begood Posted May 19, 2010 Report Posted May 19, 2010 Cryptographic Tunnel ctunnel is a command line program for tunneling and/or proxying TCP or UDP connections via a cryptographic tunnel. ctunnel can be used to secure any existing TCP or UDP based protocol, such as (but not limited to) HTTP, Telnet, FTP, RSH, MySQL, VNC, SSH, XDMCP and NFS. ctunnel can also proxy connections, effectivly bouncing a cryptographic tunnel via any number of intermediary hosts (at a loss of speed of course). Why ctunnel? ctunnel vs ssh forwarding or stunnel First. UDP Stunnel and SSH do not support the UDP protocol There are other methods (like using a vpn) to encrypt UDP traffic and tunnel it over TCP, however sometimes this is like killing a mouse with a hand-grenade or using a dump truck to move your couch. Second. Certificates Second. Certificates SSH, Stunnel, OpenSSL's BIO interface and GNU TLS all use certificate based authentication to setup a tunnel over TCP. This is arguably more secure, however they don't offer UDP. Ctunnel is light, very fast, and extremly flexible. Ctunnel allows you to setup a secure, encrypted tunnel for ANY protocol in minutes. With ctunnel you can setup an encrypted tunnel for other encrypted protocols. (i.e., you can tunnel SSH through ctunnel) Unlike SSH, ctunnel does not have it's own underlying transport protocol, so there is no network overhead other than the encrypted traffic generated by the software you are tunneling. Ctunnel does not relay on public keys, PAM authentication or any other 3rd party authentication. It rely's solely on OpenSSL/libgcrypt's cryptography, and allows you to choose the encryption cipher. http://nardcore.org/ctunnel/ Quote
