[Spread-users] Tunnels

Theo Schlossnagle jesus at omniti.com
Wed Jan 9 11:59:29 EST 2002

On Wednesday, January 9, 2002, at 11:45  AM, Mark Anacker wrote:
> I'll probably have to do something like this in the near-term, but 
> it's a
> bit of a pain. Mostly due to the overhead of encapsulating a 
> nearly-complete
> IP stack on top of the existing TCP stream.  But, since I don't want
> un-encrypted UDP flowing out (or in) through the firewall, I have to 
> carry
> it over TCP.  Call me paranoid, but it's a bit easier to keep tabs on a
> small set of TCP links than trying to filter whatever UDP packets come
> along.
> It would still be cleaner if the daemon itself could create a virtual
> segment over TCP to another daemon.

It isn't unencrypted in my scenario...  I have an IPSEC VPN between the 
two locations and I route between Spread segments over that.  The VPN 
could care less that it is UDP or TCP.  My UDP flows well and is 
encrypted and authenticated (between VPN points).

Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E  491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA  3D 90 B9 9F BE 27 24 E7

More information about the Spread-users mailing list