[stunnel-users] UDP End-points

Michal Trojnara Michal.Trojnara at mobi-com.net
Wed Nov 3 18:18:44 CET 2004


Leigh,

> Perhaps I wasn't quite as clear as I intended.. :)
> I'm not suggesting that SSL over UDP should be done.. I'm suggesting
> that stunnel could potentially act as a UDP-over-encrypted-TCP
> gateway.

Okay.  Now I understand your idea (I hope).  I would have to design a 
propriatary datagram-over-byte-stream (DOBS) protocol (at least length of 
UDP packets has to be encoded aside from the content), and then tunnel UDP 
over DOBS over SSL over TCP.

This is why I don't like it:
1. Such tunneling is not very effective.  There's a *huge* protocol 
overhead.
2. It's not standard.  One of the main ideas behind stunnel is its 
interoperability.
3. I think it's much easier to write such encrypting UDP forwarder from 
scratch using IPSec-style datagram protocol, than to modify stunnel.
4. It breaks my KISS principle.  8-)

In fact I would really like to find a time (or a sponsor) to develop such 
UDP encrypting forwarder.

BTW: Maybe it's better to use IPSec or VTUN instead of a proxy?

Best regards,
    Mike 




More information about the stunnel-users mailing list