[stunnel-users] UDP End-points
Michal Trojnara
Michal.Trojnara at mobi-com.net
Wed Nov 3 18:18:44 CET 2004
Leigh,
> Perhaps I wasn't quite as clear as I intended.. :)
> I'm not suggesting that SSL over UDP should be done.. I'm suggesting
> that stunnel could potentially act as a UDP-over-encrypted-TCP
> gateway.
Okay. Now I understand your idea (I hope). I would have to design a
propriatary datagram-over-byte-stream (DOBS) protocol (at least length of
UDP packets has to be encoded aside from the content), and then tunnel UDP
over DOBS over SSL over TCP.
This is why I don't like it:
1. Such tunneling is not very effective. There's a *huge* protocol
overhead.
2. It's not standard. One of the main ideas behind stunnel is its
interoperability.
3. I think it's much easier to write such encrypting UDP forwarder from
scratch using IPSec-style datagram protocol, than to modify stunnel.
4. It breaks my KISS principle. 8-)
In fact I would really like to find a time (or a sponsor) to develop such
UDP encrypting forwarder.
BTW: Maybe it's better to use IPSec or VTUN instead of a proxy?
Best regards,
Mike
More information about the stunnel-users
mailing list