Now... stunnel should work just as well as SSH, but it also has just the same basic "limitation" - or, rather, design goal - stunnel is used only for forwarding TCP connections. I'm not sure what your VoIP model is, but if it is in any way based on UDP packets flying around, then neither stunnel nor SSH would be of any use to you.
My VoIP model is using 10000 - 20000 udp for the media so this is the
reason
I have to tunnel OpenVPN through SSH or Stunnel since I can forward my
udp
traffic through OpenVPN.
Oh... so you still want to use OpenVPN? That is, you want:
- VoIP traffic
- UDP packets on a virtual interface
- OpenVPN encryption with OpenVPN configured for a TCP connection
- and an additional stunnel or SSH wrapper?
My OpenVPN server is already setup to use TCP connection so I just need to use additional Stunnel wrapper.
Yikes :) This *will* add some additional overhead, and although the overhead will be the same no matter whether you choose SSH or stunnel, it will still be there anyway.
However, I think I can set cipher to none in OpenVPN and do a bit more tweaking to conserve bandwidth since the OpenVPN will be secured within the Stunnel wrapper.
Another alternative that I am exploring is SSH or Stunnels with Socat! http://www.zarb.org/~gc/html/udp-in-ssh-tunneling.html but I need to
find
out how to forward a range of ports through it.
Well, this might turn out to be a better alternative. If you use the netcat (or socat) method described there, you'll just need to run a lot of netcat (or socat) processes, one for each port you need to forward. I've not yet used socat, but from its manual page it seems that it cannot listen on more than one port either.
It would be great to use netcat (or socat) but surprisingly it does seem to support port ranges so I think I may have to use OpenVPN with Stunnel and a bit of tweaking.
With that in mind, if it's a TCP connection that you want to encrypt, either stunnel or SSH port forwarding should do the job just fine, although for "permanent" setups I would rather use stunnel, since SSH may have some issues with timeouts and dropped control connections and such.
I need to investigate if Stunnel is available as a package for OpenWRT
or
DD-WRT firmware.
G'luck, Peter
-- Peter Pentchev roam@ringlet.net roam@cnsys.bg
roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it.