hi Sean,

> From: Sean Reifschneider <jafo00 at gmail.com>
> >
> > Speaking of ssh and tunneling, I've been using vtun on Fedora to
> > implement a sort of "distributed Ethernet switch over IP" for a
> > project, a kind of "layer-2 VPN", if you will.
> >
> 
> I've done this many times using OpenVPN and tap device bridged to an
> Ethernet interface.  I think you can even have multiple OpenVPN clients
> connect in to the server, and OpenVPN has a UDP mode so that you don't run
> into TCP retransmit amplification like you can with SSH tunnels.
> 
> I've used it several times to bridge the networks at two data centers as I
> moved machines between them:  Set up bridge, move some machines to the
> other location, move the gateway to the new facility, move the rest of the
> machines.

You're right, OpenVPN would have probably been the "canonical" thing
to use. The appeal of OpenSSH is that one can get everything done over
tcp port 22, which is the next most likely port to be allowed through
various silly middle boxes, right after port 80 :)

Thanks,
--Gabriel


More information about the NCLUG mailing list